Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> ENTER do(['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.IJVSRE + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf nss-3.16.2.3 + /usr/bin/gzip -dc /builddir/build/SOURCES/nss-3.16.2.3.tar.gz + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd nss-3.16.2.3 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/cp /builddir/build/SOURCES/PayPalEE.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestCA.ca.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser50.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser51.cert -f ./nss/tests/libpkix/certs + cd /builddir/build/BUILD + cd nss-3.16.2.3 + /usr/bin/bzip2 -dc /builddir/build/SOURCES/nss-pem-20140125.tar.bz2 + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . Patch #2 (add-relro-linker-option.patch): + echo 'Patch #2 (add-relro-linker-option.patch):' + /usr/bin/cat /builddir/build/SOURCES/add-relro-linker-option.patch + /usr/bin/patch -p0 -b --suffix .relro --fuzz=0 patching file nss/coreconf/Linux.mk Hunk #1 succeeded at 176 (offset 2 lines). Patch #3 (renegotiate-transitional.patch): + echo 'Patch #3 (renegotiate-transitional.patch):' + /usr/bin/cat /builddir/build/SOURCES/renegotiate-transitional.patch + /usr/bin/patch -p0 -b --suffix .transitional --fuzz=0 patching file nss/lib/ssl/sslsock.c Hunk #1 succeeded at 74 (offset -75 lines). Patch #6 (nss-enable-pem.patch): + echo 'Patch #6 (nss-enable-pem.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-enable-pem.patch + /usr/bin/patch -p0 -b --suffix .libpem --fuzz=0 patching file nss/lib/ckfw/manifest.mn Patch #16 (nss-539183.patch): + echo 'Patch #16 (nss-539183.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-539183.patch + /usr/bin/patch -p0 -b --suffix .539183 --fuzz=0 patching file nss/cmd/httpserv/httpserv.c Hunk #1 succeeded at 938 (offset 277 lines). patching file nss/cmd/selfserv/selfserv.c Patch #18 (nss-646045.patch): + echo 'Patch #18 (nss-646045.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-646045.patch + /usr/bin/patch -p0 -b --suffix .646045 --fuzz=0 patching file nss/tests/dbtests/dbtests.sh Patch #25 (nsspem-use-system-freebl.patch): + echo 'Patch #25 (nsspem-use-system-freebl.patch):' + /usr/bin/cat /builddir/build/SOURCES/nsspem-use-system-freebl.patch + /usr/bin/patch -p0 -b --suffix .systemfreebl --fuzz=0 patching file nss/lib/ckfw/pem/config.mk patching file nss/lib/ckfw/pem/Makefile patching file nss/lib/ckfw/pem/manifest.mn Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch): + echo 'Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-3.14.0.0-disble-ocsp-test.patch + /usr/bin/patch -p0 -b --suffix .noocsptest --fuzz=0 patching file nss/tests/chains/scenarios/scenarios Hunk #1 succeeded at 59 (offset 9 lines). Patch #47 (utilwrap-include-templates.patch): + echo 'Patch #47 (utilwrap-include-templates.patch):' + /usr/bin/cat /builddir/build/SOURCES/utilwrap-include-templates.patch + /usr/bin/patch -p0 -b --suffix .templates --fuzz=0 patching file nss/lib/nss/config.mk Patch #49 (nss-skip-bltest-and-fipstest.patch): + echo 'Patch #49 (nss-skip-bltest-and-fipstest.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-skip-bltest-and-fipstest.patch + /usr/bin/patch -p0 -b --suffix .skipthem --fuzz=0 patching file nss/cmd/Makefile Patch #50 (iquote.patch): + echo 'Patch #50 (iquote.patch):' + /usr/bin/cat /builddir/build/SOURCES/iquote.patch + /usr/bin/patch -p0 -b --suffix .iquote --fuzz=0 patching file ./nss/cmd/bltest/Makefile patching file ./nss/cmd/httpserv/Makefile patching file ./nss/cmd/lib/Makefile patching file ./nss/cmd/modutil/Makefile patching file ./nss/cmd/selfserv/Makefile patching file ./nss/cmd/ssltap/Makefile patching file ./nss/cmd/strsclnt/Makefile patching file ./nss/cmd/tstclnt/Makefile patching file ./nss/cmd/vfyserv/Makefile patching file ./nss/coreconf/location.mk patching file ./nss/lib/certhigh/Makefile patching file ./nss/lib/cryptohi/Makefile patching file ./nss/lib/libpkix/pkix/checker/Makefile patching file ./nss/lib/nss/Makefile ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #52 (Bug-1001841-disable-sslv2-libssl.patch): patching file lib/ssl/config.mk patching file lib/ssl/sslsock.c Hunk #1 succeeded at 650 (offset 1 line). Hunk #2 succeeded at 675 (offset 1 line). + pushd nss + echo 'Patch #52 (Bug-1001841-disable-sslv2-libssl.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-libssl.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2libssl --fuzz=0 + echo 'Patch #53 (Bug-1001841-disable-sslv2-tests.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-tests.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2tests --fuzz=0 Patch #53 (Bug-1001841-disable-sslv2-tests.patch): patching file tests/ssl/ssl.sh patching file tests/ssl/sslcov.noSSL2orExport.txt patching file tests/ssl/sslstress.noSSL2orExport.txt ~/build/BUILD/nss-3.16.2.3 Patch #55 (enable-fips-when-system-is-in-fips-mode.patch): + popd + echo 'Patch #55 (enable-fips-when-system-is-in-fips-mode.patch):' + /usr/bin/cat /builddir/build/SOURCES/enable-fips-when-system-is-in-fips-mode.patch + /usr/bin/patch -p0 -b --suffix .852023 --fuzz=0 + echo 'Patch #56 (p-ignore-setpolicy.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-ignore-setpolicy.patch patching file nss/lib/pk11wrap/pk11pars.c patching file nss/lib/pk11wrap/pk11util.c patching file nss/lib/pk11wrap/secmodi.h Hunk #1 succeeded at 113 (offset -3 lines). Patch #56 (p-ignore-setpolicy.patch): patching file ./nss/lib/ssl/sslsock.c Hunk #1 succeeded at 1328 (offset 13 lines). + /usr/bin/patch -p0 -b --suffix .1026677 --fuzz=0 + echo 'Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch):' + /usr/bin/cat /builddir/build/SOURCES/dont-hold-issuer-cert-handles-in-crl-cache.patch + /usr/bin/patch -p0 -b --suffix .1034409 --fuzz=0 Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch): patching file ./nss/lib/certdb/certi.h patching file ./nss/lib/certdb/crl.c patching file ./nss/tests/chains/chains.sh ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 + pushd nss + echo 'Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch):' + /usr/bin/cat /builddir/build/SOURCES/Crash-in-stan_GetCERTCertificate-rhbz1094468.patch + /usr/bin/patch -p1 -b --suffix .1094468 --fuzz=0 Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch): patching file lib/pki/pki3hack.c patching file lib/pki/tdcache.c Patch #88 (p-1083360.patch): + echo 'Patch #88 (p-1083360.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-1083360.patch + /usr/bin/patch -p1 -b --suffix .support_tls_fallback_scsv --fuzz=0 patching file cmd/ssltap/ssltap.c patching file cmd/tstclnt/tstclnt.c ~/build/BUILD/nss-3.16.2.3 Patch #89 (certutil-man-supply-missing-options.patch): + popd + echo 'Patch #89 (certutil-man-supply-missing-options.patch):' + /usr/bin/cat /builddir/build/SOURCES/certutil-man-supply-missing-options.patch + /usr/bin/patch -p0 -b --suffix .missing_options --fuzz=0 patching file ./nss/doc/certutil.xml ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #90 (Bug-1174527-fixsegfault.patch): + pushd nss + echo 'Patch #90 (Bug-1174527-fixsegfault.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1174527-fixsegfault.patch + /usr/bin/patch -p1 -b --suffix .1174527 --fuzz=0 patching file lib/pkcs12/p12local.c Patch #1001 (0001-paypal-fix.patch): + echo 'Patch #1001 (0001-paypal-fix.patch):' + /usr/bin/cat /builddir/build/SOURCES/0001-paypal-fix.patch + /usr/bin/patch -p1 -b --suffix .paypal --fuzz=0 patching file tests/chains/scenarios/realcerts.cfg ~/build/BUILD/nss-3.16.2.3 Patch #91 (nss-3.16-tcache-race.patch): + popd + echo 'Patch #91 (nss-3.16-tcache-race.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-3.16-tcache-race.patch + /usr/bin/patch -p0 -b --suffix .race --fuzz=0 patching file ./nss/lib/pki/tdcache.c + pemNeedsFromSoftoken='lowkeyi lowkeyti softoken softoknt' + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoken.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoknt.h ./nss/lib/ckfw/pem/ + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf + /usr/bin/rm -rf ./nss/lib/freebl + /usr/bin/rm -rf ./nss/lib/softoken + /usr/bin/rm -rf ./nss/lib/util + /usr/bin/rm -rf ./nss/cmd/bltest + /usr/bin/rm -rf ./nss/cmd/fipstest + /usr/bin/rm -rf ./nss/cmd/rsaperf_low Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Imhhgo + exit 0 + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + NSS_NO_PKCS11_BYPASS=1 + export NSS_NO_PKCS11_BYPASS + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + XCFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard' + export XCFLAGS + PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 + PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + export PKG_CONFIG_ALLOW_SYSTEM_LIBS + export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS ++ sed s/-I// ++ /usr/bin/pkg-config --cflags-only-I nspr + NSPR_INCLUDE_DIR='/usr/include/nspr4 ' + NSPR_LIB_DIR=/usr/lib + export NSPR_INCLUDE_DIR + export NSPR_LIB_DIR ++ /usr/bin/pkg-config --cflags-only-I nss-util ++ sed s/-I// + export 'NSSUTIL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + NSSUTIL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export NSSUTIL_LIB_DIR=/usr/lib + NSSUTIL_LIB_DIR=/usr/lib ++ /usr/bin/pkg-config --cflags-only-I nss-softokn ++ sed s/-I// + export 'FREEBL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + FREEBL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export FREEBL_LIB_DIR=/usr/lib + FREEBL_LIB_DIR=/usr/lib + export USE_SYSTEM_FREEBL=1 + USE_SYSTEM_FREEBL=1 + export NSS_USE_SYSTEM_FREEBL=1 + NSS_USE_SYSTEM_FREEBL=1 ++ /usr/bin/pkg-config --libs nss-softokn + export 'FREEBL_LIBS=-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + FREEBL_LIBS='-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib + export USE_SYSTEM_NSSUTIL=1 + USE_SYSTEM_NSSUTIL=1 + export USE_SYSTEM_SOFTOKEN=1 + USE_SYSTEM_SOFTOKEN=1 + export NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_USE_SYSTEM_SQLITE=1 + export NSS_USE_SYSTEM_SQLITE + export IN_TREE_FREEBL_HEADERS_FIRST=1 + IN_TREE_FREEBL_HEADERS_FIRST=1 + NSS_ENABLE_ECC=1 + export NSS_ENABLE_ECC + NSS_ECC_MORE_THAN_SUITE_B=1 + export NSS_ECC_MORE_THAN_SUITE_B + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + /usr/bin/make -C ./nss/coreconf make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsinstall.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pathsub.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -Wl,-z,relro -lpthread -ldl -lc true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' + /usr/bin/make -C ./nss/lib/dbm make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' Creating ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm Creating ../../../../dist/private/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' cd include; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[1]: Nothing to be done for `libs'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard db.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_bigkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_func.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_log2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_page.c h_page.c: In function 'new_lseek': h_page.c:165:15: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); ^ h_page.c: In function 'overflow_page': h_page.c:1002:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1017:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1043:5: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash_buf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mktemp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dirent.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' + /usr/bin/make -C ./nss make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss' cd coreconf; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' Creating ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssbaset.h nssbase.h ../../../dist/public/nss Creating ../../../dist/private/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 baset.h base.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ckhelper.h devm.h devtm.h devt.h dev.h nssdevt.h nssdev.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pki.h pkit.h nsspkit.h nsspki.h pkistore.h pki3hack.h pkitm.h pkim.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd include; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cert.h certt.h certdb.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 genname.h xconst.h certxutl.h certi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocsp.h ocspt.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocspti.h ocspi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmod.h secmodt.h secpkcs5.h pk11func.h pk11pub.h pk11priv.h pk11sdr.h pk11pqg.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmodi.h dev3hack.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cryptohi.h cryptoht.h key.h keyhi.h keyt.h keythi.h sechash.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nss.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssrenam.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ssl.h sslt.h sslerr.h sslproto.h preenc.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkcs12t.h pkcs12.h p12plcy.h p12.h p12t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmime.h secpkcs7.h pkcs7t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cms.h cmst.h smime.h cmsreclist.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmf.h crmft.h cmmf.h cmmft.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmfi.h crmfit.h cmmfi.h cmmfit.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 jar.h jar-ds.h jarfile.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd builtins; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssckbi.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nsspem.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssck.api nssckepv.h nssckft.h nssckfw.h nssckfwc.h nssckfwt.h nssckg.h nssckmdt.h nssckt.h ../../../dist/public/nss cd builtins; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ck.h ckfw.h ckfwm.h ckfwtm.h ckmd.h ckt.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 basicutil.h secutil.h pk11table.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd mangle; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd coreconf; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard arena.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard errorval.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hashops.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard libc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tracker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard item.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utf8.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c list.c: In function 'nssList_Add': list.c:220:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devtoken.c devtoken.c: In function 'nssToken_TraverseCertificates': devtoken.c:1469:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckhelper.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asymmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certificate.c certificate.c: In function 'nssCertificateList_DoCallback': certificate.c:898:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cryptocontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard trustdomain.c trustdomain.c: In function 'NSSTrustDomain_TraverseCertificates': trustdomain.c:998:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status = PR_FAILURE; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tdcache.c tdcache.c: In function 'add_cert_to_cache': tdcache.c:779:9: warning: variable 'handle' set but not used [-Wunused-but-set-variable] PRBool handle = PR_FALSE; ^ tdcache.c: In function 'nssTrustDomain_RemoveCertFromCacheLOCKED': tdcache.c:272:16: warning: 'nickname' may be used uninitialized in this function [-Wmaybe-uninitialized] nssHash_Remove(cache->nickname, nickname); ^ tdcache.c:332:14: note: 'nickname' was declared here NSSUTF8 *nickname; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkistore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkibase.c pkibase.c: In function 'nssPKIObjectCollection_Traverse': pkibase.c:906:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCertificateCollection_Create': pkibase.c:1060:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCRLCollection_Create': pkibase.c:1167:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pki3hack.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcertselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcrlselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_basicconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certchainchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ekuchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_expirationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_namechainingchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_nameconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ocspchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationmethod.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policychecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_signaturechecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_targetcertchecker.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_trustanchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_procparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_resourcelimits.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_buildresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policynode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_verifynode.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_store.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_validate.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_lifecycle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_build.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_tools.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_logger.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_errpaths.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_basicconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_cert.c pkix_pl_cert.c: In function 'PKIX_PL_Cert_Create': pkix_pl_cert.c:1518:22: warning: variable 'copyDER' set but not used [-Wunused-but-set-variable] PKIX_Boolean copyDER; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicymap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyqualifier.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crl.c pkix_pl_crl.c: In function 'pkix_pl_CRL_ToString': pkix_pl_crl.c:455:58: warning: 'crlVersion' may be used uninitialized in this function [-Wmaybe-uninitialized] PKIX_CHECK(PKIX_PL_Sprintf ^ pkix_pl_crl.c:354:21: note: 'crlVersion' was declared here PKIX_UInt32 crlVersion; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crldp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crlentry.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_date.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_generalname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_infoaccess.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nameconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocsprequest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_publickey.c pkix_pl_publickey.c: In function 'pkix_pl_PublicKey_Hashcode': pkix_pl_publickey.c:214:21: warning: variable 'fullHash' set but not used [-Wunused-but-set-variable] PKIX_UInt32 fullHash; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_x500name.c pkix_pl_x500name.c:37:1: warning: 'pkix_pl_X500Name_ToString_Helper' defined but not used [-Wunused-function] pkix_pl_X500Name_ToString_Helper( ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspcertid.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bigint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bytearray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_hashtable.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_lifecycle.c pkix_pl_lifecycle.c: In function 'PKIX_PL_Shutdown': pkix_pl_lifecycle.c:248:21: warning: variable 'numLeakedObjects' set but not used [-Wunused-but-set-variable] PKIX_UInt32 numLeakedObjects = 0; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mem.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_monitorlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_oid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_primhash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_rwlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_string.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_aiamgr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_colcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpdefaultclient.c pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_KeepAliveSession': pkix_pl_httpdefaultclient.c:1135:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_Cancel': pkix_pl_httpdefaultclient.c:1487:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaptemplates.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaprequest.c pkix_pl_ldaprequest.c: In function 'pkix_pl_LdapRequest_Destroy': pkix_pl_ldaprequest.c:266:30: warning: variable 'ldapRq' set but not used [-Wunused-but-set-variable] PKIX_PL_LdapRequest *ldapRq = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapdefaultclient.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nsscontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_pk11certstore.c pkix_pl_pk11certstore.c: In function 'NameCacheHasFetchedCrlInfo': pkix_pl_pk11certstore.c:382:22: warning: variable 'cert' set but not used [-Wunused-but-set-variable] CERTCertificate *cert; ^ pkix_pl_pk11certstore.c: In function 'DownloadCrl': pkix_pl_pk11certstore.c:782:16: warning: variable 'savedError' set but not used [-Wunused-but-set-variable] PKIX_Int32 savedError = -1; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_socket.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard alg1485.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdb.c certdb.c: In function 'cert_VerifySubjectAltName': certdb.c:1428:18: warning: variable 'hnLen' set but not used [-Wunused-but-set-variable] unsigned int hnLen; ^ certdb.c: In function 'CERT_ImportCerts': certdb.c:2440:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certdb.c: In function 'CERT_UnlockCertRefCount': certdb.c:2890:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ certdb.c: In function 'CERT_UnlockCertTrust': certdb.c:2970:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certv3.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certxutl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crl.c crl.c: In function 'crl_storeCRL': crl.c:630:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ crl.c: In function 'cert_CheckCertRevocationStatus': crl.c:2696:27: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); ^ crl.c: In function 'cert_CacheCRLByGeneralName': crl.c:3053:32: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] SECStatus rv = SECSuccess, rv2; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard genname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard stanpcertdb.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard polcyxtn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xauthkid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xbsconst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xconst.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhtml.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlv2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocsp.c ocsp.c: In function 'ocsp_RemoveCacheItem': ocsp.c:562:12: warning: variable 'couldRemoveFromHashTable' set but not used [-Wunused-but-set-variable] PRBool couldRemoveFromHashTable; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspsig.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhigh.c certhigh.c: In function 'CERT_MatchNickname': certhigh.c:28:9: warning: variable 'len' set but not used [-Wunused-but-set-variable] int len; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkix.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkixprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xcrldist.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dev3hack.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11akey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11auth.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cert.c pk11cert.c: In function 'pk11_fastCert': pk11cert.c:231:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pk11cert.c: In function 'PK11_MakeCertFromHandle': pk11cert.c:297:12: warning: variable 'swapNickname' set but not used [-Wunused-but-set-variable] PRBool swapNickname = PR_FALSE; ^ pk11cert.c:296:12: warning: variable 'isFortezzaRootCA' set but not used [-Wunused-but-set-variable] PRBool isFortezzaRootCA = PR_FALSE; ^ pk11cert.c: In function 'PK11_TraverseCertsForNicknameInSlot': pk11cert.c:2014:28: warning: variable 'pk11cb' set but not used [-Wunused-but-set-variable] struct nss3_cert_cbstr pk11cb; ^ pk11cert.c: In function 'PK11_FindCertFromDERCertItem': pk11cert.c:2158:21: warning: unused variable 'td' [-Wunused-variable] NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cxt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11err.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11kea.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11load.c pk11load.c: In function 'SECMOD_UnloadModule': pk11load.c:592:28: warning: unused variable 'status' [-Wunused-variable] PRStatus status = PR_UnloadLibrary(softokenLib); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mech.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11merge.c pk11merge.c: In function 'pk11_mergeByObjectIDs': pk11merge.c:852:20: warning: 'error' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_SetError(error); ^ pk11merge.c:753:9: note: 'error' was declared here int error; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11nobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11obj.c pk11obj.c: In function 'PK11_MatchItem': pk11obj.c:1784:22: warning: variable 'parent' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE parent; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pars.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pbe.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pk12.c pk11pk12.c: In function 'PK11_ImportPrivateKeyInfoAndReturnKey': pk11pk12.c:425:17: warning: variable 'keyType' set but not used [-Wunused-but-set-variable] CK_KEY_TYPE keyType = CKK_RSA; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11sdr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11skey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11slot.c pk11slot.c: In function 'PK11_InitToken': pk11slot.c:1108:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ pk11slot.c: In function 'PK11_InitSlot': pk11slot.c:1352:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11util.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sechash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard seckey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dsautil.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssinit.c nssinit.c: In function 'NSS_VersionCheck': nssinit.c:1250:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utilwrap.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a grep -v ';-' nss.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnss3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ../libpkix/pkix/store/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derive.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dtlscon.c dtlscon.c: In function 'ssl3_DisableNonDTLSSuites': dtlscon.c:100:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prelib.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3con.c ssl3con.c: In function 'ssl3_HandleRSAClientKeyExchange': ssl3con.c:9199:13: warning: variable 'pmsItem' set but not used [-Wunused-but-set-variable] SECItem pmsItem = {siBuffer, NULL, 0}; ^ ssl3con.c:9195:12: warning: variable 'isTLS' set but not used [-Wunused-but-set-variable] PRBool isTLS = PR_FALSE; ^ ssl3con.c: In function 'ssl3_HandleRecord': ssl3con.c:11573:21: warning: 'dtls_seq_num' may be used uninitialized in this function [-Wmaybe-uninitialized] dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num); ^ ssl3con.c:11293:14: note: 'dtls_seq_num' was declared here PRUint64 dtls_seq_num; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3gthr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslauth.c sslauth.c: In function 'SSL_AuthCertificate': sslauth.c:267:18: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslcon.c sslcon.c: In function 'ssl2_HandleMessage': sslcon.c:2497:9: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] int rv2; ^ sslcon.c: In function 'NSSSSL_VersionCheck': sslcon.c:3686:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssldef.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslenum.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerrstrs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinit.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ext.c ssl3ext.c: In function 'ssl3_HandleServerNameXtn': ssl3ext.c:418:17: warning: variable 'type' set but not used [-Wunused-but-set-variable] PRInt32 type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslgathr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslmutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslnonce.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslreveal.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsecur.c sslsecur.c: In function 'ssl_SecureRecv': sslsecur.c:1182:22: warning: variable 'sec' set but not used [-Wunused-but-set-variable] sslSecurityInfo *sec; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsnce.c sslsnce.c: In function 'InitCache': sslsnce.c:1232:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1233:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1234:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1235:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1236:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1237:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1238:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1239:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1240:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1241:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1242:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1243:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1244:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ sslsnce.c: In function 'SSL_InheritMPServerSIDCacheInstance': sslsnce.c:1584:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1585:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1586:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1587:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1588:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1589:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1590:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1591:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1592:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1593:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1594:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1595:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1596:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsock.c sslsock.c: In function 'NSS_SetDomesticPolicy': sslsock.c:1327:15: warning: unused variable 'status' [-Wunused-variable] SECStatus status = SECSuccess; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltrace.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard authcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmpcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinfo.c sslinfo.c: In function 'SSL_DisableDefaultExportCipherSuites': sslinfo.c:247:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ sslinfo.c: In function 'SSL_DisableExportCipherSuites': sslinfo.c:268:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ecc.c ssl3ecc.c: In function 'ssl3_DisableECCSuites': ssl3ecc.c:953:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard unix_err.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a grep -v ';-' ssl.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libssl3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc -lz chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12creat.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12dec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12plcy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12tmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12e.c p12e.c: In function 'sec_PKCS12CreateSafeBag': p12e.c:698:12: warning: variable 'setName' set but not used [-Wunused-but-set-variable] PRBool setName = PR_TRUE; ^ p12e.c: In function 'sec_pkcs12_encoder_start_context': p12e.c:1535:12: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12d.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certread.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7create.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7decode.c p7decode.c: In function 'sec_pkcs7_verify_signature': p7decode.c:1293:21: warning: variable 'crls' set but not used [-Wunused-but-set-variable] CERTSignedCrl **crls; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7encode.c p7encode.c: In function 'sec_pkcs7_encoder_start_encrypt': p7encode.c:62:18: warning: variable 'wincx' set but not used [-Wunused-but-set-variable] void *mark, *wincx; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmime.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsarray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsattr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscipher.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencode.c cmsencode.c: In function 'nss_cms_encoder_notify': cmsencode.c:125:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ cmsencode.c: In function 'nss_cms_before_data': cmsencode.c:204:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsenvdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsmessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmspubkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsrecinfo.c cmsrecinfo.c: In function 'NSS_CMSRecipientInfo_UnwrapBulkKey': cmsrecinfo.c:529:21: warning: variable 'encalg' set but not used [-Wunused-but-set-variable] SECAlgorithmID *encalg; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsreclist.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssiginfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsudf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimemessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimeutil.c smimeutil.c: In function 'NSSSMIME_VersionCheck': smimeutil.c:770:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ smimeutil.c: In function 'NSS_SMIMEUtil_FindBulkAlgForRecipients': smimeutil.c:446:9: warning: 'key_type' may be used uninitialized in this function [-Wmaybe-uninitialized] if (key_type == ecKey) { ^ smimeutil.c:425:14: note: 'key_type' was declared here KeyType key_type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimever.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a grep -v ';-' smime.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libsmime3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfenc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmftmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfpop.c crmfpop.c: In function 'CRMF_CertReqMsgSetRAVerifiedPOP': crmfpop.c:36:14: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] SECItem *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfdec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfcont.c crmfcont.c: In function 'CRMF_CreateEncryptedKeyWithEncryptedValue': crmfcont.c:860:25: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] CRMFEncryptedValue *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfresp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfrec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfchal.c cmmfchal.c: In function 'cmmf_create_witness_and_challenge': cmmfchal.c:33:22: warning: variable 'id' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE id; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard servget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcmn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard challcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asn1cmn.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarsign.c jarsign.c: In function 'jar_create_pk7': jarsign.c:174:11: warning: variable 'errstring' set but not used [-Wunused-but-set-variable] char *errstring; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarfile.c jarfile.c: In function 'jar_listtar': jarfile.c:824:12: warning: variable 'when' set but not used [-Wunused-but-set-variable] time_t when; ^ jarfile.c:823:14: warning: variable 'mode' set but not used [-Wunused-but-set-variable] long sz, mode; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarint.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crypto.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard find.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instance.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard session.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sessobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard slot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard token.c token.c: In function 'nssCKFWToken_GetUTCTime': token.c:1261:27: warning: variable 'z' set but not used [-Wunused-but-set-variable] int Y, M, D, h, m, s, z; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard wrap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mechanism.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib cd builtins; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard binst.c binst.c: In function 'builtins_mdInstance_GetLibraryVersion': binst.c:70:17: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bobject.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bsession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoken.c perl certdata.perl < certdata.txt > Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckbiver.c grep -v ';-' nssckbi.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnssckbi.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pargs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pinst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pobject.c pobject.c: In function 'pem_CreateObject': pobject.c:1047:15: warning: variable 'token' set but not used [-Wunused-but-set-variable] pemToken *token; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prsa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard psession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ptoken.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckpemver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsawrapr.c rsawrapr.c:128:1: warning: 'oaep_xor_with_h1' defined but not used [-Wunused-function] oaep_xor_with_h1(unsigned char *data, unsigned int datalen, ^ rsawrapr.c:190:1: warning: 'oaep_xor_with_h2' defined but not used [-Wunused-function] oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'ReadDERFromFile': util.c:142:9: warning: variable 'error' set but not used [-Wunused-but-set-variable] int error; ^ grep -v ';-' nsspem.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsspem.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnssutil3 -lfreebl3 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssckfw -lnssb -lplc4 -lplds4 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssutil3 -lfreebl3 -lsoftokn3 -lpthread -ldl -lc -L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsssysinit.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsssysinit.so -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard basicutil.c basicutil.c: In function 'SECU_PrintAsHex': basicutil.c:312:9: warning: 'column' may be used uninitialized in this function [-Wmaybe-uninitialized] column++; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secutil.c secutil.c: In function 'SECU_ChangePW2': secutil.c:332:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ secutil.c: In function 'secu_PrintPKCS7Signed': secutil.c:2702:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'secu_PrintPKCS7SignedAndEnveloped': secutil.c:2821:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'SEC_PrintCertificateAndTrust': secutil.c:3151:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ secutil.c:3124:5: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secpwd.c secpwd.c: In function 'SEC_GetPassword': secpwd.c:77:8: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] QUIET_FGETS ( phrase, sizeof(phrase), input); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard moreoids.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pppolicy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ffs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11table.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard addbuiltin.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard atob.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/atob ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certcgi.c certcgi.c: In function 'MakeV1Cert': certcgi.c:530:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certcgi.c: In function 'get_serial_number': certcgi.c:594:6: warning: this decimal constant is unsigned only in ISO C90 [enabled by default] if (serial == 4294967295) { ^ certcgi.c: In function 'string_to_binary': certcgi.c:1425:9: warning: variable 'low_digit' set but not used [-Wunused-but-set-variable] int low_digit; ^ certcgi.c:1424:9: warning: variable 'high_digit' set but not used [-Wunused-but-set-variable] int high_digit; ^ certcgi.c: At top level: certcgi.c:360:1: warning: 'update_data_by_name' defined but not used [-Wunused-function] update_data_by_name(Pair *data, ^ certcgi.c:388:1: warning: 'update_data_by_index' defined but not used [-Wunused-function] update_data_by_index(Pair *data, ^ certcgi.c:404:1: warning: 'add_field' defined but not used [-Wunused-function] add_field(Pair *data, ^ certcgi.c: In function 'get_serial_number': certcgi.c:590:11: warning: ignoring return value of 'fread', declared with attribute warn_unused_result [-Wunused-result] fread(&serial, sizeof(int), 1, serialFile); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard keystuff.c keystuff.c: In function 'CERTUTIL_GeneratePrivateKey': keystuff.c:497:15: warning: variable 'algtag' set but not used [-Wunused-but-set-variable] SECOidTag algtag; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard checkcert.c checkcert.c: In function 'OurVerifyData': checkcert.c:125:15: warning: variable 'sigAlgTag' set but not used [-Wunused-but-set-variable] SECOidTag sigAlgTag; ^ checkcert.c: In function 'main': checkcert.c:392:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from checkcert.c:5:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard chktest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen_lex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen.c crlgen.c: In function 'crlgen_RmCert': crlgen.c:1082:18: warning: variable 'arena' set but not used [-Wunused-but-set-variable] PLArenaPool *arena; ^ crlgen.c: In function 'crlgen_CreateInvalidityDate': crlgen.c:627:27: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease(arena, mark); ^ crlgen.c: In function 'crlgen_CreateReasonCode': crlgen.c:586:28: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease (arena, mark); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlutil.c crlutil.c: In function 'main': crlutil.c:1108:16: warning: 'rv' may be used uninitialized in this function [-Wmaybe-uninitialized] return (rv != SECSuccess); ^ crlutil.c:851:9: note: 'rv' was declared here int rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard testcrmf.c testcrmf.c: In function 'get_serial_number': testcrmf.c:130:14: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ testcrmf.c: In function 'main': testcrmf.c:1539:12: warning: variable 'PArg' set but not used [-Wunused-but-set-variable] PRBool PArg = PR_FALSE; ^ testcrmf.c:1538:12: warning: variable 'sArg' set but not used [-Wunused-but-set-variable] PRBool sArg = PR_FALSE; ^ testcrmf.c:1537:12: warning: variable 'eArg' set but not used [-Wunused-but-set-variable] PRBool eArg = PR_FALSE; ^ testcrmf.c:1536:12: warning: variable 'pArg' set but not used [-Wunused-but-set-variable] PRBool pArg = PR_FALSE; ^ testcrmf.c: At top level: testcrmf.c:941:1: warning: 'mapWrapKeyType' defined but not used [-Wunused-function] mapWrapKeyType(KeyType keyType) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dbtest.c In file included from ../modutil/modutil.h:22:0, from dbtest.c:32: ../modutil/error.h:136:14: warning: 'msgStrings' defined but not used [-Wunused-variable] static char *msgStrings[] = { ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derdump.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard digest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/digest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard httpserv.c httpserv.c: In function 'handle_connection': httpserv.c:715:39: warning: integer overflow in expression [-Woverflow] nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ ^ httpserv.c:716:37: warning: integer overflow in expression [-Woverflow] revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ ^ httpserv.c: In function 'getBoundListenSocket': httpserv.c:941:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard listsuites.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard makepqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard multinit.c multinit.c:320:1: warning: 'appendItem' defined but not used [-Wunused-function] appendItem(SECItem *item) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspclnt.c ocspclnt.c: In function 'print_raw_certificates': ocspclnt.c:565:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from ocspclnt.c:9:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ ocspclnt.c: In function 'main': ocspclnt.c:446:8: warning: 'cert_usage' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time, ^ ocspclnt.c:967:18: note: 'cert_usage' was declared here SECCertUsage cert_usage; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspresp.c ocspresp.c: In function 'main': ocspresp.c:140:15: warning: variable 'statusDecodedFail' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedFail; ^ ocspresp.c:136:15: warning: variable 'statusDecodedRev' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedRev; ^ ocspresp.c:132:15: warning: variable 'statusDecoded' set but not used [-Wunused-but-set-variable] SECStatus statusDecoded; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard oidcalc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7content.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7env.c p7env.c: In function 'main': p7env.c:133:11: warning: variable 'certName' set but not used [-Wunused-but-set-variable] char *certName; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk12util.c pk12util.c: In function 'p12u_InitContext': pk12util.c:104:12: warning: variable 'fileExist' set but not used [-Wunused-but-set-variable] PRBool fileExist; ^ pk12util.c: In function 'P12U_ListPKCS12File': pk12util.c:762:30: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] 0, SECU_PrintCertificate) != 0) { ^ In file included from pk12util.c:11:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11gcmtest.c pk11gcmtest.c: In function 'aes_gcm_kat': pk11gcmtest.c:319:6: warning: 'tagsize' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = aes_decrypt_buf(key, keysize, iv, ivsize, ^ pk11gcmtest.c:319:6: warning: 'ciphertextlen' may be used uninitialized in this function [-Wmaybe-uninitialized] pk11gcmtest.c:66:24: warning: 'ivsize' may be used uninitialized in this function [-Wmaybe-uninitialized] gcm_params.ulIvLen = ivsize; ^ pk11gcmtest.c:174:18: note: 'ivsize' was declared here unsigned int ivsize; ^ pk11gcmtest.c:54:18: warning: 'keysize' may be used uninitialized in this function [-Wmaybe-uninitialized] key_item.len = keysize; ^ pk11gcmtest.c:172:18: note: 'keysize' was declared here unsigned int keysize; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mode.c pk11mode.c: In function 'PKM_TLSMasterKeyDerive': pk11mode.c:4561:16: warning: variable 'expected_version' set but not used [-Wunused-but-set-variable] CK_VERSION expected_version, version; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk1sign.c pk1sign.c: In function 'main': pk1sign.c:283:32: warning: 'cert' may be used uninitialized in this function [-Wmaybe-uninitialized] CERT_DestroyCertificate(cert); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix-errcodes.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pp.c pp.c: In function 'Usage': pp.c:35:13: warning: too many arguments for format [-Wformat-extra-args] SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); ^ pp.c: In function 'main': pp.c:140:9: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from pp.c:10:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pwdecrypt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsaperf.c rsaperf.c: In function 'main': rsaperf.c:433:27: warning: variable 'certdb' set but not used [-Wunused-but-set-variable] CERTCertDBHandle* certdb = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard defkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sdrtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard selfserv.c selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1132:33: warning: integer overflow in expression [-Woverflow] nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ ^ selfserv.c:1147:18: warning: integer overflow in expression [-Woverflow] now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ ^ selfserv.c: In function 'getBoundListenSocket': selfserv.c:1690:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1163:24: warning: 'sr' may be used uninitialized in this function [-Wmaybe-uninitialized] singleResponses[0] = sr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signtool.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certgen.c certgen.c: In function 'sign_cert': certgen.c:423:11: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] void *dummy; ^ certgen.c: In function 'GetSubjectFromUser': certgen.c:125:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:147:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:166:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:184:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:202:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:223:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:241:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard javascript.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'XP_GetString': util.c:21:5: warning: return discards 'const' qualifier from pointer target type [enabled by default] return SECU_Strerror (i); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard zip.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk7print.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signver ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard shlibsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin cd mangle; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mangle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard strsclnt.c strsclnt.c: In function 'do_connects': strsclnt.c:735:15: warning: variable 'result' set but not used [-Wunused-but-set-variable] SECStatus result; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symkeyutil.c symkeyutil.c: In function 'main': symkeyutil.c:1018:31: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard baddbdir.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard conflict.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dertimetest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encodeinttest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nonspr10.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard remtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmodtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tstclnt.c tstclnt.c: In function 'ownAuthCertificate': tstclnt.c:536:19: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfychain.c vfychain.c: In function 'configureRevocationParams': vfychain.c:363:50: warning: 'revFlags' may be used uninitialized in this function [-Wmaybe-uninitialized] revFlags[cert_revocation_method_ocsp] = ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyserv.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard modutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instsec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard installparse.c ytab.c: In function 'Pk11Install_yyparse': ytab.c:219:5: warning: suggest parentheses around assignment used as truth value [-Wparentheses] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard lex.Pk11Install_yy.c lex.Pk11Install_yy.cpp:1060:13: warning: 'Pkcs11Install_yyunput' defined but not used [-Wunused-function] lex.Pk11Install_yy.cpp:1106:12: warning: 'input' defined but not used [-Wunused-function] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss' ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 + unset NSS_BLTEST_NOT_AVAILABLE + pushd ./nss + /usr/bin/make clean_docs build_docs /usr/bin/make -C ./doc clean make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' rm -f date.xml version.xml *.tar.bz2 rm -f html/*.proc rm -fr nss-man ascii make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' /usr/bin/make -C ./doc make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' date +"%e %B %Y" | tr -d '\n' > date.xml echo -n > version.xml mkdir -p html mkdir -p nroff xmlto -o nroff man certutil.xml Note: Writing certutil.1 xmlto -o html html certutil.xml Writing index.html for refentry(certutil) mv html/index.html html/certutil.html make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' ~/build/BUILD/nss-3.16.2.3 + popd + /usr/bin/mkdir -p ./dist/doc/nroff + /usr/bin/cp ./nss/doc/nroff/certutil.1 ./nss/doc/nroff/cmsutil.1 ./nss/doc/nroff/crlutil.1 ./nss/doc/nroff/derdump.1 ./nss/doc/nroff/modutil.1 ./nss/doc/nroff/pk12util.1 ./nss/doc/nroff/pp.1 ./nss/doc/nroff/signtool.1 ./nss/doc/nroff/signver.1 ./nss/doc/nroff/ssltap.1 ./nss/doc/nroff/vfychain.1 ./nss/doc/nroff/vfyserv.1 ./dist/doc/nroff + /usr/bin/mkdir -p ./dist/pkgconfig + /usr/bin/cat /builddir/build/SOURCES/nss.pc.in + sed -e s,%libdir%,/usr/lib,g -e s,%prefix%,/usr,g -e s,%exec_prefix%,/usr,g -e s,%includedir%,/usr/include/nss3,g -e s,%NSS_VERSION%,3.16.2.3,g -e s,%NSPR_VERSION%,4.10.6,g -e s,%NSSUTIL_VERSION%,3.16.2.3,g -e s,%SOFTOKEN_VERSION%,3.16.2.3,g ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VMAJOR' ++ awk '{print $3}' + NSS_VMAJOR=3 ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VMINOR' ++ awk '{print $3}' + NSS_VMINOR=16 ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VPATCH' ++ awk '{print $3}' + NSS_VPATCH=2 + export NSS_VMAJOR + export NSS_VMINOR + export NSS_VPATCH + /usr/bin/cat /builddir/build/SOURCES/nss-config.in + sed -e s,@libdir@,/usr/lib,g -e s,@prefix@,/usr,g -e s,@exec_prefix@,/usr,g -e s,@includedir@,/usr/include/nss3,g -e s,@MOD_MAJOR_VERSION@,3,g -e s,@MOD_MINOR_VERSION@,16,g -e s,@MOD_PATCH_VERSION@,2,g + chmod 755 ./dist/pkgconfig/nss-config + /usr/bin/cat /builddir/build/SOURCES/setup-nsssysinit.sh + chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh + /usr/bin/cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/ + date '+%e %B %Y' + tr -d '\n' + echo -n 3.16.2.3 + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/nss-config.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/setup-nsssysinit.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/pkcs11.txt.xml . + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man nss-config.xml Note: Writing nss-config.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man setup-nsssysinit.xml Note: Writing setup-nsssysinit.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man pkcs11.txt.xml Note: Writing pkcs11.txt.5 + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert8.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert9.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key3.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key4.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/secmod.db.xml . + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert8.db.xml Note: Writing cert8.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert9.db.xml Note: Writing cert9.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key3.db.xml Note: Writing key3.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key4.db.xml Note: Writing key4.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man secmod.db.xml Note: Writing secmod.db.5 + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.wzD3Ok + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm '!=' / ']' + rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm ++ dirname /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + cd nss-3.16.2.3 + /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1 + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5 + touch /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnssckbi.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/libnssckbi.so + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert8.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert8.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key3.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key3.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-secmod.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/secmod.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert9.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert9.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key4.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key4.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/system-pkcs11.txt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/pkcs11.txt + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/certutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/cmsutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/crlutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/modutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signtool /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signver /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ssltap /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/atob /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/btoa /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/derdump /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ocspclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pp /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/selfserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/strsclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/symkeyutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/tstclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfyserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfychain /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cert.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certdb.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cms.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmsreclist.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmst.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptohi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptoht.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar-ds.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jarfile.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/key.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyhi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keythi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nss.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbase.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbaset.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckbi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckepv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfw.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckmdt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nsspem.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocsp.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocspt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12plcy.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11func.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pqg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11priv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pub.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11sdr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs7t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/preenc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sechash.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmod.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmodt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs5.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs7.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/smime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ssl.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslerr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslproto.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in dist/private/nss/nssck.api + /usr/bin/install -p -m 644 dist/private/nss/nssck.api /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/install -p -m 644 ./dist/pkgconfig/nss.pc /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig/nss.pc + /usr/bin/install -p -m 755 ./dist/pkgconfig/nss-config /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/nss-config + /usr/bin/install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh + ln -r -s -f /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit + for f in nss-config setup-nsssysinit + install -c -m 644 nss-config.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/nss-config.1 + for f in nss-config setup-nsssysinit + install -c -m 644 setup-nsssysinit.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/setup-nsssysinit.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/certutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/certutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/cmsutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/cmsutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/crlutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/crlutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/derdump.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/derdump.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/modutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/modutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pk12util.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pk12util.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pp.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pp.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signtool.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signtool.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signver.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signver.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/ssltap.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/ssltap.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfychain.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfychain.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfyserv.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfyserv.1 + for f in pkcs11.txt + install -c -m 644 pkcs11.txt.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/pkcs11.txt.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert8.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert8.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert9.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert9.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key3.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key3.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key4.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key4.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 secmod.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/secmod.db.5 + /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 /builddir/build/BUILD/nss-3.16.2.3 extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/certutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signtool extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/pk12util extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/crlutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/modutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signver extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/cmsutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/ssltap extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libsmime3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsssysinit.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libssl3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnss3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfyserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfychain extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/selfserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/ocspclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/strsclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/derdump extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/pp extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/tstclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/btoa extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/symkeyutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/atob extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/libnssckbi.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsspem.so /usr/lib/rpm/sepdebugcrcfix: Updated 25 CRC32s, 0 CRC32s did match. cpio: nss-3.16.2.3/nss/cmd/modutil/lex.Pk11Install_yy.cpp: Cannot stat: No such file or directory cpio: nss-3.16.2.3/nss/cmd/modutil/ytab.c: Cannot stat: No such file or directory 23564 blocks + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/lib/rpm/redhat/brp-java-repack-jars Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.VLXx8b + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + '[' 0 -eq 1 ']' + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib ++ find ./nss/tests ++ grep -c ' ' + SPACEISBAD=0 + : + '[' 0 -ne 0 ']' ++ perl -e 'print 9000 + int rand 1000' 9558 selfserv_9558 + MYRAND=9558 + echo 9558 + RANDSERV=selfserv_9558 + echo selfserv_9558 ++ ls -d ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + DISTBINDIR=./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + echo ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ++ pwd + pushd /builddir/build/BUILD/nss-3.16.2.3 + cd ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ~/build/BUILD/nss-3.16.2.3 ~/build/BUILD/nss-3.16.2.3 ~/build/BUILD/nss-3.16.2.3 + ln -s selfserv selfserv_9558 + popd + grep -v '\.db$' + grep -vw CVS + xargs grep -lw selfserv + xargs -l perl -pi -e 's/\bselfserv\b/selfserv_9558/g' + find ./nss/tests -type f + grep -v '\.crt$' + grep -v '\.crl$' + killall selfserv_9558 selfserv_9558: no process found + : + rm -rf ./tests_results ~/build/BUILD/nss-3.16.2.3/nss/tests ~/build/BUILD/nss-3.16.2.3 + pushd ./nss/tests/ + nss_tests='libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains' + HOST=localhost + DOMSUF=localdomain + PORT=9558 + NSS_CYCLES= + NSS_TESTS= + NSS_SSL_TESTS= + NSS_SSL_RUN= + ./all.sh testdir is /builddir/build/BUILD/nss-3.16.2.3/tests_results/security init.sh init: Creating /builddir/build/BUILD/nss-3.16.2.3/tests_results/security which: no domainname in (.:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin) ******************************************** Platform: Linux3.19_arm_glibc_PTH_OPT.OBJ Results: localhost.1 ******************************************** init.sh init: Testing PATH .:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin against LIB /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib: ./all.sh: line 304: [: -eq: unary operator expected Running tests for cipher TIMESTAMP cipher BEGIN: Mon May 18 16:06:07 EDT 2015 ./cipher.sh: line 127: res: command not found ./init.sh: line 228: [: : integer expression expected cipher.sh: #1: - PASSED TIMESTAMP cipher END: Mon May 18 16:06:07 EDT 2015 Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 16:06:07 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 16:06:07 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Mon May 18 16:06:07 EDT 2015 TIMESTAMP libpkix END: Mon May 18 16:06:07 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Mon May 18 16:06:07 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -f ../tests.pw cert.sh: #3: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #4: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #6: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -f ../tests.pw cert.sh: #7: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #8: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #9: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #10: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #11: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #12: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #13: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #14: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -f ../tests.pw cert.sh: #15: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #16: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #17: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #18: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #19: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #20: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #21: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #22: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #23: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #24: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #25: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #26: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #27: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #28: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #29: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #30: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #31: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #32: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #33: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #34: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #35: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #36: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw cert.sh: #37: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #38: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #39: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #40: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #41: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #42: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #43: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #44: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #45: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #46: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #47: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #48: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #49: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #50: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #51: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #52: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #53: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #54: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #55: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw cert.sh: #56: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #57: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #58: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #59: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #60: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #61: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #62: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #63: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #64: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #65: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #66: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #67: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #68: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #69: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #70: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #71: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #72: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #73: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #74: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw cert.sh: #75: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #76: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA.ca.cert cert.sh: #77: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA-ec.ca.cert cert.sh: #78: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #79: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #80: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #81: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #82: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #83: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #84: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #85: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #86: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #87: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #88: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #89: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA.ca.cert cert.sh: #90: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA-ec.ca.cert cert.sh: #91: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #92: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #93: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #94: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #95: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #96: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #97: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #98: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #99: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #100: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #101: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #102: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #103: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #104: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #105: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #106: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #107: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #108: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #109: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #110: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #111: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw cert.sh: #112: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #113: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA.ca.cert cert.sh: #114: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #115: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #116: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #117: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #118: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #119: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #120: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #121: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #122: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #123: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #124: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw cert.sh: #125: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #126: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA.ca.cert cert.sh: #127: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #128: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #129: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #130: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #131: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #132: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #133: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #134: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #135: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #136: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #137: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw cert.sh: #138: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #139: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA.ca.cert cert.sh: #140: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #141: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #142: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #143: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #144: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #145: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #146: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #147: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #148: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #149: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #150: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw cert.sh: #151: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #152: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA.ca.cert cert.sh: #153: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #154: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #155: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #156: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #157: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #158: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #159: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #160: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #161: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #162: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #163: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #164: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #165: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #166: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #167: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #168: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #169: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #170: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #171: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw cert.sh: #172: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #173: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #174: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #175: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw cert.sh: #176: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #177: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #178: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #179: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #180: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #181: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #182: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #183: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #184: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #185: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #186: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #187: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw cert.sh: #188: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #189: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #190: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #191: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #192: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #193: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #194: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #195: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #196: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #197: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #198: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #199: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #200: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:24 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:17 2015 Not After : Tue Aug 18 20:08:17 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:90:f8:42:dd:e3:7f:7d:ba:8f:b5:e1:1e:f7:8b:b9: aa:84:dc:26:8d:22:3c:bf:aa:2a:1b:c7:cc:67:79:0d: cf:f7:01:b8:5e:60:51:5e:1d:b0:a0:39:95:e9:17:c2: 4a:66:d1:9c:14:c0:61:28:b2:cd:f7:38:c2:31:3c:11: 5e:46:53:af:7f:1c:6a:7d:d3:50:04:a5:56:0a:91:20: 70:9e:87:4a:6f:30:dd:27:65:c6:89:35:82:66:04:06: d6:6c:f5:fe:4b:49:b9:bc:11:17:58:6f:6f:25:ae:99: e9:52:db:0e:45:16:6f:df:71:7b:ab:0c:7e:51:d1:b1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 63:e7:26:eb:94:df:d2:72:43:b8:ce:a8:bf:58:d2:a7: 78:36:15:5b:7d:22:19:7b:28:6b:d5:62:94:00:f6:21: df:77:2c:05:b2:62:2b:3b:24:3d:6a:2f:bb:e9:39:fd: 6b:e3:be:07:f4:19:46:fa:24:62:9a:05:37:80:e2:16: 7b:bb:d3:16:b3:82:e7:bf:74:40:20:e1:89:b8:dd:74: 41:20:6c:31:a7:24:a9:75:01:af:2d:3c:56:76:53:83: fa:de:38:3e:41:87:43:f5:5e:1c:b0:c3:da:a9:e4:88: 5d:ae:5c:6c:31:d3:7c:77:3c:ed:f2:f2:f6:0e:84:76 Fingerprint (SHA-256): 5F:4C:5A:B9:7A:C5:B5:DB:BC:34:43:41:93:9F:E6:9A:C5:DF:1A:EB:2F:5C:E6:25:12:94:DA:2B:89:D2:56:F2 Fingerprint (SHA1): 08:E8:42:01:07:89:E0:44:B8:DB:46:0D:1B:86:18:0E:A6:44:89:D2 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #201: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:29 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:20 2015 Not After : Tue Aug 18 20:08:20 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:31:f2:15:c7:02:38:6a:60:bf:0f:77:0a:1d:1f:56: 5c:0b:a8:67:78:c3:4b:35:51:3e:78:a3:34:97:e4:84: 8f:d3:7d:7a:83:8b:7f:24:58:6a:d6:d5:bd:6b:58:9d: 13:4f:4d:e0:68:65:f8:cc:b6:76:35:1f:70:3e:2d:d6: 45:6b:ce:8c:d1:5e:f3:4c:2d:67:71:3f:31:d9:d1:c6: 4c:83:20:a5:42:53:59:0b:f1:6b:c7:c4:1d:2b:36:6a: 7d:49:27:56:5d:08:ce:00:fb:bc:92:b6:d4:73:ef:41: 98:44:fd:31:3e:f0:30:62:9c:31:14:ad:81:60:e9:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:a5:29:fa:6e:08:89:6d:18:15:cb:37:48:e9:aa:da: 96:03:c1:6d:9b:1e:27:1e:13:e8:db:61:8c:3c:26:26: 0f:59:e5:66:8b:d6:83:ef:ed:36:dc:a9:c4:5a:c8:31: c6:21:3f:d9:4a:e4:6b:03:bf:84:6a:25:3f:ec:56:3e: f4:62:c6:47:83:86:1e:cc:5a:62:f5:fb:9f:cc:9f:9f: 89:43:32:8a:eb:bb:84:d4:f9:65:c8:f7:ee:3e:a7:8b: ec:b8:d5:77:d9:c7:2d:72:5e:b1:f3:6a:06:e9:a0:d3: c1:96:8e:e8:55:4e:9e:53:81:e7:4e:a7:f7:a3:05:f0 Fingerprint (SHA-256): 75:5E:A6:B0:33:5B:FB:9C:95:E7:5B:BC:C7:E4:56:BD:7B:96:AE:ED:9C:E6:00:7B:BE:B8:A3:88:6C:97:EC:3B Fingerprint (SHA1): B4:D1:C3:0B:9C:BF:76:35:E1:D1:15:C7:16:4B:B3:40:49:BE:AA:6F Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #202: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:2d Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:22 2015 Not After : Tue Aug 18 20:08:22 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:e8:4a:de:df:61:06:8d:7f:5d:11:5c:8d:2d:1b:38: 07:40:72:fe:fb:ed:77:99:88:c6:7d:b0:ff:aa:0a:87: 02:ca:66:37:83:59:0f:51:42:90:71:bb:f8:02:85:ab: ae:d7:13:b1:a0:a2:e5:c3:33:81:b5:9d:de:e0:5a:01: 3f:a5:71:89:af:c7:ea:33:96:ad:70:f9:1b:4a:e8:35: 52:d2:46:78:a6:b7:66:a2:5e:20:43:d9:5a:86:cb:40: d7:00:d1:a7:c8:0b:30:78:77:13:4e:70:ee:17:27:93: d8:d5:d3:1f:11:39:dd:79:33:99:78:9f:3d:b1:06:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 64:de:33:e2:01:fb:77:9d:1c:61:fb:75:1a:04:7b:58: 5d:6d:bd:65:2c:72:32:a3:5d:a1:07:4a:28:5e:1a:99: 98:5b:16:3d:72:d9:c3:84:8d:15:01:ec:9b:06:61:77: 5e:31:93:a6:a4:ef:9e:78:6a:a4:3a:9d:7c:5a:79:04: 18:16:03:a6:4c:c1:d0:6d:dc:78:7a:3d:91:3a:73:49: 87:c8:24:f1:90:d4:fa:40:33:a6:18:98:3e:b0:27:e3: 97:08:8e:68:37:2b:e2:55:70:5e:5b:6c:a8:d4:ab:c5: 69:d2:b4:f2:df:54:67:27:80:15:27:f8:f0:47:19:b5 Fingerprint (SHA-256): CD:D8:41:16:8D:39:AF:45:73:CD:80:57:F3:3C:05:3B:4C:1F:88:9F:CA:6E:3B:28:6F:06:6D:B8:60:AD:28:59 Fingerprint (SHA1): 0C:72:0B:3D:AA:0D:61:26:B3:05:06:F6:C1:A6:9D:04:FF:17:EC:CD Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #203: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:32 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:25 2015 Not After : Tue Aug 18 20:08:25 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:65:dc:0e:a9:3b:86:4a:97:24:7f:66:cf:e7:9e:2b: 8c:2b:96:c2:b7:34:30:a8:1f:ac:71:37:70:62:cd:1c: fd:8d:b9:17:da:ce:e3:77:61:71:e8:1f:f2:bd:3f:1c: af:e0:c0:6a:b6:66:27:51:27:79:93:71:f9:be:55:97: 78:e5:a4:26:80:9f:f7:b7:43:9f:f5:1e:97:28:54:da: 49:f3:ad:cc:32:0d:60:fe:e8:c4:5d:5b:09:de:96:99: b2:17:9f:f4:98:c7:ba:99:c6:aa:df:51:fe:d9:cb:d3: 6a:28:c0:ab:84:63:0c:ca:90:6d:b5:66:a5:68:01:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:7f:56:ce:65:2a:8a:f7:d4:6e:59:c9:94:a2:de:3a: 9a:f2:1f:49:a1:cb:53:ed:3f:ae:bc:7a:2c:3a:0a:0d: cc:46:a2:31:f6:9f:5f:b5:c7:7f:54:71:27:08:cc:59: e8:15:42:e3:c5:00:6c:27:f5:4c:5a:39:af:e2:a9:4c: cc:bd:83:c7:03:ba:38:68:d6:41:70:0c:2f:60:7a:ec: c9:39:64:b2:6f:f3:75:22:64:ea:a7:ed:2a:bf:2b:a3: 38:39:b9:95:92:95:a0:50:27:58:59:8d:51:2f:10:58: 54:87:9a:18:55:06:40:ac:7c:e3:75:54:91:96:f3:25 Fingerprint (SHA-256): 05:8D:DB:0A:F1:CE:4C:ED:71:D7:42:B9:81:EE:7F:8B:14:6B:BC:BA:48:D4:07:22:98:7C:F9:A5:F8:72:A3:91 Fingerprint (SHA1): 57:26:33:E4:B2:A6:44:E5:AB:84:30:BE:09:81:ED:17:72:38:31:78 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #204: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:37 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:27 2015 Not After : Tue Aug 18 20:08:27 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:b2:7e:18:2c:c5:3d:7d:2b:59:c3:6b:00:96:15:19: 94:60:b8:f3:12:2c:91:20:1b:8c:b3:78:bb:72:0a:ef: 98:d0:b5:bc:99:3c:51:14:9f:20:69:42:ee:61:1f:78: be:19:dd:43:61:fd:ea:a2:85:37:21:cc:28:41:f7:74: 4e:ae:95:a1:98:2f:b2:04:8e:5d:83:f9:d4:ca:47:46: 61:39:79:56:a3:b1:0e:2a:ed:23:a4:94:e7:4c:3c:66: a0:3d:ce:7c:7b:7b:bd:8a:99:c6:91:79:a6:f0:ff:91: cd:c4:a8:87:e2:b5:a4:6e:25:9a:4e:df:01:08:19:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4d:ab:d0:58:41:e2:90:35:88:af:7f:c6:e9:61:0b:d6: 97:b1:20:e2:54:12:dd:7d:f8:7b:82:51:44:86:a6:32: 5e:b8:d4:61:70:0a:67:3d:46:61:1c:f6:b2:72:ea:dc: 8c:91:4f:ac:2f:f3:49:d2:87:28:25:90:b4:f1:98:6b: 96:8e:bb:8f:f7:75:10:59:2a:6c:68:c4:c6:9f:2e:72: 58:c3:ff:43:04:6b:4b:ee:47:88:4c:5e:bf:11:d6:3a: 02:6b:27:80:51:dd:2d:3f:73:1b:1f:e4:f1:e3:df:5e: d5:a3:23:68:31:a0:1a:81:c9:91:27:13:cf:25:47:ce Fingerprint (SHA-256): FE:A1:26:D3:59:D9:59:B1:70:B3:8C:CA:C7:D0:DB:0D:F6:F5:B8:45:16:13:2F:6C:CA:93:7A:6E:3F:C4:10:92 Fingerprint (SHA1): B1:EC:93:83:BE:56:DF:4B:E4:AC:99:A4:3C:5F:DD:C9:B4:A6:29:24 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #205: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:3b Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:29 2015 Not After : Tue Aug 18 20:08:29 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:e0:a5:c0:4a:82:ab:6f:4c:62:c3:64:e2:e9:8e:89: bf:8d:53:5d:5a:f5:97:27:89:b8:1f:24:6a:d4:52:6f: 0a:0f:88:34:e9:ee:54:e8:5d:3f:49:8f:2b:d8:a5:8d: 61:c4:ea:3d:08:59:b3:86:57:65:bb:95:62:b1:76:34: e3:85:a4:35:4c:2f:b4:63:f1:df:aa:24:9d:d3:52:80: 13:6d:2d:e2:ef:8d:95:60:c0:87:0e:bf:36:52:93:b7: db:bd:01:4a:c1:46:7c:74:9c:18:54:45:95:8d:b1:98: f8:2b:13:06:9f:bc:84:6c:d0:ce:61:35:e8:0e:8a:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 06:bf:91:53:51:f4:fe:33:41:ef:2e:51:8a:d2:19:39: f5:1a:e2:cf:dd:2d:dd:fc:88:8d:95:a1:25:72:76:e2: 35:08:ee:30:dc:e4:61:d1:d2:d3:b4:a5:f6:42:29:4c: 2f:06:ed:d4:67:31:44:5b:2e:98:77:53:58:84:dd:9f: 24:71:d4:30:0a:93:e2:de:56:84:b4:09:16:ce:e6:32: 73:cd:e3:0b:2d:af:8c:99:79:17:0e:eb:b5:9f:e9:fc: 5f:0d:ba:ee:e0:e5:b2:3e:c2:d1:b2:09:42:ed:e9:eb: dc:3d:ee:7f:1a:9c:79:a5:5e:7c:44:6c:c3:c6:27:b2 Fingerprint (SHA-256): 78:45:24:71:55:48:FC:09:33:22:7B:22:4C:46:24:FE:C8:54:BA:A2:F6:F1:08:CE:A0:3E:1B:DD:6C:0A:A5:BF Fingerprint (SHA1): A7:D0:99:A6:4B:D7:59:C7:06:11:98:23:06:55:BB:1D:68:EF:6D:19 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #206: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:3f Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:31 2015 Not After : Tue Aug 18 20:08:31 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:16:09:50:c5:3a:32:78:fb:64:3c:89:67:c4:a0:5e: 25:06:02:1b:b7:91:30:31:19:07:5f:9d:01:55:39:ac: ee:cd:19:b1:7f:82:f4:70:f6:42:52:90:59:19:70:97: c5:63:e5:97:b7:85:22:cc:14:90:9f:e9:26:ea:fc:46: 88:95:85:1b:d8:98:a5:29:cf:44:e5:6d:04:2f:67:bb: 14:98:9b:b4:03:a6:cb:4c:b5:2c:a7:bf:2d:d8:65:43: fc:21:af:73:29:0c:f0:3d:51:23:28:95:b7:42:5e:5a: 34:32:25:ea:96:44:66:dd:2c:3f:b5:f3:3c:86:79:49 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:55:57:11:28:0b:0f:07:82:18:f1:b2:0a:82:47:75: 87:73:b6:4a:75:72:2a:7c:2d:5f:2b:9a:01:74:84:96: a5:5e:bf:41:a6:ff:98:92:de:42:b1:6d:e5:1b:d6:bd: 18:55:bd:86:70:a8:c8:18:f0:0e:69:73:8f:59:44:e7: 28:39:e1:6e:5b:31:6d:bc:c3:c3:ee:03:55:74:61:62: 57:05:30:81:65:c9:1d:3d:68:2c:44:86:cf:df:7a:af: 70:c5:e9:e1:d7:9e:10:d7:1d:1b:9a:8a:62:d8:00:63: 58:a3:c8:43:7c:f5:2d:7d:a0:5a:f1:b1:0b:8b:3f:84 Fingerprint (SHA-256): 73:26:50:35:54:5E:4E:22:33:A2:2A:F2:F4:FB:7D:6C:4A:57:B8:55:32:3A:AB:A2:2A:84:9C:84:8E:41:E0:60 Fingerprint (SHA1): A2:76:F1:B1:26:3D:3A:32:AC:6E:3A:34:8D:04:6D:C0:22:7B:C3:3C Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #207: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:43 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:33 2015 Not After : Tue Aug 18 20:08:33 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:d4:f0:ed:a2:6f:f8:c1:f1:f5:7e:af:af:35:4d:8e: c2:a5:d2:40:7e:73:2a:f1:e3:13:f7:ea:5e:34:09:62: d3:c9:f9:8e:13:d9:4b:58:09:1c:8c:c5:42:c3:14:4a: 10:63:9b:a4:20:55:0d:f4:fa:5d:a9:d0:bf:70:6b:55: 30:f4:17:69:89:ca:18:8c:ed:14:24:0d:91:2e:92:8f: 53:3d:91:96:a3:6e:cd:1a:09:11:27:19:1a:17:e2:36: 86:16:69:fe:da:8b:bc:cf:d3:79:fe:5e:ee:87:d0:09: 82:be:e2:0e:2d:a8:ea:36:24:2c:1a:03:ab:b7:3a:05 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7b:24:8d:52:7a:92:f9:0d:7b:f3:0e:e0:e5:84:79:8c: e4:dd:bb:e9:d6:95:0b:5d:31:f7:29:f4:1b:44:8a:f1: b4:2a:57:2d:cb:0b:fb:79:ac:35:b1:45:ac:bd:87:6e: 59:59:27:79:ec:3f:a9:36:62:e8:75:55:33:04:17:3d: f4:35:f8:6c:7e:23:07:d0:66:e3:21:ee:6a:a5:1e:db: e6:5f:93:dc:70:f6:95:88:40:5d:38:ff:3d:81:5b:f2: 6a:75:09:47:97:3b:cd:9c:bc:d3:cf:03:02:ae:dc:b2: 63:76:5a:54:81:b7:e8:56:03:11:51:02:10:45:57:c1 Fingerprint (SHA-256): DB:9D:31:EE:E9:58:11:44:1F:7C:6E:47:64:71:B0:17:22:87:16:EB:9C:B7:D1:54:AB:FA:B1:F2:9E:AF:32:86 Fingerprint (SHA1): 2A:19:1E:24:25:DD:10:88:16:49:99:7E:0C:20:23:82:96:17:4A:D3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #208: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:47 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:35 2015 Not After : Tue Aug 18 20:08:35 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:ba:00:74:ed:06:96:72:b0:d5:24:b9:5d:c2:49:81: 8e:03:d5:17:be:f0:e8:15:8d:92:78:f7:b7:f0:8a:b8: 25:e2:1a:5a:a8:03:57:a4:38:32:f0:a2:3a:e2:ae:63: 10:97:74:bb:c6:ca:d8:6e:9f:2f:7c:93:98:59:b4:43: dc:b6:95:4f:af:a0:57:d8:1a:03:db:df:45:9c:88:4c: ad:07:04:55:43:a2:7b:54:8c:ee:fd:f8:56:0d:06:41: 96:fa:4c:91:1e:ba:eb:63:db:ac:c3:7a:53:3a:1b:67: 05:e4:fd:9f:44:67:5a:2c:ae:01:b5:0f:19:4f:16:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8f:fa:d4:4c:2f:8d:8a:ea:1b:2b:8b:49:5d:86:21:2d: 0a:43:79:0d:d3:3e:64:df:ab:00:28:6a:9e:58:3f:53: a4:67:26:e9:74:b2:3a:25:14:c9:aa:96:b1:0d:7e:40: 24:58:f2:78:48:19:a0:a3:e4:03:f8:4f:95:cf:1c:ff: 6d:2f:07:75:c7:d6:e0:43:c1:53:f7:b3:bd:74:dd:e8: 3a:ce:d0:12:6f:e5:13:70:31:de:aa:64:12:3b:17:cd: 1b:ff:9a:d6:36:8f:e5:b4:91:c8:aa:14:6a:08:8b:8d: 82:32:fa:e5:21:29:b1:85:09:78:2f:31:1a:f6:22:27 Fingerprint (SHA-256): 94:D8:71:C3:EB:EB:3C:09:F1:2D:EE:9D:1B:76:3E:3E:1F:31:8D:46:70:80:A8:02:F4:2D:23:49:DD:D7:3E:72 Fingerprint (SHA1): 1E:6F:84:68:34:F2:E5:98:10:7C:02:E5:13:6A:41:83:3D:2F:46:58 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #209: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:4a Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:37 2015 Not After : Tue Aug 18 20:08:37 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:1e:87:f9:25:a2:32:a8:44:49:dc:31:4b:ae:13:1a: fa:24:09:10:24:85:50:77:38:d9:10:3a:e0:4e:89:bd: 07:ac:2c:0f:c3:a8:d5:f6:3f:d0:d3:47:a8:ed:da:b8: 4f:d7:89:61:c5:28:24:00:40:1c:4f:b0:58:41:15:ef: 6b:40:6e:31:13:72:6c:b9:c0:c0:b5:cc:03:b1:82:ff: c8:0b:88:a2:99:ae:bd:5b:24:31:0b:9c:f2:8a:15:5d: 13:de:66:4e:0c:67:40:dc:c1:ec:b6:4f:82:29:37:fe: 46:75:9f:6c:88:cd:ad:8f:f0:61:c4:08:7c:6c:c1:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: be:2f:db:d4:e1:ef:ed:38:82:33:ae:d3:58:f2:05:ce: 89:1a:8f:a5:fd:ee:74:61:b9:54:63:af:4a:5a:2f:b9: 53:b9:78:92:6a:ad:0c:50:1e:97:2c:c3:c1:a9:0c:cb: 19:f0:28:d1:7c:fa:e7:16:01:a7:15:e4:da:3b:54:49: d5:cf:10:8b:0e:5d:ce:ba:f2:a2:4b:6b:21:dc:77:d4: fa:e0:cc:31:1d:c5:9e:5b:8f:d1:89:43:db:06:cc:37: 7a:20:1e:4f:3e:21:0b:56:f4:31:93:3d:61:7f:03:ca: 0c:87:3b:e6:01:79:11:4c:e2:11:77:ba:f8:e5:d1:d6 Fingerprint (SHA-256): A9:FC:FA:C5:D4:BC:CA:F7:46:A8:24:3A:01:2A:A3:EE:D2:8B:9C:2D:B4:0B:F0:DF:A1:5B:55:9C:3F:61:D7:66 Fingerprint (SHA1): C5:DF:FA:AE:D0:5B:19:EB:B5:B6:C7:73:16:01:D9:A8:51:4A:8B:A2 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #210: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:4f Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 20:08:40 2015 Not After : Tue Aug 18 20:08:40 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:c1:18:86:0d:eb:d6:88:e5:30:a0:18:1e:57:38:44: 29:b1:bb:6b:7b:63:4e:24:10:a1:be:df:a7:c8:80:5b: a8:60:f8:0a:08:86:e6:3a:b4:1a:f5:a5:77:fb:18:72: 1d:4e:10:85:74:23:99:ca:71:86:b3:1e:d6:88:ed:c8: 51:f8:44:bf:12:1f:68:be:09:c1:70:d0:f2:a8:ff:dd: 06:65:03:ce:f3:be:46:08:b0:3e:df:05:c2:c6:a4:d3: 1c:54:84:de:ef:ff:fc:c0:cc:a4:91:46:cd:13:c6:62: 5c:de:5b:0e:05:71:b9:a8:97:02:a5:77:96:ae:ae:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:92:55:9e:d3:c6:db:d5:34:61:9b:43:12:85:04:4d: cc:51:a2:51:39:a1:bb:01:dc:b0:9c:de:5c:a9:ff:7f: 94:c0:55:ae:32:fa:3c:d0:16:ea:d8:b6:23:a0:44:14: 58:db:f9:7a:8f:99:63:bd:07:6e:33:a3:9e:e1:8e:ee: 0f:44:12:b4:8c:54:41:7a:4c:b3:a6:c3:58:19:57:1a: 48:8d:19:bb:de:75:b6:27:66:ff:07:7e:83:b7:fa:b7: ce:12:4e:4c:4a:c3:b0:40:b5:51:eb:31:2e:05:92:62: 39:55:0f:80:16:8a:4e:0d:cd:3b:b1:4e:5c:8e:63:49 Fingerprint (SHA-256): 24:F9:D3:6C:69:62:0C:97:45:8A:15:E4:79:5E:98:F3:3B:15:55:0A:3A:28:8A:6E:2D:FD:52:B9:53:63:F7:EA Fingerprint (SHA1): C5:B7:DC:52:14:C6:EB:2A:C9:C0:6A:E9:D4:83:12:85:2D:7A:CC:86 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #211: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #212: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #213: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #214: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:58 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 20:08:45 2015 Not After : Tue Aug 18 20:08:45 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:04:12:a4:0b:2b:09:11:e0:8f:43:de:57:27:08:87: dd:45:f0:8b:07:5b:ce:8f:1d:e2:8f:13:25:39:60:69: 22:1b:87:c2:1c:ee:9e:ca:eb:85:a5:72:ef:7d:28:a2: db:f6:de:59:c9:2e:2c:ef:be:c9:06:51:fe:11:1e:29: 34:d9:75:75:c8:ae:da:8c:2c:86:d1:a2:74:10:44:9a: 0f:a5:b7:e8:0f:64:15:17:ce:8c:94:51:2c:ae:69:22: c1:8a:e0:a5:4a:d4:87:5f:a5:f7:3f:3c:dd:11:47:b2: a5:e0:79:2b:58:34:e9:a4:00:19:f3:d5:3d:c2:cb:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:15:7f:cb:2b:6e:86:29:1d:2d:3e:7e:e5:59:ae:5a: 08:8b:d3:8e:7b:db:99:d5:bd:74:e9:f9:fa:8a:bc:e2: 6d:be:4c:c2:26:8a:f7:46:51:9d:29:46:31:d5:ab:e6: ee:91:d2:30:ff:e3:6b:5f:2a:9e:40:6d:b8:a6:38:2f: 6a:f5:38:c1:7c:4b:bb:6f:f4:99:4e:00:01:24:d3:01: 89:3d:94:e1:50:39:c1:49:ba:29:18:37:d6:c0:a8:76: 91:06:51:17:24:36:65:c0:a1:36:ea:0c:b5:1f:b2:10: 21:14:6e:ae:1f:26:b5:4f:5c:f2:eb:3c:48:97:ed:56 Fingerprint (SHA-256): 04:4B:37:9A:2B:92:E7:6A:56:48:1A:B3:E8:94:D2:88:7C:93:10:DF:3B:7F:28:22:37:11:E1:DB:BF:3E:F6:33 Fingerprint (SHA1): 00:3A:58:91:1A:E8:9F:3A:B1:7F:6A:A2:F6:A5:3C:07:14:5F:07:3F Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #215: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der cert.sh: #216: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #217: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #218: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #219: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #220: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #221: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #222: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:18:6a Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 20:08:54 2015 Not After : Tue Aug 18 20:08:54 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:0e:47:75:ca:68:0f:9d:e2:84:c6:d1:a3:62:8f:80: d4:24:98:e8:3e:0c:27:2d:8b:c8:bd:c7:8e:64:bd:32: 45:cc:28:8c:fc:f4:b6:21:76:c9:a5:3f:b1:d4:e6:bd: 06:9d:30:7e:16:7b:f6:fb:b3:33:3b:24:86:2a:db:be: 1f:66:f9:5f:3b:e1:d9:22:b8:c7:da:2f:b5:64:12:9c: 0b:56:bc:0c:81:a2:8f:cd:8a:48:dc:26:a9:8c:1b:82: 0c:96:38:6e:e7:e0:49:6f:4a:4d:29:7d:b0:bd:3e:f9: 6e:66:97:f9:3f:1a:f4:ad:b2:26:f7:40:7b:fc:3b:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:2f:83:dd:f7:f5:a5:06:34:ff:91:9f:b2:60:7e:b8: 6b:a6:95:f6:97:0c:c6:ae:39:50:09:2b:96:90:03:57: 76:ee:3a:9a:19:a5:2e:0f:b3:3d:9c:c9:f4:64:95:2e: 8c:93:8b:b0:81:5e:c2:bc:55:78:81:93:7e:a6:66:a2: 0f:59:bf:f4:7b:f6:e7:b9:36:71:3f:66:b4:3b:14:ce: e3:58:5d:df:b1:95:28:7e:e9:97:35:0d:20:7f:88:70: ea:a2:12:25:92:c8:90:27:c5:09:8e:c3:f7:ba:dc:82: 2a:b1:a1:b9:b9:73:9c:a0:75:38:27:d4:d9:3e:32:52 Fingerprint (SHA-256): 04:44:1E:98:76:36:C3:F2:58:9A:B6:8B:A6:9D:19:03:71:41:76:EE:E0:38:30:F3:3C:0A:DF:A7:EF:86:B8:35 Fingerprint (SHA1): 2E:85:E9:F5:F3:DB:0E:04:DA:9A:6C:5D:73:A1:1E:EE:4E:2D:06:A7 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #223: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #224: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #225: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw cert.sh: #226: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #227: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #228: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -o root.cert cert.sh: #229: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #230: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #231: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #232: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #233: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #234: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA.ca.cert cert.sh: #235: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #236: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #237: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #238: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #239: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #240: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #241: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #242: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #243: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #244: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #245: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #246: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #247: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #248: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #249: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #250: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #251: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #252: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #253: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #254: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #255: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #256: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #257: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #258: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #259: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #260: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #261: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #262: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #263: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #264: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #265: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #266: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #267: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #268: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #269: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #270: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #271: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #272: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #273: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #274: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #275: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #276: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #277: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #278: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #279: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #280: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #281: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #282: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #283: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #284: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #285: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #286: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #287: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #288: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #289: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #290: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #291: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #292: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #293: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #294: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #295: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #296: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #297: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #298: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #299: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #300: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #301: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #302: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #303: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #304: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #305: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #306: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #307: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #308: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #309: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #310: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #311: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #312: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #313: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #314: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #315: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #316: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #317: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #318: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #319: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #320: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #321: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #322: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #323: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #324: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #325: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #326: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #327: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #328: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #329: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #330: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #331: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #332: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #333: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #334: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #335: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #336: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #337: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #338: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #339: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #340: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #341: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #342: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #343: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #344: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #345: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #346: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #347: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #348: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #349: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #350: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #351: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #352: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #353: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #354: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #355: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #356: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #357: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #358: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #359: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #360: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #361: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #362: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #363: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #364: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #365: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #366: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #367: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #368: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #369: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #370: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #371: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #372: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #373: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #374: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #375: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #376: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #377: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #378: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #379: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #380: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #381: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #382: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #383: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #384: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #385: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #386: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #387: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #388: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #389: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #390: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #391: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #392: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #393: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #394: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #395: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #396: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Mon May 18 16:10:59 EDT 2015 Running tests for dbtests TIMESTAMP dbtests BEGIN: Mon May 18 16:10:59 EDT 2015 ./dbtests.sh: line 173: syntax error near unexpected token `then' ./dbtests.sh: line 173: ` if [[ $EUID -ne 0 ]] then' TIMESTAMP dbtests END: Mon May 18 16:10:59 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 16:10:59 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #397: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f2:b9:f0:57:88:b4:3a:f3:01:d5:d7:9c:4b:0c:c1:44 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #398: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #399: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #400: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #401: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 82:10:8e:47:b5:8b:8d:61:50:a0:85:e3:c5:1a:7e:6e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 20:06:25 2015 Not After : Mon May 18 20:06:25 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:00:37:c4:0c:62:fb:c6:8c:e1:6e:0c:63:94:a5:82: f0:fe:d0:b2:73:3a:31:af:ff:90:ee:a1:15:de:d2:c0: a3:f6:d8:da:7b:81:fd:6f:55:09:ed:3e:a2:c7:c3:6d: 0e:1b:a6:b9:90:ea:62:58:a9:0a:e1:9a:81:6c:04:dd: cb:79:35:01:67:3b:1b:d3:e4:42:7a:67:6d:b7:6d:c6: 5f:d0:8d:22:e1:04:56:c5:4c:ba:de:86:25:9d:0b:c0: d6:37:fc:9e:c1:9d:17:3b:ce:23:60:42:c4:b8:91:59: c3:b2:a4:b3:70:28:42:3e:ee:8a:3d:50:1a:af:ee:01: 4d:5e:f1:2a:be Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:21:29:5a:dc:1b:ce:d4:9b:e2:46: e2:c1:6a:36:61:cd:2a:cd:bf:ea:2a:a7:c7:94:62:81: 47:ed:5c:fc:43:fa:f2:86:08:73:c0:23:4b:43:ce:8d: 36:17:ca:ed:86:4a:94:3f:c4:a7:32:0e:1a:93:87:b6: e3:a8:01:d0:4d:ce:9c:02:42:00:9d:27:e1:49:5d:c6: aa:f7:a6:4e:94:83:aa:fc:67:ea:fe:ee:dc:86:9b:5f: 6c:46:39:ba:06:37:84:e9:97:e5:e8:72:9a:12:b7:63: cb:cb:e6:05:9b:bb:66:d9:fd:78:ae:34:25:8e:6f:34: 50:45:72:52:01:d5:85:0c:b3:d3:68 Fingerprint (SHA-256): 07:AA:A1:F1:15:AF:46:54:37:5B:6D:2B:96:89:FF:36:66:09:84:3E:25:3A:5D:AE:DF:A4:95:D8:A8:51:B0:C1 Fingerprint (SHA1): 3F:F4:0E:AC:70:43:C3:D1:1D:4E:ED:13:FE:E7:57:06:81:74:E3:19 Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 20:07:25 2015 Not After : Mon May 18 20:07:25 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:b8:84:1c:e5:24:e9:1e:00:f0:8d:f4:d0:8e:a3:d9: 4d:27:28:4f:98:11:92:86:0a:9b:c4:31:b7:9a:86:56: 2a:f9:b1:31:88:89:a0:cd:9b:5a:47:28:3c:55:a0:a2: 3a:ac:5b:17:39:de:dc:28:96:e7:65:ba:fa:e5:32:53: 53:47:9e:09:19:39:07:69:c0:54:51:a7:d8:33:93:1d: ac:53:66:5f:36:c9:fe:9b:58:2f:0e:09:6e:14:85:e5: 48 Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:23:b6:77:86:04:b3:3d:a9:7b:11: 5f:16:e8:16:d1:c0:7d:e5:74:67:a2:97:f1:8d:c3:bb: 16:a5:90:87:05:34:50:7b:b4:e8:f8:ae:b1:9a:2d:30: 94:ed:25:bd:5f:3c:3b:69:e4:50:9a:57:a2:37:89:15: 72:c6:f2:28:15:83:9d:02:42:01:08:25:da:1d:e4:c9: f9:82:41:79:5f:02:dc:44:54:25:f6:a5:3d:fc:ca:ce: de:2c:81:26:d9:9e:3e:3f:38:9a:a2:1e:8d:88:61:92: a9:b7:bc:56:e7:c6:66:41:bd:fc:90:5d:55:9f:f7:9f: 5e:dc:9e:09:1e:cf:7a:a7:23:66:61 Fingerprint (SHA-256): 71:34:6B:64:57:2A:DE:DC:67:3B:E8:95:B9:45:14:53:54:9D:38:64:F1:50:D8:CE:9B:BA:FB:85:99:62:7B:E8 Fingerprint (SHA1): 48:15:4D:FF:94:5F:0E:62:6F:7E:A7:00:35:B4:3B:10:16:84:E8:96 Friendly Name: Alice-ec tools.sh: #402: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #403: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 89:d8:c8:b5:56:40:b5:1b:0d:a2:36:21:e8:3e:8e:f2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #404: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #405: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #406: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 74:d7:be:81:73:1a:7f:ae:e8:81:8f:cc:eb:3e:af:6c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #407: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #408: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #409: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: f8:08:9e:5e:21:d4:85:2a:d6:a5:73:d2:f8:40:44:3e Iteration Count: 2000 (0x7d0) tools.sh: #410: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #411: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #412: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d2:4b:9a:29:50:01:e7:35:27:26:b7:30:f1:50:98:f3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #413: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #414: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #415: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 13:89:2c:6d:2b:d1:bd:78:c0:8f:e2:12:37:86:5e:8f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #416: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #417: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #418: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a0:ae:12:bf:da:7f:b1:90:35:d5:9d:bc:f6:f4:90:df Iteration Count: 2000 (0x7d0) tools.sh: #419: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #420: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #421: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 49:7c:a4:0c:a5:97:4f:5d:70:1f:ad:e3:60:f0:41:75 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:9c:d2:83:3d:a5:ee:82:3d:5a:53:23:18:73:a8: d5:01 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #422: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #423: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #424: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ea:09:ed:a6:25:b3:c6:22:be:e2:2e:36:c8:9e:2a:8b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:dc:75:7f:3d:e6:86:bf:9a:73:da:45:23:5b:a3: c5:18 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #425: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #426: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #427: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: f5:8b:4a:31:7b:97:d6:4f:f0:fb:e9:f5:62:a1:65:37 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:9f:3e:c7:35:98:8a:2f:94:a5:db:a0:cb:4a:3f: 7c:c7 tools.sh: #428: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #429: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #430: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 08:0c:d0:03:34:1f:2c:a7:e3:f5:ad:78:55:26:62:c6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:97:e8:b0:9c:dd:97:b8:52:e1:10:07:c3:89:b9: 14:e8 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #431: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #432: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #433: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b5:0c:2e:16:79:77:59:ff:e5:e6:9e:e0:6c:85:1c:c1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:0e:1b:f1:56:72:34:6a:2e:2c:bf:90:0f:bf:cf: 8b:c5 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #434: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #435: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #436: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b2:8c:9a:2b:c9:88:15:94:2c:04:a9:ca:d7:ff:ba:70 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:7f:04:8a:b3:67:4e:73:2b:17:01:29:01:d1:45: 80:97 tools.sh: #437: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #438: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #439: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a4:03:59:f6:f1:f1:48:9d:b8:57:4c:f2:d6:c5:19:6a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:a9:b6:2c:a1:5b:2e:ec:14:c7:51:25:d7:99:c1: 67:c5 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #440: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #441: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #442: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: d2:31:3f:97:2c:41:fa:81:46:53:b3:cb:23:c5:5f:6f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:35:4d:1f:d5:8b:80:1a:55:ba:45:7f:a2:b7:d2: 86:24 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #443: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #444: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #445: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 8f:53:6c:ae:c1:cb:5d:6f:ba:c5:32:ab:b7:ec:fa:19 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:a1:3b:2a:d5:d6:e6:e1:03:0e:19:9c:b7:9f:7d: 6f:45 tools.sh: #446: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #447: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #448: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 79:b5:a3:fa:b7:4b:2e:d2:61:30:d6:00:a7:d6:67:37 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:a4:f0:50:9b:e2:5e:47:8d:a5:a3:69:26:aa:61: 57:3b Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #449: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #450: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #451: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5a:c2:44:5b:06:bf:00:10:1c:70:85:d2:00:68:f1:d5 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:62:9c:dc:e1:16:4a:15:5b:1e:1a:d8:8d:14:92: 43:13 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #452: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #453: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #454: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 29:e5:69:40:9e:11:0b:dc:82:d2:91:95:a6:29:e7:3b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:5d:b2:4e:9f:9b:b9:9a:3a:46:a4:73:74:ac:d0: 37:a3 tools.sh: #455: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #456: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #457: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 08:51:81:87:eb:a3:fa:5b:a0:dd:8b:50:e2:f7:99:6d Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:f3:a8:85:9c:65:f1:7d:1a:12:c3:71:55:ab:0e: 1f:1d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #458: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #459: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #460: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 08:aa:90:5b:a4:4d:1a:6a:26:a5:cc:1e:ce:d1:d7:10 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:97:69:10:7a:6d:5d:f7:f6:ce:ee:60:a5:4b:28: 99:df Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #461: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #462: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #463: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5d:c9:c2:3c:d2:2e:b5:ce:7e:9f:83:7f:06:76:fc:d9 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:cd:24:2f:e8:d3:a5:b2:4e:c9:2c:1e:0f:73:bf: e2:43 tools.sh: #464: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #465: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #466: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 52:cd:d2:15:b6:e0:10:d5:7b:32:6a:83:1b:33:78:1e Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:27:b8:72:8e:87:4f:c5:16:ec:c8:1d:5e:0f:1c: 90:bc Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #467: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #468: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #469: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: fd:5e:2e:87:87:59:c3:be:c5:f1:95:7f:72:ff:6c:c0 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:f9:55:ee:df:5e:b0:73:2b:f5:bd:c7:a9:f9:1b: ff:2d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #470: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #471: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #472: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3f:c4:ae:1f:00:68:3b:9e:33:9f:cb:c3:fe:18:5e:38 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:64:22:f8:a7:17:09:d7:1b:13:41:eb:37:33:29: 6f:87 tools.sh: #473: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #474: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #475: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: aa:6d:d3:f2:a2:0b:5e:e8:25:0c:7f:ab:d4:95:22:55 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #476: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #477: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #478: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: b4:3d:97:86:48:8b:9b:87:5e:95:ed:41:d7:79:37:b4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #479: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #480: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #481: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 4a:69:98:0a:ae:ce:0f:61:e0:31:4f:e8:b2:e9:8b:1d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #482: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #483: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #484: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 15:d7:a8:2b:23:80:e4:2d:8a:cb:49:02:a2:98:b7:fa Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #485: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #486: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #487: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: b2:e8:b7:f5:c4:d9:5e:20:5c:2a:46:ed:3e:87:8d:9d Iteration Count: 2000 (0x7d0) tools.sh: #488: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #489: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #490: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: e9:b8:a8:6b:83:cc:26:6b:c2:73:7a:11:a5:17:86:16 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #491: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #492: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #493: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 57:ff:f3:bc:c8:0e:56:cb:72:52:f9:e8:89:a7:a6:a4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #494: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #495: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #496: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 53:d6:0d:07:96:fe:06:12:8f:85:f7:ee:02:36:69:54 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #497: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #498: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #499: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: c5:2f:b1:73:17:1a:39:03:a9:b0:62:05:e4:dc:12:f1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #500: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #501: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #502: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 22:a8:75:3c:5e:16:44:4e:c6:f3:a3:d6:88:93:9a:c2 Iteration Count: 2000 (0x7d0) tools.sh: #503: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #504: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #505: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 99:8a:0c:90:34:35:67:10:ff:df:9f:ea:95:3a:ee:9b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #506: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #507: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #508: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 11:41:00:e8:f8:b1:7d:32:2b:36:7a:68:5f:29:1a:c2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #509: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #510: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #511: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 1f:aa:ab:15:e3:58:31:98:8f:c2:86:a5:94:5c:b8:40 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #512: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #513: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #514: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: c1:22:df:f1:94:18:61:ed:49:06:ac:5e:cf:ba:d0:22 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #515: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #516: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #517: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: af:e7:28:10:4f:97:89:60:2a:fa:e5:54:4c:7b:4c:0f Iteration Count: 2000 (0x7d0) tools.sh: #518: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #519: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #520: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d0:ef:d4:d3:f2:94:29:97:5d:d1:5e:63:5c:e4:09:17 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #521: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #522: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #523: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 21:48:ee:4b:ff:14:9b:7f:98:71:e8:62:62:ba:66:62 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #524: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #525: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #526: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 07:0a:00:e1:46:f4:1d:19:85:95:71:2e:d1:16:ef:43 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #527: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #528: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #529: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 54:80:80:80:40:98:f1:f3:9f:e8:95:25:e3:44:75:0f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #530: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #531: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #532: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0f:95:62:7c:16:76:cc:71:bd:47:ec:3a:03:e1:94:84 Iteration Count: 2000 (0x7d0) tools.sh: #533: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #534: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #535: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 7f:cc:93:40:be:f5:e1:22:02:4f:df:10:96:b9:b0:a8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #536: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #537: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #538: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3e:14:4e:44:de:7a:ce:cc:c1:1e:1b:ec:59:18:8a:e3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #539: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #540: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #541: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 72:0e:27:a7:eb:9c:5b:62:f8:78:e0:02:28:42:ef:fa Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #542: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #543: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #544: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 44:54:50:12:14:fb:4d:53:ea:18:aa:9d:8b:18:90:ab Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #545: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #546: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #547: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ac:af:a8:24:2e:02:bf:c4:38:28:69:21:36:59:3e:34 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #548: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #549: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #550: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 84:e7:0b:90:8b:15:7b:7a:1a:bd:5a:a6:40:66:99:4e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #551: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #552: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #553: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c0:dc:a2:cb:bb:78:a1:d4:3e:dc:d6:9c:c2:e3:bb:39 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #554: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #555: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #556: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c6:99:0e:2b:48:a1:33:5a:77:37:74:41:b3:0d:0e:2e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #557: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #558: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #559: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3a:3b:55:9e:09:18:f8:c2:e7:b3:52:e5:78:08:91:b6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #560: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #561: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #562: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3f:3e:b6:8f:35:61:d8:ba:00:0e:4b:e8:af:01:11:3c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:06:09 2015 Not After : Mon May 18 20:06:09 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bf:a3:bc:8c:f6:d4:39:e0:df:5f:59:95:a0:43:f0: 3b:6c:cc:da:43:7c:b0:80:02:b0:97:f4:48:25:1b:24: 9e:8d:b9:1e:bd:c8:e2:18:49:d4:c6:30:49:f4:24:d7: 18:1e:78:f1:94:da:ba:c8:55:45:d5:f1:b5:e2:58:6e: ff:bc:b3:26:f6:67:29:f1:59:47:5e:88:2b:69:d7:94: 99:a6:df:13:36:8c:b7:05:fe:f6:9f:2f:9b:9a:fc:06: 2e:99:a8:74:2d:0d:85:09:a9:a0:9a:5b:c0:20:dc:13: b1:0c:28:b4:e3:18:cd:a7:ed:dd:3a:55:e7:4e:8e:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:88:99:3d:ca:1c:73:28:81:f0:aa:97:fa:73:63:8e: eb:30:78:16:dd:38:40:8f:28:28:93:9b:40:70:d3:53: 40:98:ba:95:74:e2:66:20:3b:e6:c9:6d:b4:7a:5f:1f: 24:f7:04:be:9a:1e:36:11:59:fd:d7:be:7a:71:ae:cc: 0b:2e:7b:97:b2:fa:e1:b0:09:99:0a:ce:8d:2f:fc:ca: 27:97:10:08:0d:0b:96:21:35:c7:7b:a2:8a:47:98:9f: 8e:1b:72:b2:cb:ac:17:59:18:29:1c:7b:13:93:01:92: 54:51:b6:6a:56:93:c6:5d:1c:55:eb:eb:4c:f9:48:32 Fingerprint (SHA-256): 98:A7:1F:D0:56:1D:34:02:10:BE:9D:A2:A1:81:BD:59:11:61:E7:7C:3A:26:54:44:C0:7D:A6:B7:B4:DA:2F:42 Fingerprint (SHA1): 92:01:50:06:EF:4E:F9:C6:8B:42:EB:8C:60:87:70:7A:C2:DC:2C:5E Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:07:23 2015 Not After : Mon May 18 20:07:23 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:72:41:bf:e7:a6:db:4f:cf:da:a5:a0:f2:d5:0e:c9: a3:6c:74:f4:fa:a9:16:44:c3:54:fa:43:ea:de:d8:a4: 0e:07:fa:a0:24:a5:0b:17:e0:ec:d9:51:bf:e4:90:4f: a8:a9:78:8b:9c:98:2c:39:3d:d3:df:b5:01:4f:4c:c7: 72:52:0d:ec:15:bd:e8:8b:43:bd:c7:54:36:21:b7:d7: ea:1c:cd:83:bf:d8:e0:f1:7e:99:70:74:c9:d9:d6:7d: 07:c4:8e:a2:21:c6:1e:11:a7:0c:a6:53:f6:9c:69:37: 79:fa:f9:ca:05:c6:c3:95:55:67:f2:d6:ae:83:2d:7d Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:03:25:5d:62:0f:40:1c:9b:c1:83:23:0a:72:d7:eb: 88:73:9d:1e:8b:75:81:35:2d:bc:9b:a7:b7:a6:8b:fc: af:d3:0c:1f:0a:af:71:6d:7e:b4:1d:14:b4:90:28:bf: b8:76:f4:ae:e4:12:22:6a:23:0f:18:d2:52:af:aa:40: d3:5d:ce:43:4e:a1:ca:c9:84:86:11:00:85:ab:06:9b: ef:f9:f6:aa:0e:7f:0e:c7:9d:37:6a:9e:f1:f9:83:90: fe:d6:ca:12:06:a4:23:78:ea:ac:13:88:43:d2:ef:b5: 66:79:e2:03:72:e7:cd:71:42:16:9e:20:15:bd:7f:8a Fingerprint (SHA-256): 37:1A:11:47:00:91:83:E2:D0:4F:CC:91:C1:D9:C1:8A:88:8A:60:02:08:F7:8D:3B:7B:7C:5D:E9:66:ED:26:96 Fingerprint (SHA1): DC:29:90:D1:B8:6F:2F:C9:FD:14:2D:ED:A2:87:C3:BF:A1:A8:1A:6F Friendly Name: Alice tools.sh: #563: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #564: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #565: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #566: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #567: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #568: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #569: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #570: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #571: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #572: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #573: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 16:12:33 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 16:12:33 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #574: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #575: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 043c0a1fe1baeb109739459b81586f3666776c19 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #576: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #577: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #578: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #579: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #580: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #581: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #582: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #583: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #584: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #585: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #586: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 043c0a1fe1baeb109739459b81586f3666776c19 FIPS_PUB_140_Test_Certificate fips.sh: #587: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #588: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #589: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #590: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #591: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 043c0a1fe1baeb109739459b81586f3666776c19 FIPS_PUB_140_Test_Certificate fips.sh: #592: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #593: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #594: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle dbtest -r -d ../fips fips.sh: #595: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 16:13:20 EDT 2015 Running tests for sdr TIMESTAMP sdr BEGIN: Mon May 18 16:13:20 EDT 2015 sdr.sh: SDR Tests =============================== sdr.sh: Creating an SDR key/SDR Encrypt - Value 1 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.10397 -t "Test1" sdr.sh: #596: Creating SDR Key/Encrypt - Value 1 - PASSED sdr.sh: SDR Encrypt - Value 2 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.10397 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #597: Encrypt - Value 2 - PASSED sdr.sh: SDR Encrypt - Value 3 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.10397 -t "1234567" sdr.sh: #598: Encrypt - Value 3 - PASSED sdr.sh: SDR Decrypt - Value 1 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.10397 -t "Test1" sdr.sh: #599: Decrypt - Value 1 - PASSED sdr.sh: SDR Decrypt - Value 2 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.10397 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #600: Decrypt - Value 2 - PASSED sdr.sh: SDR Decrypt - Value 3 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.10397 -t "1234567" sdr.sh: #601: Decrypt - Value 3 - PASSED TIMESTAMP sdr END: Mon May 18 16:13:23 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Mon May 18 16:13:23 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #602: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #603: CMMF test . - PASSED TIMESTAMP crmf END: Mon May 18 16:13:25 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Mon May 18 16:13:25 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #604: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #605: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #606: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #607: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #608: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #609: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #610: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #611: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #612: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #613: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #614: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #615: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #616: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #617: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #618: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #619: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #620: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #621: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #622: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #623: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #624: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #625: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #626: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #627: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #628: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #629: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #630: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #631: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #632: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #633: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #634: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #635: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #636: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #637: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #638: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #639: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #640: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #641: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #642: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #643: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #644: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #645: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #646: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #647: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #648: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #649: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #650: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #651: Decrypt with a Multiple Email cert . - PASSED smime.sh: #652: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #653: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #654: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #655: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #656: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #657: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #658: Decode Encrypted-Data . - PASSED smime.sh: #659: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #660: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #661: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #662: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #663: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #664: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Mon May 18 16:13:53 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 16:13:53 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 16:13:53 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Mon May 18 16:13:53 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Mon May 18 16:13:53 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Mon May 18 16:13:53 EDT 2015 merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.10397 -t Test2 -f ../tests.pw merge.sh: #665: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw merge.sh: #666: Merging Dave - PASSED merge.sh: Merging in new user certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw merge.sh: #667: Merging server - PASSED merge.sh: Merging in new chain certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw merge.sh: #668: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #669: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #670: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:09:55 2015 Not After : Mon May 18 20:09:55 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:ee:5b:f8:82:b2:b1:31:19:40:4a:7f:ea:26:8f:2d: 5d:0c:dc:a7:dd:ef:32:77:07:65:c6:43:1c:95:5e:92: 03:42:0f:70:fe:c4:c1:ce:1d:29:72:a2:be:17:2f:98: 23:27:f5:a8:28:3d:f3:31:8e:42:3f:6c:f7:6d:c1:ca: 57:e5:fd:6d:d1:11:1c:68:2a:40:fa:aa:b5:46:f4:cd: bc:d4:51:af:ea:c7:6a:07:e2:87:dd:2f:47:c9:6b:79: bb:01:ee:d9:40:a6:0b:47:7a:bc:1b:6a:43:b9:a8:df: ef:43:16:aa:ca:26:f0:c3:a9:95:0f:08:70:0f:24:a7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bb:31:fa:55:09:64:39:d2:34:de:83:5f:7d:44:d0:12: ba:dc:f1:95:08:b8:bf:8a:83:c2:2a:74:5c:1b:d5:50: fb:8f:9f:46:6a:84:03:9e:a7:9c:87:2a:f9:bd:04:af: 18:04:f6:06:82:5e:c1:2e:66:8a:44:4e:22:91:7f:89: ae:8c:c6:e2:d7:b1:ee:ef:bc:99:e8:ef:37:9b:74:ba: d7:d9:38:11:96:c9:91:13:72:cb:bd:e3:ff:8d:c2:4a: 60:05:d9:f9:69:21:00:00:c0:3b:8c:7e:a2:1c:61:65: 04:f4:95:96:4e:d4:c7:7b:29:78:e5:21:3f:aa:98:0b Fingerprint (SHA-256): 43:B1:F4:56:CE:D8:E7:12:DE:AA:D6:8A:12:E5:A4:97:A3:B9:8C:7A:6F:AF:39:69:09:02:45:D0:D5:0E:B1:98 Fingerprint (SHA1): F9:96:C6:C2:E3:93:2D:E2:F5:BB:79:17:F9:9A:B0:04:72:5F:9B:ED Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #671: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:10:01 2015 Not After : Mon May 18 20:10:01 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:b0:b8:9f:45:6d:5e:cf:35:3e:7a:cd:78:a4:0e:9c: 77:84:f7:10:38:d1:0d:e5:12:24:98:3c:b8:a0:22:61: 8f:81:1a:ec:b8:76:d9:c8:a8:e2:3a:1f:94:8b:2d:36: 01:4f:ab:be:56:c1:5b:87:a8:c3:08:d5:24:9e:d2:a1: 59:1d:ae:93:d0:89:ff:40:85:4e:d0:67:75:da:90:23: 28:6a:ae:96:28:d7:8f:81:bd:3d:cc:8c:d1:b1:5c:ee: dc:07:75:d5:d0:5a:95:5c:33:1e:84:89:d3:89:4a:ca: 27:49:b9:05:f2:da:c5:0b:f4:70:51:b3:e8:4e:b8:43 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ac:00:6e:9d:4f:c7:31:4f:aa:57:f6:81:4b:bd:5e:bb: 0e:4e:e6:cd:9c:1b:81:f7:13:b5:c7:63:04:1e:e4:17: de:d1:62:1d:b8:ef:e3:78:49:12:3b:80:b4:84:9a:a3: 4f:c0:f8:85:38:2a:53:05:31:e3:d7:df:e6:02:5b:9f: 43:72:ad:12:db:76:02:35:7e:69:08:b2:0f:a3:a3:05: f3:a2:27:2c:7b:2c:b2:ae:40:94:60:27:28:6c:7c:b4: 72:a6:8a:fe:ee:a3:33:2b:9c:24:7f:12:35:2b:d2:ec: 64:15:d1:56:af:a5:d7:9e:d6:e7:ee:71:bf:85:a9:6f Fingerprint (SHA-256): EF:41:35:A1:E5:76:77:A1:DF:BD:23:4E:33:BF:5B:22:90:76:FE:55:7D:22:B5:89:0B:81:FA:5E:4E:36:02:2F Fingerprint (SHA1): 0D:17:F3:CC:3D:D1:FB:61:5A:EF:33:16:F9:31:43:4C:16:89:87:15 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #672: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw merge.sh: #673: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Alice u,u,u Alice-ec u,u,u Dave u,u,u Dave-ec ,, ExtendedSSLUser-ecmixed ,, chain-2-clientCA-ec ,, chain-2-clientCA ,, Alice #1 ,, Alice #100 ,, localhost.localdomain-ecmixed ,, Alice #99 ,, bob@bogus.com ,, eve@bogus.com ,, bob-ec@bogus.com ,, localhost.localdomain u,u,u localhost.localdomain-ec ,, localhost-sni.localdomain-ecmixed ,, clientCA T,C,C clientCA-ec T,C,C Alice #3 ,, TestCA CT,C,C TestCA-ec CT,C,C Alice-ecmixed u,u,u Dave-ecmixed ,, localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec ,, ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec ,, serverCA-ec C,C,C chain-1-clientCA ,, chain-1-clientCA-ec ,, Alice #2 ,, Alice #4 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.10397 -t Test2 -f ../tests.pw merge.sh: #674: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.10397 -t Test1 -f ../tests.pw merge.sh: #675: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #676: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #677: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #678: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Mon May 18 20:10:49 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Mon May 18 20:06:07 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Mon May 18 20:10:46 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #679: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Mon May 18 16:14:06 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Mon May 18 16:14:06 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Mon May 18 16:14:06 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Mon May 18 16:14:06 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #680: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161407 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #681: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #682: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #683: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #684: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #685: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #686: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #687: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #688: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #689: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #690: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #691: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #692: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #693: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #694: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #695: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #696: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #697: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #698: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #699: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #700: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #701: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #702: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #703: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #704: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #705: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #706: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #707: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #708: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #709: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #710: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #711: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #712: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #713: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #714: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #715: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #716: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #717: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #718: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #719: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #720: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #721: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #722: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #723: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #724: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #725: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #726: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #727: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #728: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #729: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #730: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #731: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #732: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #733: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #734: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #735: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #736: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #737: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #738: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #739: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #740: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #741: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #742: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518201457Z nextupdate=20160518201457Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 20:14:57 2015 Next Update: Wed May 18 20:14:57 2016 CRL Extensions: chains.sh: #743: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518201458Z addcert 2 20150518201458Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 20:14:58 2015 Next Update: Wed May 18 20:14:57 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:14:58 2015 CRL Extensions: chains.sh: #744: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518201458Z nextupdate=20160518201458Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:14:58 2015 Next Update: Wed May 18 20:14:58 2016 CRL Extensions: chains.sh: #745: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518201459Z addcert 2 20150518201459Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:14:59 2015 Next Update: Wed May 18 20:14:58 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:14:59 2015 CRL Extensions: chains.sh: #746: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518201500Z addcert 4 20150518201500Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:15:00 2015 Next Update: Wed May 18 20:14:58 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:14:59 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Mon May 18 20:15:00 2015 CRL Extensions: chains.sh: #747: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518201500Z nextupdate=20160518201500Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:15:00 2015 Next Update: Wed May 18 20:15:00 2016 CRL Extensions: chains.sh: #748: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518201501Z addcert 2 20150518201501Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:15:01 2015 Next Update: Wed May 18 20:15:00 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:15:01 2015 CRL Extensions: chains.sh: #749: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518201502Z addcert 3 20150518201502Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:15:02 2015 Next Update: Wed May 18 20:15:00 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:15:01 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 20:15:02 2015 CRL Extensions: chains.sh: #750: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518201503Z nextupdate=20160518201503Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:15:03 2015 Next Update: Wed May 18 20:15:03 2016 CRL Extensions: chains.sh: #751: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518201504Z addcert 2 20150518201504Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:15:04 2015 Next Update: Wed May 18 20:15:03 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:15:04 2015 CRL Extensions: chains.sh: #752: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518201505Z addcert 3 20150518201505Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:15:05 2015 Next Update: Wed May 18 20:15:03 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:15:04 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 20:15:05 2015 CRL Extensions: chains.sh: #753: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #754: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #755: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #756: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #757: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #758: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #759: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #760: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #761: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #762: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #763: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #764: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #765: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #766: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #767: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #768: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #769: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #770: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #771: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #772: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #773: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #774: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #775: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #776: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #777: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Mon May 18 16:15:19 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:15:19 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:15:24 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #778: Waiting for Server - FAILED kill -0 19855 >/dev/null 2>/dev/null httpserv with PID 19855 found at Mon May 18 16:15:25 EDT 2015 httpserv with PID 19855 started at Mon May 18 16:15:25 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9568 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #779: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 19855 at Mon May 18 16:15:26 EDT 2015 kill -USR1 19855 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 19855 killed at Mon May 18 16:15:27 EDT 2015 httpserv starting at Mon May 18 16:15:27 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:15:27 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:15:32 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #780: Waiting for Server - FAILED kill -0 19940 >/dev/null 2>/dev/null httpserv with PID 19940 found at Mon May 18 16:15:33 EDT 2015 httpserv with PID 19940 started at Mon May 18 16:15:33 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9568 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #781: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 19940 at Mon May 18 16:15:34 EDT 2015 kill -USR1 19940 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 19940 killed at Mon May 18 16:15:35 EDT 2015 httpserv starting at Mon May 18 16:15:35 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:15:35 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:15:40 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #782: Waiting for Server - FAILED kill -0 20031 >/dev/null 2>/dev/null httpserv with PID 20031 found at Mon May 18 16:15:40 EDT 2015 httpserv with PID 20031 started at Mon May 18 16:15:41 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #783: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161408 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #784: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #785: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #786: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161409 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #787: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #788: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #789: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #790: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161410 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #791: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #792: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161411 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #793: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #794: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #795: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #796: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #797: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518161412 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #798: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #799: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #800: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #801: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #802: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161409 (0x1ee28401) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:15:46 2015 Not After : Mon May 18 20:15:46 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:83:18:7c:9d:7f:c9:bf:c0:37:d0:13:e4:8a:e0:c5: 89:ee:c5:bb:7a:37:e2:0c:3b:df:20:73:34:88:6c:09: cc:80:82:24:05:ff:42:00:b2:50:22:de:38:ee:8b:e5: 69:24:1b:f3:31:8d:3e:2d:b8:18:3b:c3:8e:79:2b:2b: 70:68:b9:66:97:02:27:92:12:a4:a0:63:43:64:92:56: 01:dc:d9:0d:e0:6f:44:07:b7:b3:bf:00:47:c9:11:28: d0:1c:28:17:ff:84:49:53:9d:a1:df:c2:87:82:5f:fd: a0:15:d1:3a:d9:a5:56:ab:4c:3e:fe:26:13:01:5a:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ad:fa:8b:0b:36:64:82:ed:6f:00:37:d1:d2:35:9e:b5: 79:1e:cd:92:36:6a:86:6b:19:89:3f:d3:dd:9a:4b:87: fe:ab:36:bf:ff:62:66:77:58:6e:71:c6:64:53:dd:c3: ea:c1:17:68:1b:b2:74:07:e9:e2:23:af:c5:e5:bd:98: a1:32:58:ed:c4:ea:a2:22:d8:fd:89:c7:a4:16:b7:14: f1:f6:e6:57:82:ed:8c:ab:94:f9:8e:0a:5c:0e:c9:9c: 61:f6:fd:73:d3:9d:39:09:14:ee:c8:76:9c:2c:c3:0e: 75:e7:c9:4f:bd:e5:cd:5d:16:d5:fe:01:27:8c:43:49 Fingerprint (SHA-256): AB:B2:9F:E2:68:15:1E:65:10:2C:EA:7E:1D:58:7A:3C:DC:D1:9E:DB:06:93:98:02:B1:95:C0:C8:AD:BC:33:7F Fingerprint (SHA1): FB:C8:A8:6E:D2:3A:CA:A2:A0:3A:12:CF:08:6F:FA:1E:43:56:26:F5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #803: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161408 (0x1ee28400) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:15:43 2015 Not After : Mon May 18 20:15:43 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:8d:58:0e:fa:5d:6f:4c:10:74:0e:b7:e2:81:f7:6f: f4:8b:12:f8:26:4a:4a:3d:0b:bd:c9:77:c9:ba:5a:fb: 23:ba:e2:ca:60:39:94:3f:f0:68:98:5c:b7:a1:0c:c5: 9b:3f:6e:a9:ef:8a:76:cd:a1:df:38:0a:0f:a1:9a:8d: db:79:f2:ff:be:22:1e:0a:35:cf:fd:34:81:d7:d3:a1: 67:b4:61:13:28:90:60:5e:48:d8:d4:a9:67:ae:0b:69: 08:5f:0b:b7:25:5b:ae:2d:a4:42:b3:6d:fc:e0:63:79: 69:aa:23:dd:80:fd:42:e5:d5:50:53:cd:a2:35:68:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:e6:10:30:c9:e7:2f:9e:30:63:e0:cc:38:3e:6f:e9: 2e:db:af:d5:31:de:cb:7f:4c:20:85:c3:d7:5e:68:fa: 49:60:76:14:4a:5d:6c:15:ac:ab:96:d2:9c:7d:70:d3: d9:15:b8:24:f7:b7:94:9b:93:a2:23:9e:75:3d:ee:15: fd:16:e6:fe:1b:e9:4c:78:ca:c5:7c:7e:3e:a6:df:b2: df:36:09:54:bd:d7:59:81:61:8e:d7:4f:09:56:9e:59: 94:fb:18:9f:e5:8d:5c:d5:29:48:f4:4f:cb:cd:8f:9f: 0d:52:20:90:7d:ab:80:75:d4:17:fa:fb:e0:b3:53:f7 Fingerprint (SHA-256): 86:C8:79:D5:B5:C6:CE:36:18:B8:33:C6:E2:16:3C:DE:CC:83:A4:D4:12:57:77:A0:AB:6D:DB:8D:0D:01:5E:0F Fingerprint (SHA1): 68:B6:15:99:FE:B5:FE:B4:8C:9C:20:94:2E:4A:0B:83:FE:25:D4:41 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #804: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #805: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #806: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #807: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161408 (0x1ee28400) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:15:43 2015 Not After : Mon May 18 20:15:43 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:8d:58:0e:fa:5d:6f:4c:10:74:0e:b7:e2:81:f7:6f: f4:8b:12:f8:26:4a:4a:3d:0b:bd:c9:77:c9:ba:5a:fb: 23:ba:e2:ca:60:39:94:3f:f0:68:98:5c:b7:a1:0c:c5: 9b:3f:6e:a9:ef:8a:76:cd:a1:df:38:0a:0f:a1:9a:8d: db:79:f2:ff:be:22:1e:0a:35:cf:fd:34:81:d7:d3:a1: 67:b4:61:13:28:90:60:5e:48:d8:d4:a9:67:ae:0b:69: 08:5f:0b:b7:25:5b:ae:2d:a4:42:b3:6d:fc:e0:63:79: 69:aa:23:dd:80:fd:42:e5:d5:50:53:cd:a2:35:68:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:e6:10:30:c9:e7:2f:9e:30:63:e0:cc:38:3e:6f:e9: 2e:db:af:d5:31:de:cb:7f:4c:20:85:c3:d7:5e:68:fa: 49:60:76:14:4a:5d:6c:15:ac:ab:96:d2:9c:7d:70:d3: d9:15:b8:24:f7:b7:94:9b:93:a2:23:9e:75:3d:ee:15: fd:16:e6:fe:1b:e9:4c:78:ca:c5:7c:7e:3e:a6:df:b2: df:36:09:54:bd:d7:59:81:61:8e:d7:4f:09:56:9e:59: 94:fb:18:9f:e5:8d:5c:d5:29:48:f4:4f:cb:cd:8f:9f: 0d:52:20:90:7d:ab:80:75:d4:17:fa:fb:e0:b3:53:f7 Fingerprint (SHA-256): 86:C8:79:D5:B5:C6:CE:36:18:B8:33:C6:E2:16:3C:DE:CC:83:A4:D4:12:57:77:A0:AB:6D:DB:8D:0D:01:5E:0F Fingerprint (SHA1): 68:B6:15:99:FE:B5:FE:B4:8C:9C:20:94:2E:4A:0B:83:FE:25:D4:41 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #808: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161409 (0x1ee28401) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:15:46 2015 Not After : Mon May 18 20:15:46 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:83:18:7c:9d:7f:c9:bf:c0:37:d0:13:e4:8a:e0:c5: 89:ee:c5:bb:7a:37:e2:0c:3b:df:20:73:34:88:6c:09: cc:80:82:24:05:ff:42:00:b2:50:22:de:38:ee:8b:e5: 69:24:1b:f3:31:8d:3e:2d:b8:18:3b:c3:8e:79:2b:2b: 70:68:b9:66:97:02:27:92:12:a4:a0:63:43:64:92:56: 01:dc:d9:0d:e0:6f:44:07:b7:b3:bf:00:47:c9:11:28: d0:1c:28:17:ff:84:49:53:9d:a1:df:c2:87:82:5f:fd: a0:15:d1:3a:d9:a5:56:ab:4c:3e:fe:26:13:01:5a:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ad:fa:8b:0b:36:64:82:ed:6f:00:37:d1:d2:35:9e:b5: 79:1e:cd:92:36:6a:86:6b:19:89:3f:d3:dd:9a:4b:87: fe:ab:36:bf:ff:62:66:77:58:6e:71:c6:64:53:dd:c3: ea:c1:17:68:1b:b2:74:07:e9:e2:23:af:c5:e5:bd:98: a1:32:58:ed:c4:ea:a2:22:d8:fd:89:c7:a4:16:b7:14: f1:f6:e6:57:82:ed:8c:ab:94:f9:8e:0a:5c:0e:c9:9c: 61:f6:fd:73:d3:9d:39:09:14:ee:c8:76:9c:2c:c3:0e: 75:e7:c9:4f:bd:e5:cd:5d:16:d5:fe:01:27:8c:43:49 Fingerprint (SHA-256): AB:B2:9F:E2:68:15:1E:65:10:2C:EA:7E:1D:58:7A:3C:DC:D1:9E:DB:06:93:98:02:B1:95:C0:C8:AD:BC:33:7F Fingerprint (SHA1): FB:C8:A8:6E:D2:3A:CA:A2:A0:3A:12:CF:08:6F:FA:1E:43:56:26:F5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #809: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #810: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #811: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #812: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #813: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #814: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161409 (0x1ee28401) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:15:46 2015 Not After : Mon May 18 20:15:46 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:83:18:7c:9d:7f:c9:bf:c0:37:d0:13:e4:8a:e0:c5: 89:ee:c5:bb:7a:37:e2:0c:3b:df:20:73:34:88:6c:09: cc:80:82:24:05:ff:42:00:b2:50:22:de:38:ee:8b:e5: 69:24:1b:f3:31:8d:3e:2d:b8:18:3b:c3:8e:79:2b:2b: 70:68:b9:66:97:02:27:92:12:a4:a0:63:43:64:92:56: 01:dc:d9:0d:e0:6f:44:07:b7:b3:bf:00:47:c9:11:28: d0:1c:28:17:ff:84:49:53:9d:a1:df:c2:87:82:5f:fd: a0:15:d1:3a:d9:a5:56:ab:4c:3e:fe:26:13:01:5a:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ad:fa:8b:0b:36:64:82:ed:6f:00:37:d1:d2:35:9e:b5: 79:1e:cd:92:36:6a:86:6b:19:89:3f:d3:dd:9a:4b:87: fe:ab:36:bf:ff:62:66:77:58:6e:71:c6:64:53:dd:c3: ea:c1:17:68:1b:b2:74:07:e9:e2:23:af:c5:e5:bd:98: a1:32:58:ed:c4:ea:a2:22:d8:fd:89:c7:a4:16:b7:14: f1:f6:e6:57:82:ed:8c:ab:94:f9:8e:0a:5c:0e:c9:9c: 61:f6:fd:73:d3:9d:39:09:14:ee:c8:76:9c:2c:c3:0e: 75:e7:c9:4f:bd:e5:cd:5d:16:d5:fe:01:27:8c:43:49 Fingerprint (SHA-256): AB:B2:9F:E2:68:15:1E:65:10:2C:EA:7E:1D:58:7A:3C:DC:D1:9E:DB:06:93:98:02:B1:95:C0:C8:AD:BC:33:7F Fingerprint (SHA1): FB:C8:A8:6E:D2:3A:CA:A2:A0:3A:12:CF:08:6F:FA:1E:43:56:26:F5 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #815: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161409 (0x1ee28401) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:15:46 2015 Not After : Mon May 18 20:15:46 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:83:18:7c:9d:7f:c9:bf:c0:37:d0:13:e4:8a:e0:c5: 89:ee:c5:bb:7a:37:e2:0c:3b:df:20:73:34:88:6c:09: cc:80:82:24:05:ff:42:00:b2:50:22:de:38:ee:8b:e5: 69:24:1b:f3:31:8d:3e:2d:b8:18:3b:c3:8e:79:2b:2b: 70:68:b9:66:97:02:27:92:12:a4:a0:63:43:64:92:56: 01:dc:d9:0d:e0:6f:44:07:b7:b3:bf:00:47:c9:11:28: d0:1c:28:17:ff:84:49:53:9d:a1:df:c2:87:82:5f:fd: a0:15:d1:3a:d9:a5:56:ab:4c:3e:fe:26:13:01:5a:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ad:fa:8b:0b:36:64:82:ed:6f:00:37:d1:d2:35:9e:b5: 79:1e:cd:92:36:6a:86:6b:19:89:3f:d3:dd:9a:4b:87: fe:ab:36:bf:ff:62:66:77:58:6e:71:c6:64:53:dd:c3: ea:c1:17:68:1b:b2:74:07:e9:e2:23:af:c5:e5:bd:98: a1:32:58:ed:c4:ea:a2:22:d8:fd:89:c7:a4:16:b7:14: f1:f6:e6:57:82:ed:8c:ab:94:f9:8e:0a:5c:0e:c9:9c: 61:f6:fd:73:d3:9d:39:09:14:ee:c8:76:9c:2c:c3:0e: 75:e7:c9:4f:bd:e5:cd:5d:16:d5:fe:01:27:8c:43:49 Fingerprint (SHA-256): AB:B2:9F:E2:68:15:1E:65:10:2C:EA:7E:1D:58:7A:3C:DC:D1:9E:DB:06:93:98:02:B1:95:C0:C8:AD:BC:33:7F Fingerprint (SHA1): FB:C8:A8:6E:D2:3A:CA:A2:A0:3A:12:CF:08:6F:FA:1E:43:56:26:F5 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #816: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #817: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #818: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #819: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #820: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #821: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161408 (0x1ee28400) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:15:43 2015 Not After : Mon May 18 20:15:43 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:8d:58:0e:fa:5d:6f:4c:10:74:0e:b7:e2:81:f7:6f: f4:8b:12:f8:26:4a:4a:3d:0b:bd:c9:77:c9:ba:5a:fb: 23:ba:e2:ca:60:39:94:3f:f0:68:98:5c:b7:a1:0c:c5: 9b:3f:6e:a9:ef:8a:76:cd:a1:df:38:0a:0f:a1:9a:8d: db:79:f2:ff:be:22:1e:0a:35:cf:fd:34:81:d7:d3:a1: 67:b4:61:13:28:90:60:5e:48:d8:d4:a9:67:ae:0b:69: 08:5f:0b:b7:25:5b:ae:2d:a4:42:b3:6d:fc:e0:63:79: 69:aa:23:dd:80:fd:42:e5:d5:50:53:cd:a2:35:68:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:e6:10:30:c9:e7:2f:9e:30:63:e0:cc:38:3e:6f:e9: 2e:db:af:d5:31:de:cb:7f:4c:20:85:c3:d7:5e:68:fa: 49:60:76:14:4a:5d:6c:15:ac:ab:96:d2:9c:7d:70:d3: d9:15:b8:24:f7:b7:94:9b:93:a2:23:9e:75:3d:ee:15: fd:16:e6:fe:1b:e9:4c:78:ca:c5:7c:7e:3e:a6:df:b2: df:36:09:54:bd:d7:59:81:61:8e:d7:4f:09:56:9e:59: 94:fb:18:9f:e5:8d:5c:d5:29:48:f4:4f:cb:cd:8f:9f: 0d:52:20:90:7d:ab:80:75:d4:17:fa:fb:e0:b3:53:f7 Fingerprint (SHA-256): 86:C8:79:D5:B5:C6:CE:36:18:B8:33:C6:E2:16:3C:DE:CC:83:A4:D4:12:57:77:A0:AB:6D:DB:8D:0D:01:5E:0F Fingerprint (SHA1): 68:B6:15:99:FE:B5:FE:B4:8C:9C:20:94:2E:4A:0B:83:FE:25:D4:41 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #822: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161408 (0x1ee28400) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:15:43 2015 Not After : Mon May 18 20:15:43 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:8d:58:0e:fa:5d:6f:4c:10:74:0e:b7:e2:81:f7:6f: f4:8b:12:f8:26:4a:4a:3d:0b:bd:c9:77:c9:ba:5a:fb: 23:ba:e2:ca:60:39:94:3f:f0:68:98:5c:b7:a1:0c:c5: 9b:3f:6e:a9:ef:8a:76:cd:a1:df:38:0a:0f:a1:9a:8d: db:79:f2:ff:be:22:1e:0a:35:cf:fd:34:81:d7:d3:a1: 67:b4:61:13:28:90:60:5e:48:d8:d4:a9:67:ae:0b:69: 08:5f:0b:b7:25:5b:ae:2d:a4:42:b3:6d:fc:e0:63:79: 69:aa:23:dd:80:fd:42:e5:d5:50:53:cd:a2:35:68:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:e6:10:30:c9:e7:2f:9e:30:63:e0:cc:38:3e:6f:e9: 2e:db:af:d5:31:de:cb:7f:4c:20:85:c3:d7:5e:68:fa: 49:60:76:14:4a:5d:6c:15:ac:ab:96:d2:9c:7d:70:d3: d9:15:b8:24:f7:b7:94:9b:93:a2:23:9e:75:3d:ee:15: fd:16:e6:fe:1b:e9:4c:78:ca:c5:7c:7e:3e:a6:df:b2: df:36:09:54:bd:d7:59:81:61:8e:d7:4f:09:56:9e:59: 94:fb:18:9f:e5:8d:5c:d5:29:48:f4:4f:cb:cd:8f:9f: 0d:52:20:90:7d:ab:80:75:d4:17:fa:fb:e0:b3:53:f7 Fingerprint (SHA-256): 86:C8:79:D5:B5:C6:CE:36:18:B8:33:C6:E2:16:3C:DE:CC:83:A4:D4:12:57:77:A0:AB:6D:DB:8D:0D:01:5E:0F Fingerprint (SHA1): 68:B6:15:99:FE:B5:FE:B4:8C:9C:20:94:2E:4A:0B:83:FE:25:D4:41 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #823: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #824: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161413 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #825: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #826: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #827: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161414 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #828: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #829: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #830: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161415 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #831: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #832: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #833: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161416 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #834: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #835: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #836: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161417 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #837: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #838: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #839: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161418 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #840: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #841: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #842: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161419 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #843: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #844: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #845: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161420 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #846: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #847: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #848: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161421 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #849: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #850: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #851: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #852: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518161422 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #853: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #854: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518161423 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #855: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #856: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518161424 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #857: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #858: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #859: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #860: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #861: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518161425 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #862: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #863: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518161426 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #864: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #865: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518161427 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #866: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #867: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #868: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #869: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #870: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518161428 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #871: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #872: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518161429 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #873: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #874: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518161430 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #875: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #876: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #877: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #878: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #879: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518161431 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #880: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #881: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518161432 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #882: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #883: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518161433 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #884: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #885: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #886: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #887: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #888: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518161434 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #889: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #890: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #891: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #892: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161435 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #893: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #894: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161413 (0x1ee28405) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 20:16:10 2015 Not After : Mon May 18 20:16:10 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:cc:e5:6d:d7:20:2e:58:de:52:22:c1:13:de:f6:0f: 5d:a3:29:5e:4c:b1:1a:e3:84:d2:ca:fe:0c:d6:60:70: ea:15:d9:03:6c:0a:c2:23:6b:c6:7f:45:9b:ba:f1:70: be:a3:c3:5b:b3:b1:5d:6d:75:8b:03:5d:94:ca:75:ae: 35:e1:08:de:8e:e6:3c:c7:a2:ae:eb:56:6a:70:0a:ff: 17:0e:06:96:1c:69:19:4d:d2:04:ac:2c:65:e3:4d:28: cf:f6:39:13:6c:a9:6b:19:55:85:ec:ac:7c:fa:21:82: 43:87:02:f0:1e:95:be:99:17:4b:0c:df:5a:25:22:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:e1:f2:9f:f3:b2:19:1d:17:0e:d2:b7:7b:4a:9f:d3: fd:8c:55:c7:56:a4:e8:34:e1:f3:18:6b:6f:99:ea:e5: a9:06:6c:2e:14:0c:1c:d5:23:af:4c:56:47:82:4e:ec: 14:3f:34:08:31:4b:f3:f3:3b:f5:bd:cd:9e:53:a3:73: 4c:ea:d5:2a:a8:87:a3:85:3c:ba:04:d5:55:e9:76:53: 06:6d:95:ea:50:12:11:12:ca:59:f2:5b:7f:f7:9f:24: 8f:8d:40:b4:06:b6:09:f2:f3:c0:0f:80:26:30:0b:70: d4:06:b8:e3:6f:5a:12:2b:37:d5:ed:b3:de:d8:da:9d Fingerprint (SHA-256): F4:DF:45:8D:DF:89:5C:F8:66:6F:BD:1A:ED:27:96:A8:4A:2D:02:B8:6F:96:A7:C2:B3:6C:B2:10:04:AF:88:A5 Fingerprint (SHA1): CC:01:6A:2B:2E:28:FF:D2:B6:D7:26:F5:15:EC:C4:AF:A7:96:5F:32 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #895: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161414 (0x1ee28406) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 20:16:15 2015 Not After : Mon May 18 20:16:15 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:16:5d:3b:1d:be:f2:62:be:d1:c4:3c:ab:70:2a:3f: 5d:e1:66:97:0b:d2:ac:ad:6e:95:3e:2e:ae:96:bf:5b: a5:2e:ea:81:09:c8:31:a4:c6:28:98:80:45:2d:88:73: ca:28:0e:cd:d2:b6:db:37:8f:e0:c1:76:e0:f6:03:75: db:6a:af:d4:43:f0:ce:c1:69:aa:aa:a1:a0:1c:36:d4: ee:c9:d7:b4:3a:5f:e0:fc:c6:88:cf:1c:6f:41:4c:fc: f3:8e:48:ca:89:1b:d2:8e:75:fa:80:98:8b:d9:e2:c9: 60:58:7f:bd:22:17:14:9f:af:36:2c:06:6c:c3:0d:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 45:56:26:63:8f:a9:a6:4b:0e:53:d0:7e:86:e2:04:0e: f5:ac:e9:72:8e:50:4b:b3:86:e0:7b:21:60:62:49:e1: d7:99:a5:17:03:ff:40:fe:82:57:46:2c:da:7d:3c:3f: a2:d2:62:8e:52:83:a8:69:aa:1d:a1:b0:f4:b3:a3:81: 17:90:7a:05:14:09:c5:1c:bf:42:1f:98:e4:91:c4:c0: 8f:d5:46:a2:1f:a9:7d:d9:ca:94:87:bc:df:b5:a7:b5: 08:c8:fe:c6:f7:1e:31:42:27:9e:9e:de:a6:b3:c3:94: 8a:91:4a:05:3a:ae:42:5f:ad:96:ff:ba:19:10:e3:56 Fingerprint (SHA-256): 74:80:90:90:21:6E:87:E4:9E:2E:30:FC:E0:F1:A4:3F:CC:08:1E:3B:D6:80:98:52:D7:F2:B9:7F:45:7E:7C:0A Fingerprint (SHA1): 1B:1E:BC:77:1C:11:E4:37:50:CA:85:8F:67:9A:2B:FE:AC:6B:60:90 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #896: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161415 (0x1ee28407) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 20:16:17 2015 Not After : Mon May 18 20:16:17 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:f8:e7:14:8e:b7:ac:e8:33:ef:ff:29:a7:16:5b:6e: 79:f9:d5:62:3f:73:ce:aa:13:ba:2e:3d:70:05:28:f4: 22:08:1e:4e:f5:02:c4:96:b9:05:06:f1:93:3f:a2:09: b5:a5:d8:92:fb:47:2e:b7:9b:56:3a:ee:27:3d:8c:db: f8:72:1d:bb:c4:e3:4a:c1:36:e6:90:f6:d9:5b:95:d4: 43:24:f1:25:f7:18:2b:03:6a:c3:89:c8:2c:23:5f:05: e5:a8:3a:e8:1f:9e:d4:d4:17:17:25:1b:6c:43:de:ad: c0:2d:d2:16:82:65:bc:f7:95:5d:da:43:22:ec:1a:ef Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:0f:0a:26:15:50:12:6f:a6:99:d0:f4:20:34:ab:be: ad:ed:20:33:43:c0:4a:d1:41:b6:bb:3c:84:9c:ee:e8: c5:bb:95:26:d4:fc:fb:0c:4f:22:83:59:b0:47:64:2c: 31:ba:44:54:fb:b7:f3:4b:d8:5f:12:41:0b:70:7b:97: 83:3a:b0:51:14:c5:01:da:e3:4f:9d:35:c3:fe:ba:39: c6:70:8c:94:9c:5b:aa:0d:19:28:e4:48:81:ae:ee:e8: 76:f7:6b:6d:95:f7:c2:16:b0:f2:0b:b4:3c:3f:6d:e8: 82:ad:2b:ce:40:cf:9f:67:08:e2:8a:e3:71:11:8f:74 Fingerprint (SHA-256): EE:B1:47:F9:8A:4E:FB:46:1F:F3:E2:2B:C3:76:22:90:A7:CF:E5:13:86:10:49:D8:78:CE:5D:0C:CB:3C:44:23 Fingerprint (SHA1): 5B:D3:DD:E5:9E:B5:B1:9C:AA:38:23:7A:4D:45:C2:21:0C:36:9B:57 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #897: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161416 (0x1ee28408) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 20:16:21 2015 Not After : Mon May 18 20:16:21 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:4c:c0:04:28:69:d9:75:b9:c1:2e:78:0d:ca:9d:dc: c0:98:95:81:ad:83:d6:84:d6:ab:91:22:00:c3:fc:3f: a5:a7:5b:1e:e9:be:c1:23:f0:a4:99:f7:b3:67:f4:38: 43:e3:3d:ed:56:43:9e:8e:1d:e3:72:4f:a5:60:24:29: 6e:66:d9:ef:10:3e:ed:b8:44:62:21:db:6e:3e:7c:2f: 12:d5:0a:f7:24:76:58:03:91:9b:72:e3:d3:85:6a:d1: aa:0f:8f:47:d8:20:37:99:99:01:5d:f2:6c:62:38:7a: b0:b3:30:8a:cd:e9:66:6a:15:11:44:91:33:22:a4:b1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:54:9a:0a:ba:73:cf:10:92:a5:17:1a:dd:5f:49:61: 13:61:6b:84:a5:24:ab:6e:19:8f:17:ef:bb:92:5a:84: bc:75:43:8a:6c:b3:b6:f8:b2:1b:2a:6c:8c:37:9a:67: 81:20:2a:c5:18:57:53:c5:65:58:e1:ed:bd:6e:85:cc: c1:13:b8:f8:a9:ca:f6:40:b9:0d:32:da:2d:e1:6f:9d: bd:b2:f8:63:80:27:93:c0:a1:0a:d6:f2:39:14:5b:79: da:86:c3:67:e7:26:04:d8:75:1e:a4:cd:02:2e:ef:b7: a1:7a:4b:a5:ea:5d:b5:da:5d:99:4a:9d:1e:bd:f7:b0 Fingerprint (SHA-256): ED:D8:23:40:96:10:CC:8C:E2:2E:0B:91:02:FE:5C:F6:93:44:18:21:DE:57:C4:EE:87:56:20:24:22:B0:16:2F Fingerprint (SHA1): AF:AD:E7:C3:69:BC:9C:6F:A7:22:3A:78:93:1B:79:C9:37:EE:C4:98 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #898: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161417 (0x1ee28409) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 20:16:23 2015 Not After : Mon May 18 20:16:23 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:12:62:7a:da:a2:ae:fb:67:99:23:65:34:9a:ec:96: 39:93:93:26:e8:73:bb:7e:03:ef:53:e3:89:00:19:45: 4e:65:8d:68:9f:53:71:ee:96:f0:f8:b0:b7:10:da:7a: 2f:70:cf:0b:82:fa:58:86:80:b6:42:9f:6a:b9:5d:29: e0:7e:01:77:3c:c4:e4:0b:cf:73:e9:a5:40:ac:56:09: 9a:f8:ab:3f:84:94:85:66:75:f9:78:ba:f2:5e:fb:b2: b2:0b:71:93:bb:f1:a7:41:a1:7b:09:d3:1d:41:6b:b6: 6f:28:34:6d:ca:40:93:84:83:80:41:a8:19:74:83:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b7:c4:40:e1:a3:6d:c6:93:54:c8:b9:47:1c:41:37:d6: cb:e5:bb:53:6c:3b:5a:45:75:1d:a8:a7:6f:14:6f:72: 35:a1:94:a5:5b:f4:5d:37:7e:55:05:c4:9e:21:55:43: dc:26:b4:ea:8b:28:a7:68:df:6e:00:2e:be:32:4e:18: f2:4b:87:80:fd:0b:8a:2e:df:09:a2:14:6a:4c:1a:85: 99:c2:94:45:17:94:bf:b6:c2:07:ba:f5:77:d7:b7:59: d4:19:0e:99:d1:e2:fc:73:39:14:88:62:ed:69:bd:19: 2f:14:00:64:63:a7:d8:76:d6:97:50:55:b7:41:de:13 Fingerprint (SHA-256): D0:12:57:89:67:38:D8:B9:68:FE:71:1D:79:A3:89:25:5F:4E:76:AD:8A:E5:F4:DA:64:1B:A2:89:73:1D:ED:2D Fingerprint (SHA1): 86:3F:09:3C:DB:51:6E:AD:CB:AD:44:0D:C0:5F:E2:94:AC:25:20:A7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #899: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161418 (0x1ee2840a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 20:16:25 2015 Not After : Mon May 18 20:16:25 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:a0:66:82:54:9d:d6:80:f7:bd:26:87:54:61:89:2c: d4:1d:22:81:28:11:ea:34:51:5e:b7:84:fb:d0:7d:51: de:2b:a0:4f:b9:08:e5:ad:a7:c2:6f:b0:99:8c:ae:44: 39:7b:b2:1d:e8:d2:c3:d6:36:1f:2f:12:da:27:70:c5: 34:eb:88:ca:19:4f:3d:ce:e6:b0:d3:4c:9c:46:71:0c: a4:3a:52:76:d2:86:36:03:02:90:95:1e:40:45:38:36: 53:d5:0e:d0:af:8c:1a:61:b1:a1:ae:ab:8e:d4:12:a6: b8:42:f0:ff:b1:15:b4:50:0c:f5:e0:9e:09:dc:b4:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:ba:63:b9:e2:73:3d:8e:19:b0:1b:f0:fb:b2:e9:1c: b2:fb:4a:76:d4:88:d1:e5:db:0a:ba:c4:0e:22:b2:e5: c7:c1:28:6d:03:f7:85:ff:fc:3b:1b:25:29:3b:2f:1d: ae:a1:a8:de:d5:40:5e:02:7e:9d:97:fd:6e:11:00:7d: a0:3e:c9:0a:25:74:7e:8a:f1:48:b9:68:07:e5:e8:07: 40:8d:5b:9b:3e:01:df:cb:92:d6:1d:20:5f:82:5a:0c: 55:21:d2:5d:3b:26:71:97:94:b4:9e:5f:6c:e0:b7:f7: 12:6a:37:5c:d9:0e:ec:47:02:bf:06:e1:b3:0e:eb:30 Fingerprint (SHA-256): A5:24:D9:A9:3F:DF:B0:F1:38:42:96:4F:E9:02:BA:62:94:F7:EE:99:37:82:AA:AE:30:A1:C2:74:21:4B:58:1D Fingerprint (SHA1): 71:0D:9F:25:C8:DE:42:63:08:37:1A:5B:9B:C8:DB:F6:E1:CE:86:D4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #900: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161419 (0x1ee2840b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 20:16:28 2015 Not After : Mon May 18 20:16:28 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 94:cb:d3:73:2f:21:5f:f6:0f:9a:52:e1:59:6f:87:e7: f7:91:07:b3:73:f2:fa:f2:48:cc:f3:33:f3:47:b0:c5: 33:4b:44:8b:a8:23:28:f0:e0:5f:36:a1:d3:b7:02:61: 40:88:d1:d0:de:e7:53:b3:fc:65:f2:ad:4e:72:86:37: 58:df:64:5e:cf:7d:9f:33:0e:ea:eb:f0:2b:ad:eb:cb: 90:f9:5f:47:06:d5:2c:45:27:fe:40:ff:69:c4:79:82: 55:06:29:1c:70:1b:f8:3a:c0:49:8c:4a:b3:84:4d:6c: ea:51:48:89:e1:6e:42:16:d1:cf:f5:57:f3:7b:ab:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1a:47:8a:55:d8:85:e7:a7:57:8d:48:68:55:c6:73:1e: 64:34:bd:41:a4:62:14:7f:51:cd:86:c2:11:f7:63:6d: ae:df:08:54:00:29:d5:6b:36:7d:11:4a:31:4d:05:57: 41:fd:13:73:ed:e2:e2:12:d1:ab:bc:7e:79:5c:08:58: c9:64:3a:d1:8f:ed:e2:7e:2f:ab:df:ef:6c:8a:e4:d6: ba:46:4a:e3:1c:45:6f:7a:b1:12:f7:dd:0d:4d:6f:f6: 84:5f:51:a3:20:17:cf:db:fa:ad:27:7c:df:eb:3a:18: d6:31:c6:62:e9:47:55:f0:da:1b:d3:04:c1:8f:11:8e Fingerprint (SHA-256): F2:3B:29:09:D7:4A:0B:58:E3:99:8A:67:0E:DA:BF:55:A5:6A:9D:A7:69:53:EB:77:99:4F:C8:E0:58:23:4D:AE Fingerprint (SHA1): 95:59:C4:18:CA:DC:DD:47:C8:AC:12:26:F2:DC:E3:72:AA:E6:54:E6 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #901: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161420 (0x1ee2840c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 20:16:30 2015 Not After : Mon May 18 20:16:30 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:f1:e6:6c:f0:a7:d4:55:0b:d2:9f:42:17:84:0f:c3: 6c:11:55:d5:4b:bc:62:3b:8a:ae:4b:55:41:a5:af:14: db:e4:d6:2c:fe:51:55:e1:f7:55:78:5c:d5:75:77:a1: 7d:cd:7d:69:3e:5e:5d:ef:86:3e:da:08:2b:7e:86:69: b2:a7:01:e7:9d:bd:f9:15:93:7e:28:e0:2d:9d:e0:39: d4:2c:49:d4:f7:15:ef:b9:13:c4:4c:68:e9:11:00:ae: 32:04:86:98:94:0f:ba:1f:0d:ce:00:94:47:f1:c9:0d: 08:af:aa:58:fa:95:19:7d:06:57:e0:72:4b:bf:2a:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:de:5f:cf:db:f8:e8:5c:bb:07:9d:cf:e0:4c:dd:e3: ca:63:3d:19:58:8c:c5:3a:25:24:62:28:4c:8a:eb:c9: 70:48:01:f8:cd:10:24:49:82:8f:11:b6:92:3c:cd:bd: 18:24:d9:43:67:f5:a9:f3:fa:f7:7e:25:bb:67:de:cc: 84:26:ae:01:0f:2a:85:4b:b6:a4:22:44:0f:38:8e:70: 0d:5e:59:a4:2c:ee:1c:e1:c2:23:b5:18:e6:9b:46:09: 08:49:5b:54:9b:56:4e:29:7a:66:9a:c7:77:33:1c:b3: 53:5a:78:d7:b4:74:71:c8:d7:69:97:d0:ed:1e:95:c5 Fingerprint (SHA-256): 33:5D:1C:3A:7F:0D:F0:58:8F:D7:BC:F3:38:18:2F:18:D4:B9:9F:AC:08:CA:DD:E0:73:3D:44:8B:4A:9A:84:4E Fingerprint (SHA1): C6:C8:6D:E6:22:D4:AB:D8:47:B1:6F:3A:EA:FC:5F:8E:FB:19:B4:DF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #902: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161421 (0x1ee2840d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 20:16:33 2015 Not After : Mon May 18 20:16:33 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:c5:c9:2f:37:c9:21:45:e8:88:29:07:4e:43:aa:1b: c2:6f:84:a8:ac:f8:24:fd:65:fe:bf:fe:aa:a0:74:1c: 4c:eb:47:47:e2:e8:ed:25:75:80:1c:bd:a4:e5:be:4e: 65:7e:69:2a:c1:ce:93:6a:54:7e:be:1b:06:2c:6c:50: fc:91:ec:80:1b:9b:07:bb:2b:49:06:bb:78:fd:c6:bf: e2:ff:d5:68:1f:04:4e:66:21:df:cd:44:18:a9:16:5b: bb:6a:35:4f:b1:54:27:4a:eb:98:26:4f:35:48:67:99: cd:30:80:e5:ff:de:7c:2e:a6:c0:68:94:2f:89:3e:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 51:47:14:1d:49:73:ff:e7:e0:2b:2a:b6:fa:11:56:ec: 94:f4:5a:e5:67:7d:b2:af:70:c8:b7:eb:79:bf:b4:1c: 41:c8:b0:4c:36:b4:bc:59:d8:21:35:56:38:48:1d:3d: 42:89:72:59:2e:0c:f0:b0:26:0a:e3:df:80:80:64:28: 94:d7:6e:02:41:a1:52:ee:1f:da:0c:1e:05:1f:53:a3: 76:c9:98:ed:67:a9:82:ce:d8:e5:d5:e3:f4:5f:9f:c2: a3:bd:04:93:1b:7a:db:17:49:0e:ec:b4:7e:3b:a8:7a: 28:00:53:43:d5:a8:f9:e5:e7:f1:00:24:12:94:54:6b Fingerprint (SHA-256): 60:78:35:97:65:05:E2:A8:F7:4A:F0:13:D4:6A:63:FD:81:95:B8:6A:36:E3:64:AE:57:80:E7:A9:F6:48:86:D9 Fingerprint (SHA1): 85:45:A3:98:0C:1C:3E:46:CC:44:9E:F2:A8:C8:ED:80:DF:A8:30:41 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #903: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #904: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161436 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #905: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #906: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #907: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #908: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161437 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #909: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #910: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #911: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #912: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161438 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #913: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #914: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #915: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #916: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161439 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #917: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #918: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #919: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161436 (0x1ee2841c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:11 2015 Not After : Mon May 18 20:17:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:ce:30:08:0c:b6:da:b6:12:83:0c:56:ef:ad:03:1c: bb:af:f3:67:80:ad:f5:a8:53:6c:23:c2:a1:04:f0:cc: 18:3d:b2:ca:5e:3e:a8:83:eb:61:d0:5f:8e:25:c9:68: 2e:00:49:f6:37:d4:95:99:a9:33:ee:a4:5f:99:6e:a9: d9:9b:e8:ab:82:a0:17:0c:46:6b:88:0e:39:73:cb:97: 82:d5:3f:8e:ff:42:69:9b:f8:46:6f:aa:65:87:18:0a: f0:3e:09:1b:20:6c:1f:af:9f:d3:de:c6:d4:5c:3c:f2: 58:9d:70:8c:7e:1c:2a:98:6a:3a:23:ea:9d:21:df:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:49:32:af:b3:3e:52:47:fc:b2:ea:bd:1b:61:1a:f3: 05:3d:03:8a:d7:61:84:85:d0:7a:da:ae:0c:b8:9d:29: e5:58:bd:39:fa:15:84:57:94:93:7a:23:87:19:65:15: 51:6d:c5:21:80:30:e7:59:48:f6:87:27:f5:92:66:d6: 03:b8:8e:19:3e:7c:d0:3d:cb:bf:74:0c:a5:ce:b0:19: 51:5d:6c:39:0d:22:b6:df:72:64:1a:5e:b5:5b:6a:ff: c1:1e:6c:45:67:78:16:2c:04:21:55:a8:d7:7c:94:e8: 75:84:4f:f7:43:ec:43:0d:ca:14:7a:a3:89:46:f1:6d Fingerprint (SHA-256): E1:66:24:57:95:0C:90:E9:47:34:D9:FE:EA:B3:85:35:57:FB:F8:06:2F:0E:52:CD:11:EF:B2:F8:12:61:20:CD Fingerprint (SHA1): 99:B1:C0:9B:D6:15:45:FE:50:77:74:C5:18:79:8F:6A:2B:60:27:6A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #920: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #921: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161437 (0x1ee2841d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:14 2015 Not After : Mon May 18 20:17:14 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:c8:c0:59:45:ba:3a:60:59:d2:45:36:06:fe:5c:21: eb:14:55:57:4d:37:41:9e:9e:8c:59:38:8f:89:6a:06: 5f:a4:9d:40:1e:61:84:15:12:81:bf:ec:8b:9f:fe:8e: c4:a6:44:93:4d:f4:25:54:42:62:2e:05:c7:29:8d:ee: 32:ed:2d:bd:3b:78:b7:17:3f:ca:fc:2a:ef:ac:84:df: ea:c0:11:e1:f3:b8:a0:48:05:e6:c1:76:99:33:fe:56: 74:69:b2:73:42:dd:e4:91:e4:c2:4b:34:ee:4e:e9:38: 0e:65:b5:35:99:f0:48:9d:cb:6e:3a:84:19:12:7a:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 64:c7:73:13:28:8e:02:37:45:7f:43:7d:56:da:43:96: 4f:65:d1:e9:0e:05:1f:7a:0e:9f:17:67:61:cf:91:d4: 64:4a:02:54:49:61:46:76:a6:77:49:ee:ea:b7:80:4e: 48:d7:14:44:a6:d2:6a:f6:b9:71:5c:c5:1e:e8:a0:d8: a5:04:d8:21:8d:01:52:dc:ae:90:82:09:6f:09:6c:10: 31:e8:10:62:b6:7a:55:15:62:f4:8d:cf:12:1f:83:d8: 37:d7:7e:21:11:3b:1f:f3:ba:93:84:6a:58:78:d4:8d: da:4a:01:ea:d3:04:18:94:4c:46:2d:67:d1:07:5e:c1 Fingerprint (SHA-256): 85:DD:42:04:A8:44:15:6F:A7:58:01:65:A9:68:B3:27:45:78:37:D3:1F:29:3A:F1:6B:E8:CA:97:AC:63:8E:05 Fingerprint (SHA1): D6:FC:9D:EC:50:2B:45:24:6A:45:BD:F2:BF:1E:A9:16:D0:E9:47:18 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #922: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #923: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161438 (0x1ee2841e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:17 2015 Not After : Mon May 18 20:17:17 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b0:0b:d1:31:40:e1:4d:97:d2:45:7c:94:d6:6d:cc: e9:ac:72:35:b4:8f:9f:5a:ed:58:ec:f9:45:4c:1f:8e: 6e:85:50:b9:34:1b:cf:a0:c5:c8:84:51:c1:04:2a:a6: 5b:4c:5c:b5:4d:49:51:4c:a5:b6:99:94:bf:9a:6d:ff: 67:59:bb:a6:e2:fb:95:78:be:30:94:66:c7:63:c3:f0: 78:f0:43:29:42:7c:07:27:86:e5:26:eb:0d:43:b6:bd: c0:94:a8:ce:0a:5e:a9:eb:32:6c:08:95:2b:75:f2:ff: 69:2e:c2:cf:e8:e9:67:ea:0d:d6:6a:37:59:d8:87:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:dd:56:83:4d:3d:d9:bb:53:60:c4:9a:b8:99:01:e9: 48:60:82:a3:6e:95:14:c3:fa:81:eb:a1:c6:c4:41:e9: 7d:9e:45:35:ef:8f:c4:8d:bf:2a:9d:58:64:94:70:b4: a4:67:39:89:1c:a5:5f:61:e6:6d:37:f9:48:a0:d3:46: f7:a4:fc:dc:2f:29:b1:68:c6:a3:8b:3a:93:80:8b:e0: 72:13:a7:db:d8:a7:b6:19:ce:c4:f6:52:94:a8:9b:b1: 9b:a9:b5:d6:54:2f:01:33:3d:0f:37:39:3b:6b:33:0f: 14:73:61:4d:6c:b1:c6:e7:95:99:52:d6:79:6c:55:68 Fingerprint (SHA-256): 23:40:A5:62:6C:9D:C1:E5:6D:8D:48:46:22:F5:92:DD:66:44:9B:F4:37:7A:F3:0B:B5:61:2B:57:AA:B2:3A:13 Fingerprint (SHA1): 69:60:63:94:96:BB:61:54:D1:7A:29:1E:00:AC:4E:89:11:24:22:DF Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #924: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #925: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #926: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #927: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #928: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161436 (0x1ee2841c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:11 2015 Not After : Mon May 18 20:17:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:ce:30:08:0c:b6:da:b6:12:83:0c:56:ef:ad:03:1c: bb:af:f3:67:80:ad:f5:a8:53:6c:23:c2:a1:04:f0:cc: 18:3d:b2:ca:5e:3e:a8:83:eb:61:d0:5f:8e:25:c9:68: 2e:00:49:f6:37:d4:95:99:a9:33:ee:a4:5f:99:6e:a9: d9:9b:e8:ab:82:a0:17:0c:46:6b:88:0e:39:73:cb:97: 82:d5:3f:8e:ff:42:69:9b:f8:46:6f:aa:65:87:18:0a: f0:3e:09:1b:20:6c:1f:af:9f:d3:de:c6:d4:5c:3c:f2: 58:9d:70:8c:7e:1c:2a:98:6a:3a:23:ea:9d:21:df:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:49:32:af:b3:3e:52:47:fc:b2:ea:bd:1b:61:1a:f3: 05:3d:03:8a:d7:61:84:85:d0:7a:da:ae:0c:b8:9d:29: e5:58:bd:39:fa:15:84:57:94:93:7a:23:87:19:65:15: 51:6d:c5:21:80:30:e7:59:48:f6:87:27:f5:92:66:d6: 03:b8:8e:19:3e:7c:d0:3d:cb:bf:74:0c:a5:ce:b0:19: 51:5d:6c:39:0d:22:b6:df:72:64:1a:5e:b5:5b:6a:ff: c1:1e:6c:45:67:78:16:2c:04:21:55:a8:d7:7c:94:e8: 75:84:4f:f7:43:ec:43:0d:ca:14:7a:a3:89:46:f1:6d Fingerprint (SHA-256): E1:66:24:57:95:0C:90:E9:47:34:D9:FE:EA:B3:85:35:57:FB:F8:06:2F:0E:52:CD:11:EF:B2:F8:12:61:20:CD Fingerprint (SHA1): 99:B1:C0:9B:D6:15:45:FE:50:77:74:C5:18:79:8F:6A:2B:60:27:6A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #929: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #930: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161437 (0x1ee2841d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:14 2015 Not After : Mon May 18 20:17:14 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:c8:c0:59:45:ba:3a:60:59:d2:45:36:06:fe:5c:21: eb:14:55:57:4d:37:41:9e:9e:8c:59:38:8f:89:6a:06: 5f:a4:9d:40:1e:61:84:15:12:81:bf:ec:8b:9f:fe:8e: c4:a6:44:93:4d:f4:25:54:42:62:2e:05:c7:29:8d:ee: 32:ed:2d:bd:3b:78:b7:17:3f:ca:fc:2a:ef:ac:84:df: ea:c0:11:e1:f3:b8:a0:48:05:e6:c1:76:99:33:fe:56: 74:69:b2:73:42:dd:e4:91:e4:c2:4b:34:ee:4e:e9:38: 0e:65:b5:35:99:f0:48:9d:cb:6e:3a:84:19:12:7a:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 64:c7:73:13:28:8e:02:37:45:7f:43:7d:56:da:43:96: 4f:65:d1:e9:0e:05:1f:7a:0e:9f:17:67:61:cf:91:d4: 64:4a:02:54:49:61:46:76:a6:77:49:ee:ea:b7:80:4e: 48:d7:14:44:a6:d2:6a:f6:b9:71:5c:c5:1e:e8:a0:d8: a5:04:d8:21:8d:01:52:dc:ae:90:82:09:6f:09:6c:10: 31:e8:10:62:b6:7a:55:15:62:f4:8d:cf:12:1f:83:d8: 37:d7:7e:21:11:3b:1f:f3:ba:93:84:6a:58:78:d4:8d: da:4a:01:ea:d3:04:18:94:4c:46:2d:67:d1:07:5e:c1 Fingerprint (SHA-256): 85:DD:42:04:A8:44:15:6F:A7:58:01:65:A9:68:B3:27:45:78:37:D3:1F:29:3A:F1:6B:E8:CA:97:AC:63:8E:05 Fingerprint (SHA1): D6:FC:9D:EC:50:2B:45:24:6A:45:BD:F2:BF:1E:A9:16:D0:E9:47:18 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #931: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #932: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161438 (0x1ee2841e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:17 2015 Not After : Mon May 18 20:17:17 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b0:0b:d1:31:40:e1:4d:97:d2:45:7c:94:d6:6d:cc: e9:ac:72:35:b4:8f:9f:5a:ed:58:ec:f9:45:4c:1f:8e: 6e:85:50:b9:34:1b:cf:a0:c5:c8:84:51:c1:04:2a:a6: 5b:4c:5c:b5:4d:49:51:4c:a5:b6:99:94:bf:9a:6d:ff: 67:59:bb:a6:e2:fb:95:78:be:30:94:66:c7:63:c3:f0: 78:f0:43:29:42:7c:07:27:86:e5:26:eb:0d:43:b6:bd: c0:94:a8:ce:0a:5e:a9:eb:32:6c:08:95:2b:75:f2:ff: 69:2e:c2:cf:e8:e9:67:ea:0d:d6:6a:37:59:d8:87:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:dd:56:83:4d:3d:d9:bb:53:60:c4:9a:b8:99:01:e9: 48:60:82:a3:6e:95:14:c3:fa:81:eb:a1:c6:c4:41:e9: 7d:9e:45:35:ef:8f:c4:8d:bf:2a:9d:58:64:94:70:b4: a4:67:39:89:1c:a5:5f:61:e6:6d:37:f9:48:a0:d3:46: f7:a4:fc:dc:2f:29:b1:68:c6:a3:8b:3a:93:80:8b:e0: 72:13:a7:db:d8:a7:b6:19:ce:c4:f6:52:94:a8:9b:b1: 9b:a9:b5:d6:54:2f:01:33:3d:0f:37:39:3b:6b:33:0f: 14:73:61:4d:6c:b1:c6:e7:95:99:52:d6:79:6c:55:68 Fingerprint (SHA-256): 23:40:A5:62:6C:9D:C1:E5:6D:8D:48:46:22:F5:92:DD:66:44:9B:F4:37:7A:F3:0B:B5:61:2B:57:AA:B2:3A:13 Fingerprint (SHA1): 69:60:63:94:96:BB:61:54:D1:7A:29:1E:00:AC:4E:89:11:24:22:DF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #933: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #934: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #935: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161440 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #936: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #937: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #938: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #939: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161441 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #940: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #941: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #942: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #943: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161442 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #944: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #945: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #946: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #947: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518161443 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #948: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #949: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #950: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #951: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518161444 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #952: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #953: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #954: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161440 (0x1ee28420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:33 2015 Not After : Mon May 18 20:17:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:5f:35:84:6b:6e:86:9a:be:3b:11:1e:4f:c4:e5:88: 1b:28:8e:67:2f:da:99:d6:78:e5:11:4b:d1:d6:e8:a9: 77:76:f4:f3:31:8d:ea:4d:01:71:64:43:d0:d0:14:3d: 9d:d7:dd:57:b7:0d:80:c1:c5:bc:32:b4:4d:91:04:15: c5:1a:5e:75:13:74:b4:33:8c:71:83:89:0f:9e:f5:24: 25:08:1e:3c:84:f2:a7:91:6d:fd:2b:85:74:3e:a5:e3: d5:1b:4a:2e:af:c0:d0:60:51:f0:c2:b2:b1:c6:2a:96: b4:cb:52:8f:7f:03:7c:96:0e:d9:2f:a0:f1:b5:2d:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:e6:cd:77:18:f6:09:0e:29:ca:e9:e7:ba:66:03:0c: af:63:cc:5a:8a:ad:5e:0a:5f:2c:0c:3f:7b:0e:08:84: 86:72:e8:6b:eb:4b:0b:49:88:08:26:47:f2:9d:04:7d: 0d:75:9a:b7:e2:ea:08:ea:30:7c:7b:6e:1b:e7:c0:69: f9:f9:9e:30:be:c8:93:a4:2c:54:ea:e0:4e:0a:27:ed: 19:07:e1:1d:ae:a6:3f:24:dd:8a:46:42:d1:9b:1e:98: 55:e5:ca:1c:5d:10:9a:7e:d9:1f:91:84:a9:a8:1a:0a: 7c:1a:b9:84:eb:43:14:e6:0a:c7:17:25:fd:07:ad:5d Fingerprint (SHA-256): E1:0F:5F:8B:5C:E3:15:91:50:D5:99:80:A9:EB:DB:E0:16:AA:52:55:AE:7B:82:51:FE:29:21:F8:A7:B8:95:3E Fingerprint (SHA1): 57:B3:5A:0D:22:97:6F:2C:AA:AB:4B:1F:58:53:8F:88:FA:FF:BE:38 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #955: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #956: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161441 (0x1ee28421) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:35 2015 Not After : Mon May 18 20:17:35 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:82:a7:45:42:9f:ec:15:8a:58:40:8c:04:1b:d2:63: da:a2:ba:bc:24:c0:85:cc:37:52:fe:39:6d:38:f3:63: 87:dd:af:a5:4b:e3:46:98:b6:3e:72:79:ee:17:5a:c1: 4e:66:b2:df:90:dd:88:a7:50:33:bf:29:74:45:61:aa: 63:81:e0:fd:4a:48:14:db:8e:91:61:b8:f0:63:bc:4d: dd:13:8e:5a:f0:39:8f:1a:54:4b:b6:73:1d:68:c4:43: 43:aa:d4:d7:e6:0d:a9:1f:13:55:9b:73:45:22:2b:24: d5:75:22:31:01:19:8e:9f:43:be:fd:54:fd:d3:ba:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:e5:31:16:93:32:8f:60:b6:50:0e:03:8a:0a:03:fd: 07:82:24:5a:58:38:7f:27:38:29:92:b1:12:2b:14:f0: 31:f1:b9:87:ca:7a:7a:63:f7:fc:82:f8:59:c6:2a:55: 83:10:2d:22:d0:ec:f6:55:a7:82:cb:d7:24:fc:25:ba: 6e:1e:55:c5:76:26:9b:46:f8:27:44:c2:b0:99:ee:c7: 88:28:a5:21:aa:9f:3f:79:29:cb:cb:a2:e1:5b:37:9c: fb:c5:9c:55:0d:c1:48:a6:2f:bc:5d:66:10:da:6e:b8: 6c:e2:91:29:38:d6:95:7f:87:ff:30:2a:3e:41:30:4f Fingerprint (SHA-256): 6E:BE:D2:2B:4A:E7:8D:0E:88:91:D4:AC:E9:41:9E:3B:1C:EE:0D:A0:DA:69:6E:9D:28:D6:1D:4A:DD:B8:8B:BC Fingerprint (SHA1): 7E:3E:CD:79:8D:4C:35:45:96:28:87:C8:33:1F:E4:91:53:5F:F2:EE Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #957: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #958: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161442 (0x1ee28422) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:38 2015 Not After : Mon May 18 20:17:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:47:3d:e0:76:64:b7:8e:59:6e:20:5d:e9:ce:2d:7d: fd:6e:14:71:88:dc:44:a1:4c:02:8f:23:f2:b1:2f:86: 5a:34:ec:73:5b:12:2d:b3:08:42:66:77:65:90:06:c4: dd:db:38:97:15:68:26:92:5f:f1:cb:86:4e:6f:df:01: 53:0a:5c:92:d9:5f:73:15:e4:bf:26:66:c6:19:0d:0c: 34:90:99:99:7c:40:77:dd:dd:17:ce:d3:17:dc:63:a8: 5b:aa:fb:f4:94:79:a0:2f:63:e5:34:e9:57:d4:e7:ec: d6:e6:bf:3c:48:c4:9b:96:16:f2:53:59:86:fc:37:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:ad:2a:dc:04:bb:08:bb:2a:eb:bb:b4:53:34:9f:14: 1e:63:b3:19:11:4a:0e:09:89:0b:c4:5e:3d:c2:55:78: 6e:80:06:f6:0b:46:5a:45:ee:74:26:7e:fc:00:a7:7f: 3e:37:0a:a9:5f:cc:c4:86:d8:e9:31:35:87:66:0a:0d: f5:62:75:d5:b7:3a:03:e4:55:3c:93:0e:26:e8:ca:ec: 91:c2:12:49:b4:b1:02:77:08:45:e2:01:ee:a8:b1:25: 5a:e1:3a:db:f5:83:82:77:97:4e:dc:ec:61:85:43:cc: b8:b7:1d:80:74:bd:db:55:41:14:f6:f1:45:e3:dd:48 Fingerprint (SHA-256): BA:2E:7A:96:34:69:A4:71:1C:AA:23:F2:61:98:91:93:1B:8F:2B:78:0D:4B:7B:9C:32:3F:A0:AF:B0:C1:3E:95 Fingerprint (SHA1): 9E:DF:4F:16:A0:E0:6F:FD:CF:DF:13:A6:2F:2F:0C:C2:C9:1D:E6:D8 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #959: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #960: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #961: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #962: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #963: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161440 (0x1ee28420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:33 2015 Not After : Mon May 18 20:17:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:5f:35:84:6b:6e:86:9a:be:3b:11:1e:4f:c4:e5:88: 1b:28:8e:67:2f:da:99:d6:78:e5:11:4b:d1:d6:e8:a9: 77:76:f4:f3:31:8d:ea:4d:01:71:64:43:d0:d0:14:3d: 9d:d7:dd:57:b7:0d:80:c1:c5:bc:32:b4:4d:91:04:15: c5:1a:5e:75:13:74:b4:33:8c:71:83:89:0f:9e:f5:24: 25:08:1e:3c:84:f2:a7:91:6d:fd:2b:85:74:3e:a5:e3: d5:1b:4a:2e:af:c0:d0:60:51:f0:c2:b2:b1:c6:2a:96: b4:cb:52:8f:7f:03:7c:96:0e:d9:2f:a0:f1:b5:2d:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:e6:cd:77:18:f6:09:0e:29:ca:e9:e7:ba:66:03:0c: af:63:cc:5a:8a:ad:5e:0a:5f:2c:0c:3f:7b:0e:08:84: 86:72:e8:6b:eb:4b:0b:49:88:08:26:47:f2:9d:04:7d: 0d:75:9a:b7:e2:ea:08:ea:30:7c:7b:6e:1b:e7:c0:69: f9:f9:9e:30:be:c8:93:a4:2c:54:ea:e0:4e:0a:27:ed: 19:07:e1:1d:ae:a6:3f:24:dd:8a:46:42:d1:9b:1e:98: 55:e5:ca:1c:5d:10:9a:7e:d9:1f:91:84:a9:a8:1a:0a: 7c:1a:b9:84:eb:43:14:e6:0a:c7:17:25:fd:07:ad:5d Fingerprint (SHA-256): E1:0F:5F:8B:5C:E3:15:91:50:D5:99:80:A9:EB:DB:E0:16:AA:52:55:AE:7B:82:51:FE:29:21:F8:A7:B8:95:3E Fingerprint (SHA1): 57:B3:5A:0D:22:97:6F:2C:AA:AB:4B:1F:58:53:8F:88:FA:FF:BE:38 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #964: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #965: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161441 (0x1ee28421) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:35 2015 Not After : Mon May 18 20:17:35 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:82:a7:45:42:9f:ec:15:8a:58:40:8c:04:1b:d2:63: da:a2:ba:bc:24:c0:85:cc:37:52:fe:39:6d:38:f3:63: 87:dd:af:a5:4b:e3:46:98:b6:3e:72:79:ee:17:5a:c1: 4e:66:b2:df:90:dd:88:a7:50:33:bf:29:74:45:61:aa: 63:81:e0:fd:4a:48:14:db:8e:91:61:b8:f0:63:bc:4d: dd:13:8e:5a:f0:39:8f:1a:54:4b:b6:73:1d:68:c4:43: 43:aa:d4:d7:e6:0d:a9:1f:13:55:9b:73:45:22:2b:24: d5:75:22:31:01:19:8e:9f:43:be:fd:54:fd:d3:ba:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:e5:31:16:93:32:8f:60:b6:50:0e:03:8a:0a:03:fd: 07:82:24:5a:58:38:7f:27:38:29:92:b1:12:2b:14:f0: 31:f1:b9:87:ca:7a:7a:63:f7:fc:82:f8:59:c6:2a:55: 83:10:2d:22:d0:ec:f6:55:a7:82:cb:d7:24:fc:25:ba: 6e:1e:55:c5:76:26:9b:46:f8:27:44:c2:b0:99:ee:c7: 88:28:a5:21:aa:9f:3f:79:29:cb:cb:a2:e1:5b:37:9c: fb:c5:9c:55:0d:c1:48:a6:2f:bc:5d:66:10:da:6e:b8: 6c:e2:91:29:38:d6:95:7f:87:ff:30:2a:3e:41:30:4f Fingerprint (SHA-256): 6E:BE:D2:2B:4A:E7:8D:0E:88:91:D4:AC:E9:41:9E:3B:1C:EE:0D:A0:DA:69:6E:9D:28:D6:1D:4A:DD:B8:8B:BC Fingerprint (SHA1): 7E:3E:CD:79:8D:4C:35:45:96:28:87:C8:33:1F:E4:91:53:5F:F2:EE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #966: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #967: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161442 (0x1ee28422) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:38 2015 Not After : Mon May 18 20:17:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:47:3d:e0:76:64:b7:8e:59:6e:20:5d:e9:ce:2d:7d: fd:6e:14:71:88:dc:44:a1:4c:02:8f:23:f2:b1:2f:86: 5a:34:ec:73:5b:12:2d:b3:08:42:66:77:65:90:06:c4: dd:db:38:97:15:68:26:92:5f:f1:cb:86:4e:6f:df:01: 53:0a:5c:92:d9:5f:73:15:e4:bf:26:66:c6:19:0d:0c: 34:90:99:99:7c:40:77:dd:dd:17:ce:d3:17:dc:63:a8: 5b:aa:fb:f4:94:79:a0:2f:63:e5:34:e9:57:d4:e7:ec: d6:e6:bf:3c:48:c4:9b:96:16:f2:53:59:86:fc:37:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:ad:2a:dc:04:bb:08:bb:2a:eb:bb:b4:53:34:9f:14: 1e:63:b3:19:11:4a:0e:09:89:0b:c4:5e:3d:c2:55:78: 6e:80:06:f6:0b:46:5a:45:ee:74:26:7e:fc:00:a7:7f: 3e:37:0a:a9:5f:cc:c4:86:d8:e9:31:35:87:66:0a:0d: f5:62:75:d5:b7:3a:03:e4:55:3c:93:0e:26:e8:ca:ec: 91:c2:12:49:b4:b1:02:77:08:45:e2:01:ee:a8:b1:25: 5a:e1:3a:db:f5:83:82:77:97:4e:dc:ec:61:85:43:cc: b8:b7:1d:80:74:bd:db:55:41:14:f6:f1:45:e3:dd:48 Fingerprint (SHA-256): BA:2E:7A:96:34:69:A4:71:1C:AA:23:F2:61:98:91:93:1B:8F:2B:78:0D:4B:7B:9C:32:3F:A0:AF:B0:C1:3E:95 Fingerprint (SHA1): 9E:DF:4F:16:A0:E0:6F:FD:CF:DF:13:A6:2F:2F:0C:C2:C9:1D:E6:D8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #968: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #969: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161440 (0x1ee28420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:33 2015 Not After : Mon May 18 20:17:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:5f:35:84:6b:6e:86:9a:be:3b:11:1e:4f:c4:e5:88: 1b:28:8e:67:2f:da:99:d6:78:e5:11:4b:d1:d6:e8:a9: 77:76:f4:f3:31:8d:ea:4d:01:71:64:43:d0:d0:14:3d: 9d:d7:dd:57:b7:0d:80:c1:c5:bc:32:b4:4d:91:04:15: c5:1a:5e:75:13:74:b4:33:8c:71:83:89:0f:9e:f5:24: 25:08:1e:3c:84:f2:a7:91:6d:fd:2b:85:74:3e:a5:e3: d5:1b:4a:2e:af:c0:d0:60:51:f0:c2:b2:b1:c6:2a:96: b4:cb:52:8f:7f:03:7c:96:0e:d9:2f:a0:f1:b5:2d:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:e6:cd:77:18:f6:09:0e:29:ca:e9:e7:ba:66:03:0c: af:63:cc:5a:8a:ad:5e:0a:5f:2c:0c:3f:7b:0e:08:84: 86:72:e8:6b:eb:4b:0b:49:88:08:26:47:f2:9d:04:7d: 0d:75:9a:b7:e2:ea:08:ea:30:7c:7b:6e:1b:e7:c0:69: f9:f9:9e:30:be:c8:93:a4:2c:54:ea:e0:4e:0a:27:ed: 19:07:e1:1d:ae:a6:3f:24:dd:8a:46:42:d1:9b:1e:98: 55:e5:ca:1c:5d:10:9a:7e:d9:1f:91:84:a9:a8:1a:0a: 7c:1a:b9:84:eb:43:14:e6:0a:c7:17:25:fd:07:ad:5d Fingerprint (SHA-256): E1:0F:5F:8B:5C:E3:15:91:50:D5:99:80:A9:EB:DB:E0:16:AA:52:55:AE:7B:82:51:FE:29:21:F8:A7:B8:95:3E Fingerprint (SHA1): 57:B3:5A:0D:22:97:6F:2C:AA:AB:4B:1F:58:53:8F:88:FA:FF:BE:38 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #970: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161440 (0x1ee28420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:33 2015 Not After : Mon May 18 20:17:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:5f:35:84:6b:6e:86:9a:be:3b:11:1e:4f:c4:e5:88: 1b:28:8e:67:2f:da:99:d6:78:e5:11:4b:d1:d6:e8:a9: 77:76:f4:f3:31:8d:ea:4d:01:71:64:43:d0:d0:14:3d: 9d:d7:dd:57:b7:0d:80:c1:c5:bc:32:b4:4d:91:04:15: c5:1a:5e:75:13:74:b4:33:8c:71:83:89:0f:9e:f5:24: 25:08:1e:3c:84:f2:a7:91:6d:fd:2b:85:74:3e:a5:e3: d5:1b:4a:2e:af:c0:d0:60:51:f0:c2:b2:b1:c6:2a:96: b4:cb:52:8f:7f:03:7c:96:0e:d9:2f:a0:f1:b5:2d:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:e6:cd:77:18:f6:09:0e:29:ca:e9:e7:ba:66:03:0c: af:63:cc:5a:8a:ad:5e:0a:5f:2c:0c:3f:7b:0e:08:84: 86:72:e8:6b:eb:4b:0b:49:88:08:26:47:f2:9d:04:7d: 0d:75:9a:b7:e2:ea:08:ea:30:7c:7b:6e:1b:e7:c0:69: f9:f9:9e:30:be:c8:93:a4:2c:54:ea:e0:4e:0a:27:ed: 19:07:e1:1d:ae:a6:3f:24:dd:8a:46:42:d1:9b:1e:98: 55:e5:ca:1c:5d:10:9a:7e:d9:1f:91:84:a9:a8:1a:0a: 7c:1a:b9:84:eb:43:14:e6:0a:c7:17:25:fd:07:ad:5d Fingerprint (SHA-256): E1:0F:5F:8B:5C:E3:15:91:50:D5:99:80:A9:EB:DB:E0:16:AA:52:55:AE:7B:82:51:FE:29:21:F8:A7:B8:95:3E Fingerprint (SHA1): 57:B3:5A:0D:22:97:6F:2C:AA:AB:4B:1F:58:53:8F:88:FA:FF:BE:38 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #971: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161441 (0x1ee28421) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:35 2015 Not After : Mon May 18 20:17:35 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:82:a7:45:42:9f:ec:15:8a:58:40:8c:04:1b:d2:63: da:a2:ba:bc:24:c0:85:cc:37:52:fe:39:6d:38:f3:63: 87:dd:af:a5:4b:e3:46:98:b6:3e:72:79:ee:17:5a:c1: 4e:66:b2:df:90:dd:88:a7:50:33:bf:29:74:45:61:aa: 63:81:e0:fd:4a:48:14:db:8e:91:61:b8:f0:63:bc:4d: dd:13:8e:5a:f0:39:8f:1a:54:4b:b6:73:1d:68:c4:43: 43:aa:d4:d7:e6:0d:a9:1f:13:55:9b:73:45:22:2b:24: d5:75:22:31:01:19:8e:9f:43:be:fd:54:fd:d3:ba:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:e5:31:16:93:32:8f:60:b6:50:0e:03:8a:0a:03:fd: 07:82:24:5a:58:38:7f:27:38:29:92:b1:12:2b:14:f0: 31:f1:b9:87:ca:7a:7a:63:f7:fc:82:f8:59:c6:2a:55: 83:10:2d:22:d0:ec:f6:55:a7:82:cb:d7:24:fc:25:ba: 6e:1e:55:c5:76:26:9b:46:f8:27:44:c2:b0:99:ee:c7: 88:28:a5:21:aa:9f:3f:79:29:cb:cb:a2:e1:5b:37:9c: fb:c5:9c:55:0d:c1:48:a6:2f:bc:5d:66:10:da:6e:b8: 6c:e2:91:29:38:d6:95:7f:87:ff:30:2a:3e:41:30:4f Fingerprint (SHA-256): 6E:BE:D2:2B:4A:E7:8D:0E:88:91:D4:AC:E9:41:9E:3B:1C:EE:0D:A0:DA:69:6E:9D:28:D6:1D:4A:DD:B8:8B:BC Fingerprint (SHA1): 7E:3E:CD:79:8D:4C:35:45:96:28:87:C8:33:1F:E4:91:53:5F:F2:EE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #972: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161441 (0x1ee28421) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:17:35 2015 Not After : Mon May 18 20:17:35 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:82:a7:45:42:9f:ec:15:8a:58:40:8c:04:1b:d2:63: da:a2:ba:bc:24:c0:85:cc:37:52:fe:39:6d:38:f3:63: 87:dd:af:a5:4b:e3:46:98:b6:3e:72:79:ee:17:5a:c1: 4e:66:b2:df:90:dd:88:a7:50:33:bf:29:74:45:61:aa: 63:81:e0:fd:4a:48:14:db:8e:91:61:b8:f0:63:bc:4d: dd:13:8e:5a:f0:39:8f:1a:54:4b:b6:73:1d:68:c4:43: 43:aa:d4:d7:e6:0d:a9:1f:13:55:9b:73:45:22:2b:24: d5:75:22:31:01:19:8e:9f:43:be:fd:54:fd:d3:ba:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:e5:31:16:93:32:8f:60:b6:50:0e:03:8a:0a:03:fd: 07:82:24:5a:58:38:7f:27:38:29:92:b1:12:2b:14:f0: 31:f1:b9:87:ca:7a:7a:63:f7:fc:82:f8:59:c6:2a:55: 83:10:2d:22:d0:ec:f6:55:a7:82:cb:d7:24:fc:25:ba: 6e:1e:55:c5:76:26:9b:46:f8:27:44:c2:b0:99:ee:c7: 88:28:a5:21:aa:9f:3f:79:29:cb:cb:a2:e1:5b:37:9c: fb:c5:9c:55:0d:c1:48:a6:2f:bc:5d:66:10:da:6e:b8: 6c:e2:91:29:38:d6:95:7f:87:ff:30:2a:3e:41:30:4f Fingerprint (SHA-256): 6E:BE:D2:2B:4A:E7:8D:0E:88:91:D4:AC:E9:41:9E:3B:1C:EE:0D:A0:DA:69:6E:9D:28:D6:1D:4A:DD:B8:8B:BC Fingerprint (SHA1): 7E:3E:CD:79:8D:4C:35:45:96:28:87:C8:33:1F:E4:91:53:5F:F2:EE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #973: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161442 (0x1ee28422) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:38 2015 Not After : Mon May 18 20:17:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:47:3d:e0:76:64:b7:8e:59:6e:20:5d:e9:ce:2d:7d: fd:6e:14:71:88:dc:44:a1:4c:02:8f:23:f2:b1:2f:86: 5a:34:ec:73:5b:12:2d:b3:08:42:66:77:65:90:06:c4: dd:db:38:97:15:68:26:92:5f:f1:cb:86:4e:6f:df:01: 53:0a:5c:92:d9:5f:73:15:e4:bf:26:66:c6:19:0d:0c: 34:90:99:99:7c:40:77:dd:dd:17:ce:d3:17:dc:63:a8: 5b:aa:fb:f4:94:79:a0:2f:63:e5:34:e9:57:d4:e7:ec: d6:e6:bf:3c:48:c4:9b:96:16:f2:53:59:86:fc:37:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:ad:2a:dc:04:bb:08:bb:2a:eb:bb:b4:53:34:9f:14: 1e:63:b3:19:11:4a:0e:09:89:0b:c4:5e:3d:c2:55:78: 6e:80:06:f6:0b:46:5a:45:ee:74:26:7e:fc:00:a7:7f: 3e:37:0a:a9:5f:cc:c4:86:d8:e9:31:35:87:66:0a:0d: f5:62:75:d5:b7:3a:03:e4:55:3c:93:0e:26:e8:ca:ec: 91:c2:12:49:b4:b1:02:77:08:45:e2:01:ee:a8:b1:25: 5a:e1:3a:db:f5:83:82:77:97:4e:dc:ec:61:85:43:cc: b8:b7:1d:80:74:bd:db:55:41:14:f6:f1:45:e3:dd:48 Fingerprint (SHA-256): BA:2E:7A:96:34:69:A4:71:1C:AA:23:F2:61:98:91:93:1B:8F:2B:78:0D:4B:7B:9C:32:3F:A0:AF:B0:C1:3E:95 Fingerprint (SHA1): 9E:DF:4F:16:A0:E0:6F:FD:CF:DF:13:A6:2F:2F:0C:C2:C9:1D:E6:D8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #974: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161442 (0x1ee28422) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:17:38 2015 Not After : Mon May 18 20:17:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:47:3d:e0:76:64:b7:8e:59:6e:20:5d:e9:ce:2d:7d: fd:6e:14:71:88:dc:44:a1:4c:02:8f:23:f2:b1:2f:86: 5a:34:ec:73:5b:12:2d:b3:08:42:66:77:65:90:06:c4: dd:db:38:97:15:68:26:92:5f:f1:cb:86:4e:6f:df:01: 53:0a:5c:92:d9:5f:73:15:e4:bf:26:66:c6:19:0d:0c: 34:90:99:99:7c:40:77:dd:dd:17:ce:d3:17:dc:63:a8: 5b:aa:fb:f4:94:79:a0:2f:63:e5:34:e9:57:d4:e7:ec: d6:e6:bf:3c:48:c4:9b:96:16:f2:53:59:86:fc:37:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:ad:2a:dc:04:bb:08:bb:2a:eb:bb:b4:53:34:9f:14: 1e:63:b3:19:11:4a:0e:09:89:0b:c4:5e:3d:c2:55:78: 6e:80:06:f6:0b:46:5a:45:ee:74:26:7e:fc:00:a7:7f: 3e:37:0a:a9:5f:cc:c4:86:d8:e9:31:35:87:66:0a:0d: f5:62:75:d5:b7:3a:03:e4:55:3c:93:0e:26:e8:ca:ec: 91:c2:12:49:b4:b1:02:77:08:45:e2:01:ee:a8:b1:25: 5a:e1:3a:db:f5:83:82:77:97:4e:dc:ec:61:85:43:cc: b8:b7:1d:80:74:bd:db:55:41:14:f6:f1:45:e3:dd:48 Fingerprint (SHA-256): BA:2E:7A:96:34:69:A4:71:1C:AA:23:F2:61:98:91:93:1B:8F:2B:78:0D:4B:7B:9C:32:3F:A0:AF:B0:C1:3E:95 Fingerprint (SHA1): 9E:DF:4F:16:A0:E0:6F:FD:CF:DF:13:A6:2F:2F:0C:C2:C9:1D:E6:D8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #975: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #976: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161445 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #977: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #978: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #979: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #980: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161446 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #981: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #982: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #983: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #984: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161447 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #985: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #986: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #987: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #988: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518161448 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #989: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #990: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #991: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #992: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518161449 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #993: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #994: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #995: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #996: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518161450 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #997: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #998: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #999: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1000: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518161451 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1001: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1002: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1003: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1004: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1005: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1006: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1007: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161445 (0x1ee28425) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:00 2015 Not After : Mon May 18 20:18:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:d1:7d:51:cc:ef:1d:62:58:9b:da:da:2c:80:68:f1: f3:9d:3f:97:d4:92:01:bf:51:52:32:e4:68:40:d5:47: 02:96:59:bf:a8:a3:7b:40:de:0e:a3:39:c9:ec:a0:34: c5:63:6d:11:8b:d4:14:be:46:d2:ad:18:41:c8:e0:5c: 4c:52:79:19:1e:c0:1a:b6:31:3d:5d:bd:1b:a5:98:27: bc:19:a5:8e:5a:55:47:10:6a:2a:bb:c2:6e:b6:da:bd: 7a:83:a9:c7:fb:47:c5:bd:cc:21:a0:5a:46:12:f9:39: 47:55:0a:2b:f1:f7:a5:ca:0a:80:94:c0:8e:c3:da:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:08:d5:2c:81:99:ee:09:eb:04:b8:60:44:c4:6b:20: 57:20:0f:ad:b0:2b:3f:db:a2:e5:2e:18:97:90:a8:e8: 6c:c2:86:0f:53:09:50:5b:7b:02:72:f8:f9:61:ad:a5: c5:6f:33:5c:89:67:8d:6d:58:b4:da:b9:51:75:3c:d1: 67:c0:22:55:a8:aa:c0:c2:0e:55:a0:8e:45:d8:97:5d: 7c:62:02:a1:ed:f8:ea:8c:21:43:62:8b:9a:95:7b:63: b4:cd:9b:d6:d1:c7:c5:52:5f:b1:4b:fa:df:8f:3f:41: 6d:78:07:b7:54:f7:8c:6f:d2:b5:67:1c:62:a2:c1:e2 Fingerprint (SHA-256): F5:C0:C3:B4:D7:26:BD:14:5A:7C:E6:96:6A:10:90:E7:B2:DF:B2:F0:E7:44:9A:ED:4E:B8:75:A7:7B:77:23:BD Fingerprint (SHA1): F0:A3:D6:B1:66:3F:81:31:BD:CA:46:01:BF:17:6C:3D:D3:14:46:26 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1008: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1009: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1010: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1011: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161445 (0x1ee28425) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:00 2015 Not After : Mon May 18 20:18:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:d1:7d:51:cc:ef:1d:62:58:9b:da:da:2c:80:68:f1: f3:9d:3f:97:d4:92:01:bf:51:52:32:e4:68:40:d5:47: 02:96:59:bf:a8:a3:7b:40:de:0e:a3:39:c9:ec:a0:34: c5:63:6d:11:8b:d4:14:be:46:d2:ad:18:41:c8:e0:5c: 4c:52:79:19:1e:c0:1a:b6:31:3d:5d:bd:1b:a5:98:27: bc:19:a5:8e:5a:55:47:10:6a:2a:bb:c2:6e:b6:da:bd: 7a:83:a9:c7:fb:47:c5:bd:cc:21:a0:5a:46:12:f9:39: 47:55:0a:2b:f1:f7:a5:ca:0a:80:94:c0:8e:c3:da:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:08:d5:2c:81:99:ee:09:eb:04:b8:60:44:c4:6b:20: 57:20:0f:ad:b0:2b:3f:db:a2:e5:2e:18:97:90:a8:e8: 6c:c2:86:0f:53:09:50:5b:7b:02:72:f8:f9:61:ad:a5: c5:6f:33:5c:89:67:8d:6d:58:b4:da:b9:51:75:3c:d1: 67:c0:22:55:a8:aa:c0:c2:0e:55:a0:8e:45:d8:97:5d: 7c:62:02:a1:ed:f8:ea:8c:21:43:62:8b:9a:95:7b:63: b4:cd:9b:d6:d1:c7:c5:52:5f:b1:4b:fa:df:8f:3f:41: 6d:78:07:b7:54:f7:8c:6f:d2:b5:67:1c:62:a2:c1:e2 Fingerprint (SHA-256): F5:C0:C3:B4:D7:26:BD:14:5A:7C:E6:96:6A:10:90:E7:B2:DF:B2:F0:E7:44:9A:ED:4E:B8:75:A7:7B:77:23:BD Fingerprint (SHA1): F0:A3:D6:B1:66:3F:81:31:BD:CA:46:01:BF:17:6C:3D:D3:14:46:26 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1012: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1013: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1014: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161452 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1015: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1016: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1017: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1018: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161453 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1019: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1020: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1021: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1022: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518161454 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1023: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1024: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1025: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1026: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518161455 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1027: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1028: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1029: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1030: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518161456 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1031: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1032: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1033: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1034: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518161457 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1035: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1036: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1037: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1038: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518161458 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1039: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1040: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1041: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1042: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518161459 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1043: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1044: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1045: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1046: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518161460 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1047: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1048: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1049: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1050: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518161461 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1051: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1052: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1053: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1054: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518161462 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1055: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1056: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1057: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1058: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518161463 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1059: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1060: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1061: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1062: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518161464 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1063: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1064: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1065: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1066: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518161465 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1067: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1068: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1069: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1070: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518161466 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1071: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1072: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1073: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1074: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518161467 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1075: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1076: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1077: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1078: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518161468 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1079: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1080: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1081: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1082: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518161469 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1083: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1084: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1085: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1086: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518161470 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1087: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1088: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1089: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1090: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518161471 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1091: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1092: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1093: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1094: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518161472 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1095: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1096: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1097: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1098: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518161473 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1099: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1100: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1101: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1102: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518161474 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1103: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1104: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1105: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1106: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518161475 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1107: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1108: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1109: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1110: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518161476 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1111: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1112: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1113: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1114: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518161477 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1115: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1116: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1117: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1118: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518161478 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1119: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1120: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1121: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1122: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518161479 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1123: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1124: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1125: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1126: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518161480 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1127: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1128: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1129: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1130: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518161481 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1131: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1132: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1133: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1134: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1135: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1136: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1137: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1138: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1139: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1140: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1141: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1142: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1143: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1144: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1145: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1146: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1147: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1148: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1149: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1150: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1151: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1152: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1153: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1154: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1155: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161452 (0x1ee2842c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:18:28 2015 Not After : Mon May 18 20:18:28 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:07:1d:43:78:1e:cf:0e:5f:c3:55:61:bd:f8:fe:92: 95:c8:2a:ea:65:d1:f8:55:0d:ce:f1:3e:88:ff:ef:89: 11:2c:64:cc:31:5c:75:4a:f6:b5:f7:eb:88:af:57:74: 7e:76:51:64:12:4b:74:32:d0:c9:3d:1d:7f:fb:08:f5: 3f:a7:69:de:cb:75:e9:66:64:91:25:fb:28:a7:76:60: 73:52:45:b9:e7:b7:af:91:b7:f6:40:77:b9:db:73:0b: aa:b5:7e:a1:a3:4f:78:18:c7:f5:be:42:9c:4d:8b:86: 56:51:1c:7d:96:7f:81:81:76:db:6d:17:43:f7:ad:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:ca:64:75:0e:d0:e7:3a:e0:ba:d1:85:ef:ea:67:54: 87:df:ff:e9:b8:c9:45:7c:cf:62:4a:0e:41:86:00:11: b4:ee:b8:ae:df:00:9b:fd:63:eb:8c:03:59:95:72:f0: d6:d9:76:0a:d8:13:35:3b:4d:0b:69:25:eb:0e:a1:7e: ce:c0:1e:f8:c7:18:da:81:a1:e6:82:79:44:fc:2b:80: db:e0:74:c5:df:b0:20:4c:4b:f9:81:51:50:92:7a:e0: e0:2c:26:f7:53:e7:13:3a:9f:27:53:0c:2f:bf:65:d4: b4:ec:19:58:66:ab:e2:47:08:9b:b3:9b:2b:3d:70:5f Fingerprint (SHA-256): 77:CF:78:CB:1A:58:79:96:D2:4C:65:D7:D9:55:92:64:AC:33:DF:56:FB:82:2E:B6:0A:6C:38:04:C4:8D:FE:B8 Fingerprint (SHA1): 9E:5A:00:91:AE:47:02:0A:0C:21:FA:C2:F1:49:73:F7:EC:E8:D9:40 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1156: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1157: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1158: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161482 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1159: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1160: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1161: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1162: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518161483 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1163: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1164: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1165: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1166: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518161484 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1167: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1168: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1169: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1170: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518161485 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1171: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1172: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1173: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1174: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518161486 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1175: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1176: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1177: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1178: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518161487 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1179: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1180: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1181: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1182: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518161488 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1183: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1184: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1185: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161482 (0x1ee2844a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:20:22 2015 Not After : Mon May 18 20:20:22 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:be:17:4a:6b:3a:36:6d:16:e4:f3:a3:cb:4c:d0:67: 2b:a7:8a:75:ff:ff:8f:61:1f:79:4c:90:b8:ca:24:99: 2d:a7:91:62:d2:ee:56:fe:88:47:37:c2:01:58:24:45: 72:b4:96:99:5e:de:15:77:96:6a:23:bd:ce:b9:4f:13: 25:46:eb:ec:cc:06:e0:88:94:fe:f8:68:93:78:bc:52: a2:f3:bf:aa:00:83:c5:27:b9:d0:96:5e:2e:15:14:b9: ad:36:27:6f:4c:a8:a9:91:5b:37:0d:39:d8:1d:ba:21: b1:38:ea:d8:9f:d9:8b:82:47:c9:1e:70:d2:6f:f2:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:f6:56:58:3f:94:a0:86:2c:51:60:1c:53:9a:be:86: de:9a:1b:70:5f:f9:7b:ea:1c:7f:c2:46:aa:eb:a8:e9: 73:a8:92:4a:46:89:93:d6:e4:a4:9f:dc:6e:c1:e6:ad: d6:06:6c:01:02:70:0f:87:c5:ac:33:b2:55:2a:7b:92: 35:65:27:5a:ba:21:66:f3:71:48:3b:e4:ae:64:4e:62: 6a:36:12:b7:35:dd:be:63:bb:70:61:a2:7d:e4:fd:9a: 7f:48:29:65:ef:04:8d:38:7e:c8:a4:26:6e:51:ac:a1: c9:b6:51:b1:c3:fa:a8:65:6f:1e:c3:fb:37:a4:76:4f Fingerprint (SHA-256): 2F:8D:75:C8:9F:83:0A:BF:DD:E6:92:A3:B8:D2:59:58:ED:D9:93:06:C9:25:63:7D:9F:CE:23:64:91:43:E6:E6 Fingerprint (SHA1): 0B:6D:D1:83:43:EF:FC:15:A6:0C:EA:40:5A:DA:7B:E7:C4:8C:83:12 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1186: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1187: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1188: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1189: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161482 (0x1ee2844a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:20:22 2015 Not After : Mon May 18 20:20:22 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:be:17:4a:6b:3a:36:6d:16:e4:f3:a3:cb:4c:d0:67: 2b:a7:8a:75:ff:ff:8f:61:1f:79:4c:90:b8:ca:24:99: 2d:a7:91:62:d2:ee:56:fe:88:47:37:c2:01:58:24:45: 72:b4:96:99:5e:de:15:77:96:6a:23:bd:ce:b9:4f:13: 25:46:eb:ec:cc:06:e0:88:94:fe:f8:68:93:78:bc:52: a2:f3:bf:aa:00:83:c5:27:b9:d0:96:5e:2e:15:14:b9: ad:36:27:6f:4c:a8:a9:91:5b:37:0d:39:d8:1d:ba:21: b1:38:ea:d8:9f:d9:8b:82:47:c9:1e:70:d2:6f:f2:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:f6:56:58:3f:94:a0:86:2c:51:60:1c:53:9a:be:86: de:9a:1b:70:5f:f9:7b:ea:1c:7f:c2:46:aa:eb:a8:e9: 73:a8:92:4a:46:89:93:d6:e4:a4:9f:dc:6e:c1:e6:ad: d6:06:6c:01:02:70:0f:87:c5:ac:33:b2:55:2a:7b:92: 35:65:27:5a:ba:21:66:f3:71:48:3b:e4:ae:64:4e:62: 6a:36:12:b7:35:dd:be:63:bb:70:61:a2:7d:e4:fd:9a: 7f:48:29:65:ef:04:8d:38:7e:c8:a4:26:6e:51:ac:a1: c9:b6:51:b1:c3:fa:a8:65:6f:1e:c3:fb:37:a4:76:4f Fingerprint (SHA-256): 2F:8D:75:C8:9F:83:0A:BF:DD:E6:92:A3:B8:D2:59:58:ED:D9:93:06:C9:25:63:7D:9F:CE:23:64:91:43:E6:E6 Fingerprint (SHA1): 0B:6D:D1:83:43:EF:FC:15:A6:0C:EA:40:5A:DA:7B:E7:C4:8C:83:12 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1190: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1191: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1192: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1193: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161489 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1194: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1195: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1196: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1197: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161490 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1198: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1199: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1200: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1201: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161491 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1202: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1203: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1204: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1205: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161492 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1206: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1207: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1208: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1209: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1210: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1211: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161489 (0x1ee28451) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:20:47 2015 Not After : Mon May 18 20:20:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:dc:c6:ff:ee:75:d0:5e:da:f7:3a:89:c0:4c:a8:3e: a0:b6:83:1e:3d:fc:b7:aa:23:e6:95:0c:d6:99:9c:77: 5e:e8:68:d6:47:b8:3b:9c:94:c7:6a:2a:74:17:1d:b8: 96:08:9d:77:2a:18:73:ab:21:e6:ef:16:ec:fe:0f:b6: e7:a5:af:8b:0b:af:92:47:50:6d:f3:f8:a7:9e:20:93: 37:14:e3:d0:91:3f:77:e0:04:25:09:d8:73:dd:69:3e: ad:e0:11:67:58:64:a4:e0:d1:38:69:cc:b0:b5:2f:f0: d3:11:1b:fe:ff:3b:8b:28:a1:b4:f7:84:4f:06:44:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: dc:c4:98:f2:91:e1:49:21:b4:f8:77:ff:8d:98:1c:c7: 15:9a:3a:29:af:b9:b9:e1:e4:3d:2c:8a:e2:ef:2b:4f: cd:29:66:b8:45:2f:8f:23:59:ae:bd:90:7e:bf:fa:eb: f2:d2:8f:b9:02:9e:fe:03:01:f1:88:3b:64:74:2e:83: c6:6b:df:8e:3d:5b:76:04:98:f3:95:5b:bd:4f:31:80: c1:bc:ba:73:fd:8a:6a:6c:8c:99:dd:c0:f9:6e:cd:ff: 46:1c:95:d6:e1:ae:3c:5e:3c:f1:3d:b8:03:21:8f:76: 8f:09:a0:58:1e:0b:52:3c:92:e3:b0:0b:e2:22:9d:e1 Fingerprint (SHA-256): EC:03:EF:7A:78:1C:06:0A:4E:3B:16:90:06:71:3F:41:34:CD:7F:29:C2:DB:88:EA:D3:52:AA:B3:88:EE:A3:13 Fingerprint (SHA1): C6:E6:E0:5D:BD:9B:10:EB:43:E2:88:6D:73:0C:DF:62:FC:5B:19:4F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1212: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1213: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1214: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161490 (0x1ee28452) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:20:50 2015 Not After : Mon May 18 20:20:50 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:bd:7a:16:17:91:3a:78:4c:e5:57:21:d7:e3:74:d3: 53:a6:60:64:57:b9:b0:ef:84:99:80:a6:31:45:b6:7b: 64:6f:47:71:a3:b4:32:43:7d:5c:50:b7:ac:78:85:4d: fe:71:11:74:6a:20:24:68:51:31:e0:f9:c8:59:28:ec: 77:21:10:6b:ff:18:d8:a1:f9:e2:c0:da:3c:cc:2b:0e: da:c4:c7:4d:14:be:30:c9:54:e3:92:6d:26:98:e7:68: f3:7a:11:cb:cd:d8:e0:cb:ff:28:16:9e:c7:86:bf:69: b6:d4:cb:48:d6:cc:cf:14:86:42:bc:88:73:69:3d:af Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c5:82:e7:6d:44:ac:2f:6a:98:b1:bc:56:c0:3a:6f:84: ac:7e:f2:e5:23:6f:a2:54:41:86:9a:80:b3:f3:9d:8b: 4e:0a:5f:a3:b8:0e:b4:fa:84:9b:bd:8c:e8:21:9a:f9: 13:39:1c:29:a4:e9:a6:79:a4:f6:6d:e9:cc:ae:82:fa: 55:46:77:26:1c:df:f2:80:eb:2a:1d:53:a0:bf:8e:7b: 93:24:0c:97:d5:6a:e4:ad:83:5d:2c:ef:d0:87:d2:f7: 0e:63:b1:67:b3:72:5a:db:79:a4:e9:be:c2:87:bc:f3: 24:76:df:00:59:d8:e3:f3:b6:b6:0d:12:dd:aa:b2:c4 Fingerprint (SHA-256): 23:C8:FE:3A:E6:FA:39:04:E0:86:55:B0:BF:C0:B5:92:86:DE:49:2B:E5:92:42:1B:A4:23:E0:B0:91:72:A4:22 Fingerprint (SHA1): 8D:2E:3F:FA:DC:01:6A:81:E8:F9:0F:D8:B2:C3:7C:A1:3A:31:A2:AB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1215: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1216: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161491 (0x1ee28453) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:20:53 2015 Not After : Mon May 18 20:20:53 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:42:85:5a:fb:80:3b:79:ee:5c:90:16:96:57:77:d9: 0d:d1:6c:8a:de:7e:bd:65:79:08:dd:79:04:34:fa:9c: 7c:96:37:ac:17:ce:c5:bf:34:4a:11:b4:05:c9:c2:ca: 44:f7:b3:ec:e0:d5:b0:7e:35:f9:55:6a:78:a5:ea:c6: 90:f4:4c:61:89:f3:21:12:da:9d:a9:9b:dc:01:4a:88: 0d:f8:ac:3a:24:79:22:12:9e:40:33:1d:fb:8b:53:6e: b6:c6:85:5a:8e:68:08:ce:d4:a7:85:6e:54:73:31:67: 97:61:44:47:45:e5:c7:1f:ab:fc:f5:2d:49:e0:89:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:72:38:d3:0d:82:44:a7:fb:15:15:27:3c:ac:b2:e2: 72:f3:95:ff:e1:7c:c3:20:84:5a:9e:b2:61:cb:dd:07: d6:dd:55:00:3c:30:cf:09:d2:9d:96:15:2c:b7:3d:75: 1a:5f:89:93:f1:7c:b4:c3:87:78:2d:c8:23:98:c6:f3: 09:fa:98:1e:e7:24:eb:6a:f3:a1:46:97:3c:52:73:b0: c9:1f:2d:b6:65:7e:e8:d6:ea:70:d8:9a:5c:d6:f8:e0: 6f:92:a4:a0:82:f7:dd:89:07:3f:6c:61:58:db:d5:ca: 17:4b:2c:73:ea:73:93:3c:94:01:6d:2b:1d:9f:9d:af Fingerprint (SHA-256): 09:EC:4E:1C:8F:69:8C:3D:DB:AB:D0:69:94:4B:26:DE:84:BC:14:4D:00:2A:27:7B:9F:0A:7C:98:30:E9:D9:8D Fingerprint (SHA1): 5E:57:C7:65:07:57:45:0C:83:23:21:D2:54:F2:49:87:9F:46:21:00 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1217: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1218: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161493 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1219: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1220: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1221: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1222: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161494 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1223: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1224: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1225: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1226: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161495 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1227: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1228: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1229: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1230: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518161496 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1231: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1232: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1233: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1234: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518161497 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1235: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1236: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1237: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1238: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1239: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1240: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #1241: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161493 (0x1ee28455) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:21:06 2015 Not After : Mon May 18 20:21:06 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:ad:07:d1:6e:a3:fb:21:4c:f7:05:fe:c0:5f:6f:dc: c0:da:e7:f6:7b:4d:6d:15:79:69:03:41:da:3a:52:4c: db:27:1c:37:1e:ca:7b:4e:f6:5d:9a:32:24:aa:56:0c: b6:3c:c0:7b:2d:64:de:c6:25:d9:12:24:21:d4:f8:f7: be:37:71:b7:a6:65:f9:3b:f7:f5:94:fe:a9:8d:2f:7f: 1e:b2:0a:db:59:92:c5:e8:d6:b1:be:ce:1a:ca:92:9d: 16:6a:2f:c5:23:c3:bf:e9:34:3f:d6:3a:39:12:7a:f1: 08:02:be:d8:a5:b5:ef:0e:24:ff:ac:f1:b5:55:90:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:d3:04:00:18:88:73:49:48:d3:d2:1c:22:71:38:be: ed:ab:43:1a:d0:88:d9:32:f5:a7:fa:c4:11:2b:a3:fb: 17:68:dd:e2:52:86:1e:dc:2d:ad:cd:3e:29:e9:4c:b6: f4:2d:d3:48:d2:bc:0d:02:b0:16:49:67:ca:e1:cb:59: ea:44:55:a7:3c:96:a9:8e:e8:3f:07:e5:91:4f:80:52: cb:7e:ec:a8:87:79:71:e7:bd:81:41:2d:83:3e:fe:19: ce:98:be:88:8d:81:17:c6:2e:38:20:04:f6:38:59:93: 23:ea:2d:20:33:21:a6:02:b8:82:a8:9a:fd:ee:ec:eb Fingerprint (SHA-256): D3:3F:06:66:08:A5:2E:F6:CD:BF:A2:19:50:D7:E6:A9:BE:CC:09:D7:94:6E:37:DC:88:FA:A5:7E:CB:4B:AE:DA Fingerprint (SHA1): 62:1B:79:F2:CB:06:AE:30:52:45:F5:B4:C8:65:09:40:88:B4:55:DC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1242: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1243: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161494 (0x1ee28456) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:21:09 2015 Not After : Mon May 18 20:21:09 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:df:30:f0:ab:c6:ba:45:d0:9f:5b:ba:f9:74:12:de: 22:a8:da:1c:fe:68:ab:5f:5f:63:d3:ac:d4:ff:97:7d: c7:63:a8:20:5b:20:b7:b9:bd:26:8f:8c:49:ca:3f:fc: dd:10:b3:70:fb:58:c8:68:23:65:cf:bc:f5:1a:b7:11: 6a:13:5e:2a:96:38:68:92:00:aa:e8:be:7c:d1:89:56: 94:a1:69:2c:93:9b:7c:f6:1d:8f:a8:04:7d:58:a8:d1: 4a:30:a1:6d:d2:39:f3:ca:cb:e2:c7:e7:53:fb:da:f6: fe:41:dd:d6:55:5b:69:c6:83:87:72:bd:9a:77:6d:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:c7:f1:3e:ad:bb:00:a3:8f:9a:ac:c1:e8:69:d3:b0: 27:a0:bd:a1:bf:d8:17:da:77:63:3f:2d:cc:db:5c:0e: f6:6b:39:a9:82:20:c9:93:b7:14:41:d8:bd:c4:7f:a8: 75:ea:00:92:42:70:25:28:05:73:7b:b5:1a:19:f5:b8: 4b:91:d0:0b:a3:16:81:99:69:ee:f6:80:ee:77:4e:6d: 6e:d2:13:8d:04:72:8b:e0:23:b6:07:0a:4d:33:1a:19: 13:d0:ec:39:5a:81:a1:25:53:bf:27:80:9b:a1:59:63: e4:17:5f:28:49:b3:5e:e8:63:f9:8f:8b:2a:07:55:28 Fingerprint (SHA-256): 8B:C6:14:AA:64:27:1A:E8:96:6B:F9:46:E3:E5:A9:DA:CB:13:E8:C8:F5:17:0F:12:2B:07:88:A4:A7:2E:79:3D Fingerprint (SHA1): 6C:97:23:19:6E:BF:0B:EE:F0:94:D5:CE:0E:6F:63:EE:2D:AB:71:42 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1244: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1245: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1246: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161495 (0x1ee28457) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:21:12 2015 Not After : Mon May 18 20:21:12 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 98:8f:21:9a:a0:58:57:3e:16:74:4e:15:03:a8:b2:91: 31:74:3c:bc:e7:03:f6:1f:4e:f1:99:41:40:9d:1c:89: 99:3d:91:27:30:d4:3b:5b:15:17:ef:7b:af:c5:9e:75: f9:67:d4:52:20:b3:4f:52:09:b9:5e:1b:94:55:cc:95: e0:1e:27:a5:ed:ba:ca:ba:6a:31:4c:b5:c1:d8:7d:d5: 89:9f:0e:b9:bf:22:c1:3b:dd:dd:dd:48:40:0d:f0:86: bf:83:6b:12:3b:c7:21:0f:73:37:f5:75:77:ed:bb:a9: f7:87:5f:f5:54:8f:1a:15:dc:e9:e4:f4:92:39:a5:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:70:4e:7a:2a:bf:43:c1:6d:50:14:d4:f4:c4:eb:1e: f7:01:58:e0:b9:18:3d:45:3d:60:86:59:cf:d4:f6:30: 02:35:6c:ee:2e:7c:15:f0:e5:ac:52:eb:73:f8:5e:62: 08:2e:9e:0f:37:df:6e:49:b7:3f:ab:93:0e:94:5f:b9: fc:4c:7f:48:33:55:a8:8a:6c:42:9f:8c:35:a7:c8:ef: 13:c7:bc:e0:91:51:a0:e9:6e:1e:5e:1f:b9:93:cd:f2: f3:3b:86:c1:b0:7d:3d:4e:c1:26:b3:42:b3:05:43:2b: 29:cb:b5:43:fd:bc:59:0a:22:64:fc:cc:a5:3a:82:a6 Fingerprint (SHA-256): 59:DF:48:6F:E1:AC:EE:48:35:B5:F1:42:FE:43:A4:B0:91:13:BE:70:C9:9D:7E:96:C3:95:4B:DB:0C:76:43:DA Fingerprint (SHA1): 0C:37:DB:77:2F:83:CD:6D:DD:F0:6B:65:81:23:A9:30:CF:4A:02:C5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1247: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1248: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161498 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1249: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1250: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1251: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1252: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161499 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1253: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1254: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1255: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1256: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161500 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA1Root-518161407.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1257: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1258: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1259: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1260: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161501 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1261: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1262: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #1263: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161498 (0x1ee2845a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:21:27 2015 Not After : Mon May 18 20:21:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:2a:6f:6b:3b:4c:b1:de:69:48:70:6d:1f:99:24:af: ff:fd:06:c2:20:be:3b:1b:ca:b9:dd:ec:1e:e9:3c:d6: 72:10:28:ed:be:7a:9b:a1:d6:4c:30:e7:f7:48:71:50: 35:ec:21:d0:69:02:21:80:6f:08:0e:4f:46:0e:aa:3e: 05:e4:64:9f:92:9d:54:57:46:1d:1c:a1:2e:81:03:1d: 93:cb:03:d0:d8:0e:f8:63:9a:63:94:fe:6a:d1:91:d9: e0:81:a1:20:cb:85:e2:00:28:a3:54:a8:22:db:a8:7c: b5:ef:d3:38:3c:f4:7d:ec:2e:20:53:42:28:35:b4:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8e:45:c6:de:93:99:3e:26:bb:ef:c0:0a:3f:9c:0f:ad: 56:d7:56:6b:e9:e1:28:26:b5:b6:63:e8:bb:8a:70:ee: 8e:5c:28:60:6f:8b:fe:25:b9:cd:56:da:93:5e:69:42: ff:60:51:4f:28:18:6b:72:0e:d4:b6:0f:40:8b:ed:d1: ca:e8:c7:0e:16:a1:39:91:11:21:d8:ca:35:f8:83:ab: 52:8f:80:9c:de:3b:cf:49:a2:58:60:74:25:ec:9a:1a: f6:54:49:c2:b4:4e:36:2a:98:b3:c7:ac:42:f4:a1:3e: 05:3e:7a:36:df:47:5c:26:09:2d:f3:fe:8a:7d:9d:aa Fingerprint (SHA-256): EB:73:AF:43:B4:60:52:0E:40:A5:1B:F2:B9:C3:27:A7:1E:50:A9:AB:1C:CE:CC:23:E5:42:11:47:12:5E:3E:5C Fingerprint (SHA1): 28:9C:38:57:BE:12:23:86:C4:8C:BF:B5:47:AF:10:37:99:B3:43:CF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1264: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1265: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161502 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1266: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1267: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1268: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161503 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1269: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1270: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1271: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1272: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161504 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1273: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1274: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161505 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1275: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1276: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1277: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1278: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1279: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161506 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518161408.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1280: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1281: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1282: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1283: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161507 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1284: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1285: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1286: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1287: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161503 (0x1ee2845f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:21:44 2015 Not After : Mon May 18 20:21:44 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:17:b3:42:1b:57:d7:a8:bf:4f:b8:e4:64:e0:ad:64: 68:b0:11:dd:1d:ed:76:47:5e:56:a8:9a:35:52:36:48: 52:df:0d:31:03:df:64:ef:86:77:27:47:02:27:df:5e: 8d:60:a5:71:ca:56:f2:cb:3a:fb:ad:b1:f1:c8:ad:7e: 76:87:d5:92:d5:13:c6:62:63:a7:3c:30:e3:a3:ba:54: 1a:ba:38:9a:fe:67:25:77:93:3e:6b:ff:ef:64:59:34: 1b:b2:7a:fe:57:ff:49:aa:aa:20:64:78:0d:bc:eb:ee: 2b:91:b7:18:5e:35:f0:70:30:32:bd:2a:17:c7:92:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:1a:97:d5:83:34:89:1e:64:e5:38:1c:87:2e:98:b2: f1:09:1e:e2:de:8c:9a:76:0e:2e:70:ec:74:43:18:1b: fa:7c:6e:56:c2:8a:82:d2:07:0c:60:72:e0:0f:2f:60: 9f:9e:17:47:b6:b7:1f:ec:c6:56:d6:e0:83:bd:21:e1: 23:a2:d9:01:93:db:c2:22:59:08:30:76:f5:f4:a9:34: 35:3b:d1:2f:cd:0a:63:8d:d8:01:77:16:48:a9:3c:6b: 68:70:f5:ad:6a:92:17:c1:c9:58:4c:8d:e7:28:6e:64: 93:46:bf:34:81:a3:89:eb:4b:ef:9b:cf:50:d6:d1:76 Fingerprint (SHA-256): 5F:B8:7A:BC:30:AC:E6:65:D4:68:DA:13:B7:B9:8B:6F:B5:B8:30:A3:32:CA:C5:97:C9:D8:8C:0D:5D:B8:55:2B Fingerprint (SHA1): 04:05:72:1A:F5:79:DD:68:7E:C5:2F:14:97:02:A9:FA:AF:B3:02:EB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1288: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161503 (0x1ee2845f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:21:44 2015 Not After : Mon May 18 20:21:44 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:17:b3:42:1b:57:d7:a8:bf:4f:b8:e4:64:e0:ad:64: 68:b0:11:dd:1d:ed:76:47:5e:56:a8:9a:35:52:36:48: 52:df:0d:31:03:df:64:ef:86:77:27:47:02:27:df:5e: 8d:60:a5:71:ca:56:f2:cb:3a:fb:ad:b1:f1:c8:ad:7e: 76:87:d5:92:d5:13:c6:62:63:a7:3c:30:e3:a3:ba:54: 1a:ba:38:9a:fe:67:25:77:93:3e:6b:ff:ef:64:59:34: 1b:b2:7a:fe:57:ff:49:aa:aa:20:64:78:0d:bc:eb:ee: 2b:91:b7:18:5e:35:f0:70:30:32:bd:2a:17:c7:92:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:1a:97:d5:83:34:89:1e:64:e5:38:1c:87:2e:98:b2: f1:09:1e:e2:de:8c:9a:76:0e:2e:70:ec:74:43:18:1b: fa:7c:6e:56:c2:8a:82:d2:07:0c:60:72:e0:0f:2f:60: 9f:9e:17:47:b6:b7:1f:ec:c6:56:d6:e0:83:bd:21:e1: 23:a2:d9:01:93:db:c2:22:59:08:30:76:f5:f4:a9:34: 35:3b:d1:2f:cd:0a:63:8d:d8:01:77:16:48:a9:3c:6b: 68:70:f5:ad:6a:92:17:c1:c9:58:4c:8d:e7:28:6e:64: 93:46:bf:34:81:a3:89:eb:4b:ef:9b:cf:50:d6:d1:76 Fingerprint (SHA-256): 5F:B8:7A:BC:30:AC:E6:65:D4:68:DA:13:B7:B9:8B:6F:B5:B8:30:A3:32:CA:C5:97:C9:D8:8C:0D:5D:B8:55:2B Fingerprint (SHA1): 04:05:72:1A:F5:79:DD:68:7E:C5:2F:14:97:02:A9:FA:AF:B3:02:EB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1289: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1290: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161508 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1291: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1292: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1293: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161509 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1294: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1295: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1296: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1297: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161510 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1298: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1299: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161511 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1300: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1301: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1302: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1303: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1304: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161512 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518161409.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1305: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1306: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1307: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1308: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161513 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1309: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1310: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1311: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1312: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518161514 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-BridgeNavy-518161410.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1313: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1314: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1315: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1316: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161515 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1317: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1318: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1319: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1320: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161509 (0x1ee28465) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:22:01 2015 Not After : Mon May 18 20:22:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:30:83:7d:d8:e3:5f:ef:cc:e8:4c:ff:d4:00:59:8f: 43:85:db:99:af:a1:e7:2d:cf:b1:cd:b6:13:f8:9c:c6: bd:de:03:c7:a9:39:fc:52:b1:bc:ea:70:e4:5d:14:c5: 03:7f:de:15:81:74:fb:df:f1:7c:c4:69:41:fc:e4:f3: a0:64:d7:f4:1b:3b:47:22:ab:95:9e:2b:b7:3c:c2:93: 80:b8:8e:e2:10:5c:6f:40:8e:9d:0b:9f:99:64:e4:73: 66:59:d9:c5:ee:e6:ea:dc:cd:5a:19:38:78:db:f9:7d: 5c:00:b1:97:8a:72:4f:f2:97:41:56:ab:6c:c0:d4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:ec:6e:e7:b4:7c:44:31:ff:cc:71:0b:73:fc:ce:cf: 45:c7:a3:cc:b6:a8:12:fd:a2:0f:14:fc:46:d3:75:a7: eb:bc:6b:b9:2d:cf:44:77:3e:0e:d3:eb:9a:70:77:71: 4e:3b:b8:5f:4d:b4:77:cf:8d:c6:de:d0:7a:8c:cd:b8: 0a:34:2a:1d:ce:d1:47:2c:dd:5b:4b:d7:24:2b:38:94: c2:ec:ff:31:6f:0b:9b:ad:44:a9:b7:0d:14:af:f7:38: 0e:8f:c1:40:0e:16:d4:88:49:22:0b:ae:c7:ad:4e:1b: f5:16:1d:65:ef:bb:95:26:c1:fb:50:01:c0:22:02:2a Fingerprint (SHA-256): E3:8D:9C:00:AE:09:2B:E3:F9:54:CC:A5:C8:52:5F:4A:7B:C5:8C:0F:C2:90:CC:44:86:2F:12:55:7C:A6:0F:A2 Fingerprint (SHA1): 89:3C:89:8D:41:FF:0B:3D:F8:BA:B9:40:E2:C2:08:24:D6:B0:8D:9E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1321: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161509 (0x1ee28465) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:22:01 2015 Not After : Mon May 18 20:22:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:30:83:7d:d8:e3:5f:ef:cc:e8:4c:ff:d4:00:59:8f: 43:85:db:99:af:a1:e7:2d:cf:b1:cd:b6:13:f8:9c:c6: bd:de:03:c7:a9:39:fc:52:b1:bc:ea:70:e4:5d:14:c5: 03:7f:de:15:81:74:fb:df:f1:7c:c4:69:41:fc:e4:f3: a0:64:d7:f4:1b:3b:47:22:ab:95:9e:2b:b7:3c:c2:93: 80:b8:8e:e2:10:5c:6f:40:8e:9d:0b:9f:99:64:e4:73: 66:59:d9:c5:ee:e6:ea:dc:cd:5a:19:38:78:db:f9:7d: 5c:00:b1:97:8a:72:4f:f2:97:41:56:ab:6c:c0:d4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:ec:6e:e7:b4:7c:44:31:ff:cc:71:0b:73:fc:ce:cf: 45:c7:a3:cc:b6:a8:12:fd:a2:0f:14:fc:46:d3:75:a7: eb:bc:6b:b9:2d:cf:44:77:3e:0e:d3:eb:9a:70:77:71: 4e:3b:b8:5f:4d:b4:77:cf:8d:c6:de:d0:7a:8c:cd:b8: 0a:34:2a:1d:ce:d1:47:2c:dd:5b:4b:d7:24:2b:38:94: c2:ec:ff:31:6f:0b:9b:ad:44:a9:b7:0d:14:af:f7:38: 0e:8f:c1:40:0e:16:d4:88:49:22:0b:ae:c7:ad:4e:1b: f5:16:1d:65:ef:bb:95:26:c1:fb:50:01:c0:22:02:2a Fingerprint (SHA-256): E3:8D:9C:00:AE:09:2B:E3:F9:54:CC:A5:C8:52:5F:4A:7B:C5:8C:0F:C2:90:CC:44:86:2F:12:55:7C:A6:0F:A2 Fingerprint (SHA1): 89:3C:89:8D:41:FF:0B:3D:F8:BA:B9:40:E2:C2:08:24:D6:B0:8D:9E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1322: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #1323: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161508 (0x1ee28464) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:21:59 2015 Not After : Mon May 18 20:21:59 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:97:ff:a2:f9:8d:d7:e6:9c:a5:5a:41:76:67:03:8b: ec:2c:db:8b:de:2f:1b:b5:24:e0:96:2f:f7:e8:8d:d4: 24:45:96:a9:73:46:c9:32:cf:03:c7:08:60:ec:10:8e: c3:33:7a:6c:ea:6a:7e:cc:52:74:3e:c1:18:60:59:98: b0:3e:db:01:5a:af:85:92:28:1a:85:ee:93:e5:99:73: a0:e0:38:f0:c3:b5:39:25:db:ae:a3:af:af:10:bc:57: e6:03:ba:09:27:95:85:9f:2b:12:7b:37:1b:10:3c:ed: de:0a:fa:95:fb:6c:0d:5d:46:17:ae:cf:4b:7c:79:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:e1:d5:da:2b:cc:79:08:16:54:d2:e3:9a:d0:4f:0a: 84:23:44:ae:da:37:ec:ec:ad:b3:90:39:6b:1c:6e:07: d7:6d:37:2c:27:77:39:3f:16:e8:cc:ef:13:4a:fa:5a: d2:83:a0:cb:44:76:8b:91:a8:10:d3:d4:58:5b:20:54: 9c:5c:09:64:8c:ba:88:05:54:9e:4a:24:1f:2e:25:69: 06:f3:b1:9d:90:38:04:8d:69:a2:e9:85:90:25:1e:3b: 11:d2:e9:f1:68:83:53:96:4b:c1:bc:0c:2b:56:3d:de: dc:22:51:c6:75:75:a3:ec:ab:9d:bb:51:f4:0f:4c:34 Fingerprint (SHA-256): 68:3A:64:4A:37:DF:7A:A2:2E:DA:A8:EF:CB:33:FA:AA:F1:95:49:15:A8:2A:A7:AA:6D:CA:82:88:95:40:10:BD Fingerprint (SHA1): A3:6D:20:23:83:CB:52:53:56:BB:F5:AE:88:D5:39:64:9B:81:2D:D6 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1324: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161509 (0x1ee28465) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:22:01 2015 Not After : Mon May 18 20:22:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:30:83:7d:d8:e3:5f:ef:cc:e8:4c:ff:d4:00:59:8f: 43:85:db:99:af:a1:e7:2d:cf:b1:cd:b6:13:f8:9c:c6: bd:de:03:c7:a9:39:fc:52:b1:bc:ea:70:e4:5d:14:c5: 03:7f:de:15:81:74:fb:df:f1:7c:c4:69:41:fc:e4:f3: a0:64:d7:f4:1b:3b:47:22:ab:95:9e:2b:b7:3c:c2:93: 80:b8:8e:e2:10:5c:6f:40:8e:9d:0b:9f:99:64:e4:73: 66:59:d9:c5:ee:e6:ea:dc:cd:5a:19:38:78:db:f9:7d: 5c:00:b1:97:8a:72:4f:f2:97:41:56:ab:6c:c0:d4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:ec:6e:e7:b4:7c:44:31:ff:cc:71:0b:73:fc:ce:cf: 45:c7:a3:cc:b6:a8:12:fd:a2:0f:14:fc:46:d3:75:a7: eb:bc:6b:b9:2d:cf:44:77:3e:0e:d3:eb:9a:70:77:71: 4e:3b:b8:5f:4d:b4:77:cf:8d:c6:de:d0:7a:8c:cd:b8: 0a:34:2a:1d:ce:d1:47:2c:dd:5b:4b:d7:24:2b:38:94: c2:ec:ff:31:6f:0b:9b:ad:44:a9:b7:0d:14:af:f7:38: 0e:8f:c1:40:0e:16:d4:88:49:22:0b:ae:c7:ad:4e:1b: f5:16:1d:65:ef:bb:95:26:c1:fb:50:01:c0:22:02:2a Fingerprint (SHA-256): E3:8D:9C:00:AE:09:2B:E3:F9:54:CC:A5:C8:52:5F:4A:7B:C5:8C:0F:C2:90:CC:44:86:2F:12:55:7C:A6:0F:A2 Fingerprint (SHA1): 89:3C:89:8D:41:FF:0B:3D:F8:BA:B9:40:E2:C2:08:24:D6:B0:8D:9E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1325: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161509 (0x1ee28465) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:22:01 2015 Not After : Mon May 18 20:22:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:30:83:7d:d8:e3:5f:ef:cc:e8:4c:ff:d4:00:59:8f: 43:85:db:99:af:a1:e7:2d:cf:b1:cd:b6:13:f8:9c:c6: bd:de:03:c7:a9:39:fc:52:b1:bc:ea:70:e4:5d:14:c5: 03:7f:de:15:81:74:fb:df:f1:7c:c4:69:41:fc:e4:f3: a0:64:d7:f4:1b:3b:47:22:ab:95:9e:2b:b7:3c:c2:93: 80:b8:8e:e2:10:5c:6f:40:8e:9d:0b:9f:99:64:e4:73: 66:59:d9:c5:ee:e6:ea:dc:cd:5a:19:38:78:db:f9:7d: 5c:00:b1:97:8a:72:4f:f2:97:41:56:ab:6c:c0:d4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:ec:6e:e7:b4:7c:44:31:ff:cc:71:0b:73:fc:ce:cf: 45:c7:a3:cc:b6:a8:12:fd:a2:0f:14:fc:46:d3:75:a7: eb:bc:6b:b9:2d:cf:44:77:3e:0e:d3:eb:9a:70:77:71: 4e:3b:b8:5f:4d:b4:77:cf:8d:c6:de:d0:7a:8c:cd:b8: 0a:34:2a:1d:ce:d1:47:2c:dd:5b:4b:d7:24:2b:38:94: c2:ec:ff:31:6f:0b:9b:ad:44:a9:b7:0d:14:af:f7:38: 0e:8f:c1:40:0e:16:d4:88:49:22:0b:ae:c7:ad:4e:1b: f5:16:1d:65:ef:bb:95:26:c1:fb:50:01:c0:22:02:2a Fingerprint (SHA-256): E3:8D:9C:00:AE:09:2B:E3:F9:54:CC:A5:C8:52:5F:4A:7B:C5:8C:0F:C2:90:CC:44:86:2F:12:55:7C:A6:0F:A2 Fingerprint (SHA1): 89:3C:89:8D:41:FF:0B:3D:F8:BA:B9:40:E2:C2:08:24:D6:B0:8D:9E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1326: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1327: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161516 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1328: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1329: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1330: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161517 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1331: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1332: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #1333: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1334: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518161518 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1335: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1336: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #1337: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1338: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518161519 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1339: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1340: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1341: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1342: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518161520 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1343: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1344: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518161521 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1345: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1346: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #1347: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1348: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1349: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161522 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1350: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1351: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1352: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1353: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518161523 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1354: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1355: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1356: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1357: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161524 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1358: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1359: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1360: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1361: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161525 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1362: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1363: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1364: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161516 (0x1ee2846c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:22:24 2015 Not After : Mon May 18 20:22:24 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:33:e3:c7:f5:4f:10:60:bb:e4:47:24:62:8a:71:69: 9e:22:e7:d5:ce:8a:b9:81:b9:24:58:39:8f:de:63:30: 5a:88:02:bf:3a:77:f7:ff:c2:94:15:32:45:ef:f6:8c: 3f:a5:86:1c:30:94:b8:99:78:7a:b8:cf:6e:16:fa:3d: 3c:c1:1f:05:eb:80:38:e1:46:4b:81:03:5f:d4:35:5f: 66:e0:10:7e:5a:e8:9e:9c:12:60:db:be:a3:d0:17:68: 8b:ca:da:94:4a:1e:1a:8d:32:db:e1:2d:ff:3b:22:bb: 2e:e4:51:5b:25:6a:44:98:1f:84:33:38:2d:ed:89:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:f0:0c:32:9d:68:63:e9:5d:2f:41:eb:74:f4:89:7d: ec:7b:0f:d0:03:84:d0:6f:3e:fa:bd:47:8e:4c:f9:47: 3d:5f:bd:7a:6b:29:54:a8:21:ab:9d:60:4b:da:33:23: 19:94:dd:09:85:9f:8a:47:63:69:54:3b:25:03:25:d3: 81:5a:4a:e3:70:70:a7:b1:69:f6:e4:1d:64:af:e0:02: 6d:1a:ed:d0:4d:82:a3:a7:d8:79:1e:63:38:b9:77:5a: a7:b0:9d:7f:31:76:85:62:7e:87:93:f4:46:d5:6b:54: 01:f1:eb:29:7d:4f:83:4c:89:3e:e4:58:c5:71:52:68 Fingerprint (SHA-256): E3:CF:F7:F9:95:7B:9E:41:35:18:6A:C9:26:45:59:A0:9C:C8:8E:5B:8E:4A:07:97:24:77:2E:8A:6A:83:45:B1 Fingerprint (SHA1): 4A:E7:31:09:1A:50:93:1A:80:07:77:00:05:81:8C:5E:B3:90:17:02 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #1365: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1366: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1367: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1368: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1369: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1370: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1371: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1372: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1373: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161517 (0x1ee2846d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:22:27 2015 Not After : Mon May 18 20:22:27 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:db:47:57:fd:2c:10:9d:4e:3b:d9:73:0f:86:e7:45: 01:07:5f:69:1b:d9:66:78:41:80:cf:5b:76:84:7e:0d: 06:4b:07:67:c8:87:3b:e8:4a:ca:ff:a7:33:0a:aa:0e: 22:5a:ce:97:43:f1:e3:b0:16:37:00:ce:42:e7:b5:ad: 34:66:eb:cb:62:90:9b:5f:3e:28:f1:f2:aa:4e:79:68: 71:03:ae:36:18:91:3d:d0:b2:0d:ae:23:48:ee:ae:39: f5:26:2d:0b:f3:d7:c1:00:09:69:58:78:cc:d2:1b:1b: e0:0a:c2:f1:78:68:64:c7:c6:b8:03:74:5d:4a:00:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d1:bd:04:2c:c6:21:2b:60:28:0e:ff:b2:f9:55:47:26: 64:ba:b2:c6:bb:0d:87:6f:e3:01:17:ca:c0:f6:7a:7a: 0e:e3:74:2d:c7:df:c0:c6:c5:0b:9e:e1:7b:42:1a:2d: 1a:25:ab:28:d3:01:81:93:c3:45:0c:78:b6:02:ee:86: 1a:66:87:df:30:0d:d5:32:89:70:76:d2:36:af:55:3e: 5d:85:d5:52:88:e0:f6:25:b3:83:a4:d7:d2:86:1b:cf: 72:02:45:82:cd:5c:90:d1:02:2b:8c:77:be:b8:cb:a1: fa:83:41:35:65:1a:22:da:25:c6:8c:91:c8:9a:2c:61 Fingerprint (SHA-256): AD:12:A3:F8:5E:25:87:68:0D:52:E1:B3:5A:C2:B1:B8:26:B6:71:2D:17:C2:47:06:C4:75:DA:F7:2D:BB:3D:2B Fingerprint (SHA1): 83:92:5E:74:36:4B:B4:70:8F:C1:A0:0D:38:F9:CA:49:BE:4B:92:E0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #1374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1380: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #1381: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #1382: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #1383: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #1384: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #1385: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #1386: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #1387: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1388: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1389: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1390: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1391: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1392: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161526 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1393: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1394: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1395: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1396: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161527 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1397: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1398: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1399: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1400: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161528 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1401: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1402: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1403: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1404: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518161529 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1405: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1406: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1407: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1408: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161530 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1409: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1410: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1411: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1412: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518161531 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1413: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1414: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1415: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1416: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518161532 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1417: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1418: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #1419: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1420: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518161533 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1421: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1422: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1423: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1424: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518161534 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1425: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1426: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1427: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161526 (0x1ee28476) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:09 2015 Not After : Mon May 18 20:23:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 89:8b:eb:a7:74:b1:c5:c5:25:d6:e1:e2:19:93:d2:78: b4:fb:2a:ed:72:65:2f:b1:08:79:d4:bc:c6:aa:ec:bd: f7:54:37:09:24:02:8c:73:22:a6:ba:29:92:82:27:42: 7a:e5:a6:7b:c2:9a:48:b5:cc:32:6f:2c:3b:21:9c:11: 30:e2:25:ad:ab:2a:9b:e7:88:ce:79:11:81:b0:dd:c5: 66:3e:0d:7c:2f:ea:17:43:2b:e5:14:b6:c1:57:32:16: f4:92:ed:86:36:a0:64:16:42:db:97:97:c2:0b:ab:d6: 5a:5c:ed:48:df:62:b5:29:7b:86:c0:9f:9a:13:bf:a7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:2d:b8:dc:83:b7:26:3b:99:65:c1:d7: 58:5f:ac:29:c2:21:8d:88:02:15:00:84:98:c6:c5:90: 54:74:39:1d:c1:b5:e5:35:31:35:eb:47:38:58:b0 Fingerprint (SHA-256): 17:75:BE:41:0F:09:36:90:2B:43:EE:64:BA:39:94:D3:CE:A4:E2:35:78:8B:0E:C9:6B:0B:87:F8:43:FF:E4:A1 Fingerprint (SHA1): 47:AA:D8:F3:95:C4:0F:C4:84:A8:29:BD:1D:DC:7D:7A:26:CF:E9:BD Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1428: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161526 (0x1ee28476) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:09 2015 Not After : Mon May 18 20:23:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 89:8b:eb:a7:74:b1:c5:c5:25:d6:e1:e2:19:93:d2:78: b4:fb:2a:ed:72:65:2f:b1:08:79:d4:bc:c6:aa:ec:bd: f7:54:37:09:24:02:8c:73:22:a6:ba:29:92:82:27:42: 7a:e5:a6:7b:c2:9a:48:b5:cc:32:6f:2c:3b:21:9c:11: 30:e2:25:ad:ab:2a:9b:e7:88:ce:79:11:81:b0:dd:c5: 66:3e:0d:7c:2f:ea:17:43:2b:e5:14:b6:c1:57:32:16: f4:92:ed:86:36:a0:64:16:42:db:97:97:c2:0b:ab:d6: 5a:5c:ed:48:df:62:b5:29:7b:86:c0:9f:9a:13:bf:a7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:2d:b8:dc:83:b7:26:3b:99:65:c1:d7: 58:5f:ac:29:c2:21:8d:88:02:15:00:84:98:c6:c5:90: 54:74:39:1d:c1:b5:e5:35:31:35:eb:47:38:58:b0 Fingerprint (SHA-256): 17:75:BE:41:0F:09:36:90:2B:43:EE:64:BA:39:94:D3:CE:A4:E2:35:78:8B:0E:C9:6B:0B:87:F8:43:FF:E4:A1 Fingerprint (SHA1): 47:AA:D8:F3:95:C4:0F:C4:84:A8:29:BD:1D:DC:7D:7A:26:CF:E9:BD Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1429: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161526 (0x1ee28476) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:09 2015 Not After : Mon May 18 20:23:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 89:8b:eb:a7:74:b1:c5:c5:25:d6:e1:e2:19:93:d2:78: b4:fb:2a:ed:72:65:2f:b1:08:79:d4:bc:c6:aa:ec:bd: f7:54:37:09:24:02:8c:73:22:a6:ba:29:92:82:27:42: 7a:e5:a6:7b:c2:9a:48:b5:cc:32:6f:2c:3b:21:9c:11: 30:e2:25:ad:ab:2a:9b:e7:88:ce:79:11:81:b0:dd:c5: 66:3e:0d:7c:2f:ea:17:43:2b:e5:14:b6:c1:57:32:16: f4:92:ed:86:36:a0:64:16:42:db:97:97:c2:0b:ab:d6: 5a:5c:ed:48:df:62:b5:29:7b:86:c0:9f:9a:13:bf:a7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:2d:b8:dc:83:b7:26:3b:99:65:c1:d7: 58:5f:ac:29:c2:21:8d:88:02:15:00:84:98:c6:c5:90: 54:74:39:1d:c1:b5:e5:35:31:35:eb:47:38:58:b0 Fingerprint (SHA-256): 17:75:BE:41:0F:09:36:90:2B:43:EE:64:BA:39:94:D3:CE:A4:E2:35:78:8B:0E:C9:6B:0B:87:F8:43:FF:E4:A1 Fingerprint (SHA1): 47:AA:D8:F3:95:C4:0F:C4:84:A8:29:BD:1D:DC:7D:7A:26:CF:E9:BD Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1430: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161526 (0x1ee28476) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:09 2015 Not After : Mon May 18 20:23:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 89:8b:eb:a7:74:b1:c5:c5:25:d6:e1:e2:19:93:d2:78: b4:fb:2a:ed:72:65:2f:b1:08:79:d4:bc:c6:aa:ec:bd: f7:54:37:09:24:02:8c:73:22:a6:ba:29:92:82:27:42: 7a:e5:a6:7b:c2:9a:48:b5:cc:32:6f:2c:3b:21:9c:11: 30:e2:25:ad:ab:2a:9b:e7:88:ce:79:11:81:b0:dd:c5: 66:3e:0d:7c:2f:ea:17:43:2b:e5:14:b6:c1:57:32:16: f4:92:ed:86:36:a0:64:16:42:db:97:97:c2:0b:ab:d6: 5a:5c:ed:48:df:62:b5:29:7b:86:c0:9f:9a:13:bf:a7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:2d:b8:dc:83:b7:26:3b:99:65:c1:d7: 58:5f:ac:29:c2:21:8d:88:02:15:00:84:98:c6:c5:90: 54:74:39:1d:c1:b5:e5:35:31:35:eb:47:38:58:b0 Fingerprint (SHA-256): 17:75:BE:41:0F:09:36:90:2B:43:EE:64:BA:39:94:D3:CE:A4:E2:35:78:8B:0E:C9:6B:0B:87:F8:43:FF:E4:A1 Fingerprint (SHA1): 47:AA:D8:F3:95:C4:0F:C4:84:A8:29:BD:1D:DC:7D:7A:26:CF:E9:BD Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #1431: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1432: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1433: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1434: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1435: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1436: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1437: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1438: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1439: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1440: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1441: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1442: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1443: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1444: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1445: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1446: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #1447: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1448: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1449: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1450: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1451: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1452: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1453: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1454: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1455: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1456: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1457: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1458: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518202357Z nextupdate=20160518202357Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:23:57 2015 Next Update: Wed May 18 20:23:57 2016 CRL Extensions: chains.sh: #1459: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518202357Z nextupdate=20160518202358Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:23:57 2015 Next Update: Wed May 18 20:23:58 2016 CRL Extensions: chains.sh: #1460: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518202358Z nextupdate=20160518202358Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:23:58 2015 Next Update: Wed May 18 20:23:58 2016 CRL Extensions: chains.sh: #1461: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518202359Z nextupdate=20160518202359Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:23:59 2015 Next Update: Wed May 18 20:23:59 2016 CRL Extensions: chains.sh: #1462: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518202400Z addcert 14 20150518202400Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:24:00 2015 Next Update: Wed May 18 20:23:58 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 20:24:00 2015 CRL Extensions: chains.sh: #1463: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518202401Z addcert 15 20150518202401Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:24:01 2015 Next Update: Wed May 18 20:23:58 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 20:24:01 2015 CRL Extensions: chains.sh: #1464: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1465: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1466: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1467: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #1468: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #1469: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #1470: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #1471: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #1472: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #1473: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:36 2015 Not After : Mon May 18 20:23:36 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:35:df:06:6c:b7:32:f6:75:5d:c2:9b:2c:cc:e6:1b: 66:9c:ad:2b:e2:45:11:fc:7e:d8:de:c6:d1:87:25:b5: 5d:4a:e8:30:af:21:5c:fd:b4:be:53:0b:ed:b7:d9:45: cb:39:00:8e:68:8d:d8:51:a4:3e:d8:ac:de:21:e4:73: 36:10:b7:e9:3e:9c:bf:16:ec:9c:e0:11:55:1a:ea:12: 23:d7:3e:32:56:cf:76:2d:69:f6:34:97:55:18:e5:db: b1:8c:83:c8:80:e0:8e:2e:2d:7d:ff:f7:62:e2:a9:4c: fd:48:09:ab:6b:92:e9:a4:61:49:f9:70:a9:d2:d9:33 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:8c:08:e0:40:56:f5:99:a3:b4:45:65:89:58:be:9a: 6c:ab:5c:72:ce:8e:8c:8c:9b:1d:d9:c3:e2:52:48:29: 1a:78:15:32:81:a7:a3:e2:63:2f:3e:fb:b3:14:91:0a: 95:7d:01:39:47:56:40:9c:0a:d4:dc:16:aa:9d:72:2c: 11:7e:54:f2:07:a8:8c:16:d1:25:6f:68:45:9a:0f:ba: 08:60:91:c8:22:99:81:8d:36:cf:54:a6:35:94:08:07: 5f:9b:be:16:b2:11:c8:33:b8:ff:64:f6:5e:d7:b1:1d: c8:60:70:9b:15:b8:3f:a9:2b:41:7b:ca:97:c3:4e:62 Fingerprint (SHA-256): CC:A8:A3:77:2E:FA:14:B4:89:5C:67:A2:B5:58:E8:11:30:14:A7:5E:60:ED:62:DE:36:0C:46:70:B3:05:0B:C9 Fingerprint (SHA1): 94:38:49:70:39:63:6A:36:A1:27:A2:E0:C6:EA:CE:0C:B7:33:A9:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1474: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1475: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:23:36 2015 Not After : Mon May 18 20:23:36 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:35:df:06:6c:b7:32:f6:75:5d:c2:9b:2c:cc:e6:1b: 66:9c:ad:2b:e2:45:11:fc:7e:d8:de:c6:d1:87:25:b5: 5d:4a:e8:30:af:21:5c:fd:b4:be:53:0b:ed:b7:d9:45: cb:39:00:8e:68:8d:d8:51:a4:3e:d8:ac:de:21:e4:73: 36:10:b7:e9:3e:9c:bf:16:ec:9c:e0:11:55:1a:ea:12: 23:d7:3e:32:56:cf:76:2d:69:f6:34:97:55:18:e5:db: b1:8c:83:c8:80:e0:8e:2e:2d:7d:ff:f7:62:e2:a9:4c: fd:48:09:ab:6b:92:e9:a4:61:49:f9:70:a9:d2:d9:33 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:8c:08:e0:40:56:f5:99:a3:b4:45:65:89:58:be:9a: 6c:ab:5c:72:ce:8e:8c:8c:9b:1d:d9:c3:e2:52:48:29: 1a:78:15:32:81:a7:a3:e2:63:2f:3e:fb:b3:14:91:0a: 95:7d:01:39:47:56:40:9c:0a:d4:dc:16:aa:9d:72:2c: 11:7e:54:f2:07:a8:8c:16:d1:25:6f:68:45:9a:0f:ba: 08:60:91:c8:22:99:81:8d:36:cf:54:a6:35:94:08:07: 5f:9b:be:16:b2:11:c8:33:b8:ff:64:f6:5e:d7:b1:1d: c8:60:70:9b:15:b8:3f:a9:2b:41:7b:ca:97:c3:4e:62 Fingerprint (SHA-256): CC:A8:A3:77:2E:FA:14:B4:89:5C:67:A2:B5:58:E8:11:30:14:A7:5E:60:ED:62:DE:36:0C:46:70:B3:05:0B:C9 Fingerprint (SHA1): 94:38:49:70:39:63:6A:36:A1:27:A2:E0:C6:EA:CE:0C:B7:33:A9:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1476: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1477: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1478: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161535 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1479: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1480: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1481: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1482: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518161536 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1483: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1484: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1485: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161426.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1486: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161411.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1487: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1488: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1489: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161426.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1490: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518161537 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1491: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1492: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1493: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161426.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1494: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161412.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1495: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1496: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1497: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1498: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518161538 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1499: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1500: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1501: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161426.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1502: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161413.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1503: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1504: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1505: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161426.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1506: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161414.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1507: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1508: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518202440Z nextupdate=20160518202440Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:24:40 2015 Next Update: Wed May 18 20:24:40 2016 CRL Extensions: chains.sh: #1509: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518202441Z nextupdate=20160518202441Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:24:41 2015 Next Update: Wed May 18 20:24:41 2016 CRL Extensions: chains.sh: #1510: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518202442Z nextupdate=20160518202442Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:24:42 2015 Next Update: Wed May 18 20:24:42 2016 CRL Extensions: chains.sh: #1511: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518202442Z nextupdate=20160518202442Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:24:42 2015 Next Update: Wed May 18 20:24:42 2016 CRL Extensions: chains.sh: #1512: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518202443Z addcert 20 20150518202443Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:24:43 2015 Next Update: Wed May 18 20:24:41 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:24:43 2015 CRL Extensions: chains.sh: #1513: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518202444Z addcert 40 20150518202444Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:24:44 2015 Next Update: Wed May 18 20:24:41 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:24:43 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 20:24:44 2015 CRL Extensions: chains.sh: #1514: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1515: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1516: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1517: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161535 (0x1ee2847f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:24:13 2015 Not After : Mon May 18 20:24:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:8a:d6:a1:4d:f9:d8:93:a3:32:9c:57:bf:78:f1:9a: 09:30:8c:0a:69:38:18:fb:ff:c1:b5:9d:d7:b5:35:c6: 0c:bc:86:34:17:5e:7d:f1:0c:90:0f:a7:16:16:be:c1: 06:00:97:68:62:20:dd:a6:b2:06:9b:0c:ec:43:d1:10: b2:b2:10:ca:18:19:de:7c:80:4d:e4:db:f4:24:31:73: 4b:4c:b7:0a:3d:de:2d:74:48:35:5d:46:df:b8:22:f9: 42:ed:a9:e8:cd:85:ec:99:c6:bf:03:48:6c:4b:dc:30: 71:a3:a6:45:55:6a:dd:1d:5f:4c:ee:2c:ba:92:86:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:8a:38:e6:f4:e4:11:73:ce:0d:75:45:4c:3c:38:94: 72:bb:64:af:e7:e3:7f:22:c4:76:f3:20:bc:c8:d7:1a: 96:4f:4e:e1:9c:64:96:1e:f7:ec:32:19:ee:bb:d5:44: 52:12:c8:b9:7d:48:b9:2f:78:69:ad:38:98:93:62:aa: 5c:15:3e:93:92:f8:9f:f2:fa:5f:a8:32:9a:78:fe:c5: 50:47:3a:9c:fe:f8:3a:3c:8e:00:e3:d0:a4:bb:14:cc: a8:07:90:b5:d6:9e:6f:50:15:63:17:e2:5a:e7:32:d8: 23:df:23:5d:0f:17:bf:79:c0:35:f5:da:85:a5:c3:ff Fingerprint (SHA-256): 32:60:43:BA:AC:F6:D2:2A:99:43:4E:46:A9:FF:2E:C6:79:8A:E7:3A:42:04:AC:B2:06:BF:47:E9:90:CF:53:F4 Fingerprint (SHA1): 0F:AD:E4:E4:85:E9:EC:8E:51:1B:47:04:BF:B6:69:D2:CC:66:D9:C4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1518: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1519: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161535 (0x1ee2847f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:24:13 2015 Not After : Mon May 18 20:24:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:8a:d6:a1:4d:f9:d8:93:a3:32:9c:57:bf:78:f1:9a: 09:30:8c:0a:69:38:18:fb:ff:c1:b5:9d:d7:b5:35:c6: 0c:bc:86:34:17:5e:7d:f1:0c:90:0f:a7:16:16:be:c1: 06:00:97:68:62:20:dd:a6:b2:06:9b:0c:ec:43:d1:10: b2:b2:10:ca:18:19:de:7c:80:4d:e4:db:f4:24:31:73: 4b:4c:b7:0a:3d:de:2d:74:48:35:5d:46:df:b8:22:f9: 42:ed:a9:e8:cd:85:ec:99:c6:bf:03:48:6c:4b:dc:30: 71:a3:a6:45:55:6a:dd:1d:5f:4c:ee:2c:ba:92:86:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:8a:38:e6:f4:e4:11:73:ce:0d:75:45:4c:3c:38:94: 72:bb:64:af:e7:e3:7f:22:c4:76:f3:20:bc:c8:d7:1a: 96:4f:4e:e1:9c:64:96:1e:f7:ec:32:19:ee:bb:d5:44: 52:12:c8:b9:7d:48:b9:2f:78:69:ad:38:98:93:62:aa: 5c:15:3e:93:92:f8:9f:f2:fa:5f:a8:32:9a:78:fe:c5: 50:47:3a:9c:fe:f8:3a:3c:8e:00:e3:d0:a4:bb:14:cc: a8:07:90:b5:d6:9e:6f:50:15:63:17:e2:5a:e7:32:d8: 23:df:23:5d:0f:17:bf:79:c0:35:f5:da:85:a5:c3:ff Fingerprint (SHA-256): 32:60:43:BA:AC:F6:D2:2A:99:43:4E:46:A9:FF:2E:C6:79:8A:E7:3A:42:04:AC:B2:06:BF:47:E9:90:CF:53:F4 Fingerprint (SHA1): 0F:AD:E4:E4:85:E9:EC:8E:51:1B:47:04:BF:B6:69:D2:CC:66:D9:C4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1520: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1521: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1522: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161539 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1523: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1524: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1525: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1526: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161540 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1527: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1528: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1529: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1530: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161541 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1531: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1532: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1533: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1534: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518161542 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1535: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1536: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #1537: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161543 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1538: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #1539: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #1540: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1541: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518161544 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1542: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1543: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1544: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1545: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518161545 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1546: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1547: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #1548: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #1549: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #1550: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161539 (0x1ee28483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:24:53 2015 Not After : Mon May 18 20:24:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:34:07:8c:82:01:97:ae:3d:47:b4:a1:36:81:aa:2d: a5:b0:1f:be:9a:a8:47:d4:96:25:3e:24:0b:38:00:3f: 25:ea:a4:03:41:cb:8e:c7:0b:18:4e:82:5f:cc:8b:d5: 62:b6:ca:42:44:fb:b2:86:87:03:e6:3a:8b:af:be:4e: 60:90:85:bc:71:c7:91:bb:16:43:b6:bb:5d:b4:63:4f: 4c:61:f3:25:cb:e1:3c:6e:29:24:0e:81:f2:0d:fb:f8: f0:03:3d:a9:bd:b1:12:0a:52:01:6c:49:fc:1b:e1:e1: 13:79:e2:00:43:95:da:33:ad:cf:c5:5a:bd:99:14:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:0f:29:9d:67:cd:14:78:17:2a:f2:e6:43:15:ff: 57:12:4d:fc:0a:a1:26:6c:22:f4:8e:02:0d:20:ed:0e: 18:87:e7:f9:ee:6d:1c:4d:1d:97:9b:fb:62:20:ce:1e: 83:a7:f1:de:a6:76:27:b9:b3:b0:e0:0c:dd:ae:14:96: af:47:ac:d2:2f:d5:53:c0:20:4c:68:3e:0f:42:7c:c1: e4:c3:ed:6d:18:82:0c:4a:74:90:24:4f:ce:f0:e5:0e: ee:7d:53:19:5e:6e:e9:2f:31:7d:8c:45:f5:ed:ab:00: e9:2a:a0:d1:ed:18:38:91:11:cc:26:5c:c3:c6:ad:eb Fingerprint (SHA-256): EC:C2:80:C3:BC:C6:AA:4F:1A:B1:A9:34:35:D7:53:A9:4E:15:4A:19:36:CF:58:9C:D9:E2:AA:EA:0B:45:57:79 Fingerprint (SHA1): 92:7C:B9:59:46:9E:E8:89:25:31:E4:1C:4D:23:DB:81:FC:06:85:DA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1551: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161541 (0x1ee28485) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:24:59 2015 Not After : Mon May 18 20:24:59 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:6d:35:c2:5c:1d:9d:a3:9a:42:30:97:08:67:a4:f7: 9d:90:a2:a9:04:16:95:87:4e:a7:4f:f8:60:33:89:ad: e4:d8:28:0d:03:da:4d:bd:68:0b:11:4c:88:f8:ca:36: 9e:03:2a:21:bd:a5:0e:51:39:42:93:5b:fa:51:61:27: a7:3b:2d:71:3a:a3:e0:75:e8:e5:39:e4:58:ea:7d:56: 20:aa:04:df:c3:58:7f:57:6d:50:00:71:85:5c:73:b1: 06:e9:fe:8b:e3:df:6c:5c:50:10:c3:db:21:d8:50:16: 5d:98:5f:21:69:64:ee:4e:ed:f9:14:ff:06:19:7b:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ed:14:90:e9:67:0f:69:05:06:da:89:bd:61:bb:e1: d4:1b:55:6a:aa:1c:35:4e:0a:97:09:42:9a:81:01:8f: 52:53:0a:8c:cc:cd:61:6e:d3:d9:16:ef:f3:37:48:03: 27:6f:a4:b0:fe:63:b5:2d:34:c6:81:ce:dd:2d:3e:76: c2:db:c5:dc:00:4e:0d:a2:93:68:17:1f:0a:b9:f1:ee: 04:a8:ca:54:f7:82:e7:6c:2c:4e:34:7e:98:94:42:c1: 53:91:71:41:16:39:46:c7:c3:4a:e1:da:9d:06:fd:7c: 86:3f:66:65:c9:09:4d:e8:5b:67:f7:e7:bc:d1:bb:94 Fingerprint (SHA-256): 16:AE:40:D9:29:67:15:6F:26:C5:FF:72:FE:B0:E0:1E:9B:DC:A6:43:49:C4:70:D5:57:68:53:BC:7C:8E:55:BC Fingerprint (SHA1): 6F:B5:8A:C0:A0:20:87:18:82:B3:38:1C:AF:D6:07:5D:4B:FE:8C:E4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1552: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161539 (0x1ee28483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:24:53 2015 Not After : Mon May 18 20:24:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:34:07:8c:82:01:97:ae:3d:47:b4:a1:36:81:aa:2d: a5:b0:1f:be:9a:a8:47:d4:96:25:3e:24:0b:38:00:3f: 25:ea:a4:03:41:cb:8e:c7:0b:18:4e:82:5f:cc:8b:d5: 62:b6:ca:42:44:fb:b2:86:87:03:e6:3a:8b:af:be:4e: 60:90:85:bc:71:c7:91:bb:16:43:b6:bb:5d:b4:63:4f: 4c:61:f3:25:cb:e1:3c:6e:29:24:0e:81:f2:0d:fb:f8: f0:03:3d:a9:bd:b1:12:0a:52:01:6c:49:fc:1b:e1:e1: 13:79:e2:00:43:95:da:33:ad:cf:c5:5a:bd:99:14:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:0f:29:9d:67:cd:14:78:17:2a:f2:e6:43:15:ff: 57:12:4d:fc:0a:a1:26:6c:22:f4:8e:02:0d:20:ed:0e: 18:87:e7:f9:ee:6d:1c:4d:1d:97:9b:fb:62:20:ce:1e: 83:a7:f1:de:a6:76:27:b9:b3:b0:e0:0c:dd:ae:14:96: af:47:ac:d2:2f:d5:53:c0:20:4c:68:3e:0f:42:7c:c1: e4:c3:ed:6d:18:82:0c:4a:74:90:24:4f:ce:f0:e5:0e: ee:7d:53:19:5e:6e:e9:2f:31:7d:8c:45:f5:ed:ab:00: e9:2a:a0:d1:ed:18:38:91:11:cc:26:5c:c3:c6:ad:eb Fingerprint (SHA-256): EC:C2:80:C3:BC:C6:AA:4F:1A:B1:A9:34:35:D7:53:A9:4E:15:4A:19:36:CF:58:9C:D9:E2:AA:EA:0B:45:57:79 Fingerprint (SHA1): 92:7C:B9:59:46:9E:E8:89:25:31:E4:1C:4D:23:DB:81:FC:06:85:DA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1553: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #1554: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161539 (0x1ee28483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:24:53 2015 Not After : Mon May 18 20:24:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:34:07:8c:82:01:97:ae:3d:47:b4:a1:36:81:aa:2d: a5:b0:1f:be:9a:a8:47:d4:96:25:3e:24:0b:38:00:3f: 25:ea:a4:03:41:cb:8e:c7:0b:18:4e:82:5f:cc:8b:d5: 62:b6:ca:42:44:fb:b2:86:87:03:e6:3a:8b:af:be:4e: 60:90:85:bc:71:c7:91:bb:16:43:b6:bb:5d:b4:63:4f: 4c:61:f3:25:cb:e1:3c:6e:29:24:0e:81:f2:0d:fb:f8: f0:03:3d:a9:bd:b1:12:0a:52:01:6c:49:fc:1b:e1:e1: 13:79:e2:00:43:95:da:33:ad:cf:c5:5a:bd:99:14:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:0f:29:9d:67:cd:14:78:17:2a:f2:e6:43:15:ff: 57:12:4d:fc:0a:a1:26:6c:22:f4:8e:02:0d:20:ed:0e: 18:87:e7:f9:ee:6d:1c:4d:1d:97:9b:fb:62:20:ce:1e: 83:a7:f1:de:a6:76:27:b9:b3:b0:e0:0c:dd:ae:14:96: af:47:ac:d2:2f:d5:53:c0:20:4c:68:3e:0f:42:7c:c1: e4:c3:ed:6d:18:82:0c:4a:74:90:24:4f:ce:f0:e5:0e: ee:7d:53:19:5e:6e:e9:2f:31:7d:8c:45:f5:ed:ab:00: e9:2a:a0:d1:ed:18:38:91:11:cc:26:5c:c3:c6:ad:eb Fingerprint (SHA-256): EC:C2:80:C3:BC:C6:AA:4F:1A:B1:A9:34:35:D7:53:A9:4E:15:4A:19:36:CF:58:9C:D9:E2:AA:EA:0B:45:57:79 Fingerprint (SHA1): 92:7C:B9:59:46:9E:E8:89:25:31:E4:1C:4D:23:DB:81:FC:06:85:DA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1555: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161541 (0x1ee28485) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:24:59 2015 Not After : Mon May 18 20:24:59 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:6d:35:c2:5c:1d:9d:a3:9a:42:30:97:08:67:a4:f7: 9d:90:a2:a9:04:16:95:87:4e:a7:4f:f8:60:33:89:ad: e4:d8:28:0d:03:da:4d:bd:68:0b:11:4c:88:f8:ca:36: 9e:03:2a:21:bd:a5:0e:51:39:42:93:5b:fa:51:61:27: a7:3b:2d:71:3a:a3:e0:75:e8:e5:39:e4:58:ea:7d:56: 20:aa:04:df:c3:58:7f:57:6d:50:00:71:85:5c:73:b1: 06:e9:fe:8b:e3:df:6c:5c:50:10:c3:db:21:d8:50:16: 5d:98:5f:21:69:64:ee:4e:ed:f9:14:ff:06:19:7b:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ed:14:90:e9:67:0f:69:05:06:da:89:bd:61:bb:e1: d4:1b:55:6a:aa:1c:35:4e:0a:97:09:42:9a:81:01:8f: 52:53:0a:8c:cc:cd:61:6e:d3:d9:16:ef:f3:37:48:03: 27:6f:a4:b0:fe:63:b5:2d:34:c6:81:ce:dd:2d:3e:76: c2:db:c5:dc:00:4e:0d:a2:93:68:17:1f:0a:b9:f1:ee: 04:a8:ca:54:f7:82:e7:6c:2c:4e:34:7e:98:94:42:c1: 53:91:71:41:16:39:46:c7:c3:4a:e1:da:9d:06:fd:7c: 86:3f:66:65:c9:09:4d:e8:5b:67:f7:e7:bc:d1:bb:94 Fingerprint (SHA-256): 16:AE:40:D9:29:67:15:6F:26:C5:FF:72:FE:B0:E0:1E:9B:DC:A6:43:49:C4:70:D5:57:68:53:BC:7C:8E:55:BC Fingerprint (SHA1): 6F:B5:8A:C0:A0:20:87:18:82:B3:38:1C:AF:D6:07:5D:4B:FE:8C:E4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1556: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #1557: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #1558: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #1559: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161539 (0x1ee28483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:24:53 2015 Not After : Mon May 18 20:24:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:34:07:8c:82:01:97:ae:3d:47:b4:a1:36:81:aa:2d: a5:b0:1f:be:9a:a8:47:d4:96:25:3e:24:0b:38:00:3f: 25:ea:a4:03:41:cb:8e:c7:0b:18:4e:82:5f:cc:8b:d5: 62:b6:ca:42:44:fb:b2:86:87:03:e6:3a:8b:af:be:4e: 60:90:85:bc:71:c7:91:bb:16:43:b6:bb:5d:b4:63:4f: 4c:61:f3:25:cb:e1:3c:6e:29:24:0e:81:f2:0d:fb:f8: f0:03:3d:a9:bd:b1:12:0a:52:01:6c:49:fc:1b:e1:e1: 13:79:e2:00:43:95:da:33:ad:cf:c5:5a:bd:99:14:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:0f:29:9d:67:cd:14:78:17:2a:f2:e6:43:15:ff: 57:12:4d:fc:0a:a1:26:6c:22:f4:8e:02:0d:20:ed:0e: 18:87:e7:f9:ee:6d:1c:4d:1d:97:9b:fb:62:20:ce:1e: 83:a7:f1:de:a6:76:27:b9:b3:b0:e0:0c:dd:ae:14:96: af:47:ac:d2:2f:d5:53:c0:20:4c:68:3e:0f:42:7c:c1: e4:c3:ed:6d:18:82:0c:4a:74:90:24:4f:ce:f0:e5:0e: ee:7d:53:19:5e:6e:e9:2f:31:7d:8c:45:f5:ed:ab:00: e9:2a:a0:d1:ed:18:38:91:11:cc:26:5c:c3:c6:ad:eb Fingerprint (SHA-256): EC:C2:80:C3:BC:C6:AA:4F:1A:B1:A9:34:35:D7:53:A9:4E:15:4A:19:36:CF:58:9C:D9:E2:AA:EA:0B:45:57:79 Fingerprint (SHA1): 92:7C:B9:59:46:9E:E8:89:25:31:E4:1C:4D:23:DB:81:FC:06:85:DA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1560: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161543 (0x1ee28487) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:25:05 2015 Not After : Mon May 18 20:25:05 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:bd:a8:59:dd:e8:98:9c:62:07:c8:91:91:b4:58:59: 6c:c4:cf:46:23:72:af:a5:0e:42:bd:53:4c:03:c5:ba: 5f:5e:3b:ab:61:c8:b5:0a:a7:2f:c9:63:44:f1:da:22: ac:ca:62:56:f7:c1:e8:a8:82:0f:9a:66:7b:07:ec:9b: 0d:1c:0d:9c:1b:8d:2d:0b:18:0e:36:90:65:f3:c6:40: 03:c8:b5:e1:c1:9a:e4:d4:8c:24:56:b1:a6:8a:9d:9d: 0b:30:e2:1d:cf:15:e3:db:5e:d1:2d:42:62:a5:d5:93: 17:88:58:33:17:52:41:39:8f:92:ad:44:ac:84:23:8b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 22:a2:18:49:70:eb:36:8f:ea:9a:41:10:4f:f4:91:d1: 07:5d:06:16:9c:07:10:3d:20:18:52:9a:4d:25:c5:0e: 84:49:15:7e:5c:87:0f:39:64:3e:19:02:96:39:a1:55: df:33:42:b8:3f:88:93:fa:0a:8d:c5:fd:ba:8c:9c:77: 58:8a:ec:11:90:d0:8a:b4:02:20:83:8d:a8:2c:10:82: 9b:a4:14:71:8a:31:5f:da:ab:de:fd:df:72:87:45:52: 1c:77:89:a0:13:5b:10:d4:6e:7e:c8:b3:a3:75:f6:c1: 31:b3:82:29:3a:de:3a:22:57:40:92:b1:b0:c4:e1:b1 Fingerprint (SHA-256): 6E:72:1C:3D:55:39:90:F0:1E:54:2E:94:F5:80:91:34:6D:AC:74:0E:37:61:10:EA:DF:05:6F:24:E2:81:A6:23 Fingerprint (SHA1): 1F:FF:8F:7E:61:75:AF:D7:30:A6:C2:FE:6D:BF:05:49:65:23:00:5E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #1561: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161539 (0x1ee28483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:24:53 2015 Not After : Mon May 18 20:24:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:34:07:8c:82:01:97:ae:3d:47:b4:a1:36:81:aa:2d: a5:b0:1f:be:9a:a8:47:d4:96:25:3e:24:0b:38:00:3f: 25:ea:a4:03:41:cb:8e:c7:0b:18:4e:82:5f:cc:8b:d5: 62:b6:ca:42:44:fb:b2:86:87:03:e6:3a:8b:af:be:4e: 60:90:85:bc:71:c7:91:bb:16:43:b6:bb:5d:b4:63:4f: 4c:61:f3:25:cb:e1:3c:6e:29:24:0e:81:f2:0d:fb:f8: f0:03:3d:a9:bd:b1:12:0a:52:01:6c:49:fc:1b:e1:e1: 13:79:e2:00:43:95:da:33:ad:cf:c5:5a:bd:99:14:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:0f:29:9d:67:cd:14:78:17:2a:f2:e6:43:15:ff: 57:12:4d:fc:0a:a1:26:6c:22:f4:8e:02:0d:20:ed:0e: 18:87:e7:f9:ee:6d:1c:4d:1d:97:9b:fb:62:20:ce:1e: 83:a7:f1:de:a6:76:27:b9:b3:b0:e0:0c:dd:ae:14:96: af:47:ac:d2:2f:d5:53:c0:20:4c:68:3e:0f:42:7c:c1: e4:c3:ed:6d:18:82:0c:4a:74:90:24:4f:ce:f0:e5:0e: ee:7d:53:19:5e:6e:e9:2f:31:7d:8c:45:f5:ed:ab:00: e9:2a:a0:d1:ed:18:38:91:11:cc:26:5c:c3:c6:ad:eb Fingerprint (SHA-256): EC:C2:80:C3:BC:C6:AA:4F:1A:B1:A9:34:35:D7:53:A9:4E:15:4A:19:36:CF:58:9C:D9:E2:AA:EA:0B:45:57:79 Fingerprint (SHA1): 92:7C:B9:59:46:9E:E8:89:25:31:E4:1C:4D:23:DB:81:FC:06:85:DA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1562: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #1563: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #1564: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #1565: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #1566: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #1567: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161544 (0x1ee28488) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:25:08 2015 Not After : Mon May 18 20:25:08 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:0f:c6:d3:0b:4f:43:45:41:33:b2:cd:00:69:32:3e: 47:1f:50:91:69:db:12:84:40:ce:f6:7c:0a:2e:a7:7e: a3:0f:01:ac:32:6c:0b:4b:4a:54:4f:ce:18:46:b2:b5: 0b:de:6e:de:fa:37:68:0e:67:84:77:2a:75:db:72:9b: 17:ec:75:0a:4f:d9:b9:52:15:f7:1a:ea:db:3d:e8:d3: 98:64:c3:20:81:05:57:32:d6:6c:1f:39:6d:cd:28:01: 87:10:c9:ff:31:42:ce:11:9f:5a:15:2c:2d:76:1d:f8: 54:cc:0c:e7:7f:94:26:8a:63:8d:61:58:02:cf:b5:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:6e:6a:e8:a1:1b:a0:f1:f0:de:7d:43:8f:d8:23:8f: e9:7b:54:80:3a:f9:2c:d3:98:cd:ad:0c:61:d8:63:91: 7a:4e:66:ef:d6:71:54:0e:22:bc:f1:ed:80:62:ef:b2: 15:7f:90:92:67:40:e0:62:7f:21:9e:19:5a:7a:2b:fc: e4:31:59:ba:5c:bb:13:29:45:5f:21:4b:4c:13:09:87: 97:61:b6:ec:3b:02:d4:a0:7f:ec:41:da:7b:ef:ef:ad: e8:60:2e:cd:84:d6:81:0f:96:3a:a6:3d:8f:32:81:59: 58:ad:19:fd:06:8d:eb:af:cf:07:9c:ea:c4:ed:aa:5e Fingerprint (SHA-256): 25:F7:04:BD:68:45:34:2E:ED:90:07:D0:9D:C4:63:D3:E9:F9:40:B2:7D:7D:66:9E:61:3F:E5:D7:A0:EB:03:7F Fingerprint (SHA1): D5:4C:28:97:46:2C:72:EF:E2:3E:23:4F:47:46:B2:06:31:10:CB:16 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #1568: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #1569: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #1570: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #1571: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #1572: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1573: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1574: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1575: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1576: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1577: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1578: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1579: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1580: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1581: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1582: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1583: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1584: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1585: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1586: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #1587: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1588: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1589: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1590: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1591: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 20031 at Mon May 18 16:25:39 EDT 2015 kill -USR1 20031 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 20031 killed at Mon May 18 16:25:39 EDT 2015 httpserv starting at Mon May 18 16:25:39 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:25:39 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:25:45 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #1592: Waiting for Server - FAILED kill -0 3275 >/dev/null 2>/dev/null httpserv with PID 3275 found at Mon May 18 16:25:45 EDT 2015 httpserv with PID 3275 started at Mon May 18 16:25:45 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1593: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161546 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1594: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1595: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1596: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161547 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1597: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1598: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1599: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1600: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161548 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1601: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1602: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161549 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1603: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1604: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1605: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1606: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1607: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518161550 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1608: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1609: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1610: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #1611: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #1612: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161547 (0x1ee2848b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:25:51 2015 Not After : Mon May 18 20:25:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:4b:bd:20:9b:69:da:5d:4d:f6:98:58:ad:8e:d8:c9: 80:5e:16:ce:2e:f2:f4:e5:48:84:a8:00:35:51:30:b1: 93:ca:99:e2:50:0c:97:43:ad:a9:a5:bc:2c:0a:50:ae: 96:a6:28:70:01:a9:c0:e0:b5:2d:5b:9f:18:6f:86:e8: 2b:9d:1e:2c:64:26:27:c5:d5:68:f2:2b:26:9b:f9:07: 67:a8:60:69:26:17:d4:58:9b:2c:9f:51:3f:a7:a7:ba: 70:4b:41:cb:75:7f:a4:99:d4:6d:e4:c2:ef:7c:87:78: 9c:41:90:14:22:5e:11:37:04:2a:d7:aa:4a:36:43:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:eb:f0:db:6e:d4:3e:b5:b9:e0:68:36:d2:ff:59:52: 46:f0:86:b5:60:d4:80:ff:c3:6a:9e:38:86:dc:3c:fa: 5d:1a:e5:22:8e:f2:d5:19:96:2a:09:57:e8:5d:34:f6: 2c:c8:ca:99:a1:a8:9e:e1:6c:ec:dd:f4:85:ee:52:7b: 46:3e:31:1f:f7:af:81:ce:69:db:86:9b:f3:22:35:ed: 6b:0b:a9:48:59:06:36:61:10:2f:68:9b:2b:ff:99:98: 7b:d8:07:4e:a1:bc:30:08:ce:fa:38:83:f3:26:5b:e7: 57:46:4d:e5:8f:68:59:39:bb:ba:27:42:67:27:c8:c2 Fingerprint (SHA-256): CE:EB:BA:9D:5A:CE:C5:06:45:8E:2D:83:CA:A0:87:13:47:5F:16:DE:49:D2:A8:8F:C7:B4:F0:C6:3C:1F:CE:82 Fingerprint (SHA1): 0A:8C:E5:D3:E8:6F:17:DB:51:82:43:D2:27:FB:73:5E:B1:01:94:A5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1613: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161546 (0x1ee2848a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:25:49 2015 Not After : Mon May 18 20:25:49 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:22:7b:92:4c:98:2e:cd:00:a5:dd:f5:c8:d6:da:2b: 53:53:6a:e8:1d:39:07:98:04:e8:48:dd:97:e5:fa:14: 6a:52:51:89:b2:68:bf:84:14:ef:89:c8:c7:c7:26:6b: 40:59:03:1e:ef:49:73:c3:74:0f:3a:07:27:48:26:9f: 8a:37:cc:f2:9e:70:1b:71:04:4c:e3:20:5b:33:60:e9: 59:7e:6d:63:42:8e:e6:a3:a1:05:84:72:e1:99:4a:15: f1:2f:fe:c9:05:79:39:b5:94:56:1d:e8:69:37:8e:cc: 14:36:29:92:f7:42:21:65:ca:bd:0d:c6:06:26:d0:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:24:5b:94:2b:29:21:51:0f:f7:b8:aa:5f:3f:08:c7: 09:aa:32:7c:3d:ac:6c:85:bb:f6:6e:78:73:14:dc:34: 14:17:7c:b7:e6:de:35:30:fa:c1:fb:e7:3a:a0:f0:9e: f4:51:3a:f0:ab:44:60:1c:24:b7:2d:0e:3a:db:93:e2: 13:ef:20:be:b5:00:87:90:24:5b:85:9a:e6:29:60:72: ec:2a:c0:b0:ac:05:03:b9:cb:73:12:b8:96:ab:30:02: 34:b8:66:7a:e0:51:53:4c:50:38:34:ec:11:93:52:76: b6:68:0a:69:0e:93:8c:0d:39:48:b2:97:74:54:19:18 Fingerprint (SHA-256): 72:3F:38:D2:52:31:DC:55:D3:F1:EA:0E:10:A8:66:AC:53:33:96:47:2C:B1:8E:EF:F9:C9:47:62:02:9F:85:E7 Fingerprint (SHA1): 0D:E7:43:F5:1B:51:64:97:AB:0A:31:AB:30:09:6D:E3:DA:DD:43:AB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1614: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1615: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #1616: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #1617: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161546 (0x1ee2848a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:25:49 2015 Not After : Mon May 18 20:25:49 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:22:7b:92:4c:98:2e:cd:00:a5:dd:f5:c8:d6:da:2b: 53:53:6a:e8:1d:39:07:98:04:e8:48:dd:97:e5:fa:14: 6a:52:51:89:b2:68:bf:84:14:ef:89:c8:c7:c7:26:6b: 40:59:03:1e:ef:49:73:c3:74:0f:3a:07:27:48:26:9f: 8a:37:cc:f2:9e:70:1b:71:04:4c:e3:20:5b:33:60:e9: 59:7e:6d:63:42:8e:e6:a3:a1:05:84:72:e1:99:4a:15: f1:2f:fe:c9:05:79:39:b5:94:56:1d:e8:69:37:8e:cc: 14:36:29:92:f7:42:21:65:ca:bd:0d:c6:06:26:d0:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:24:5b:94:2b:29:21:51:0f:f7:b8:aa:5f:3f:08:c7: 09:aa:32:7c:3d:ac:6c:85:bb:f6:6e:78:73:14:dc:34: 14:17:7c:b7:e6:de:35:30:fa:c1:fb:e7:3a:a0:f0:9e: f4:51:3a:f0:ab:44:60:1c:24:b7:2d:0e:3a:db:93:e2: 13:ef:20:be:b5:00:87:90:24:5b:85:9a:e6:29:60:72: ec:2a:c0:b0:ac:05:03:b9:cb:73:12:b8:96:ab:30:02: 34:b8:66:7a:e0:51:53:4c:50:38:34:ec:11:93:52:76: b6:68:0a:69:0e:93:8c:0d:39:48:b2:97:74:54:19:18 Fingerprint (SHA-256): 72:3F:38:D2:52:31:DC:55:D3:F1:EA:0E:10:A8:66:AC:53:33:96:47:2C:B1:8E:EF:F9:C9:47:62:02:9F:85:E7 Fingerprint (SHA1): 0D:E7:43:F5:1B:51:64:97:AB:0A:31:AB:30:09:6D:E3:DA:DD:43:AB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1618: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161547 (0x1ee2848b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:25:51 2015 Not After : Mon May 18 20:25:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:4b:bd:20:9b:69:da:5d:4d:f6:98:58:ad:8e:d8:c9: 80:5e:16:ce:2e:f2:f4:e5:48:84:a8:00:35:51:30:b1: 93:ca:99:e2:50:0c:97:43:ad:a9:a5:bc:2c:0a:50:ae: 96:a6:28:70:01:a9:c0:e0:b5:2d:5b:9f:18:6f:86:e8: 2b:9d:1e:2c:64:26:27:c5:d5:68:f2:2b:26:9b:f9:07: 67:a8:60:69:26:17:d4:58:9b:2c:9f:51:3f:a7:a7:ba: 70:4b:41:cb:75:7f:a4:99:d4:6d:e4:c2:ef:7c:87:78: 9c:41:90:14:22:5e:11:37:04:2a:d7:aa:4a:36:43:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:eb:f0:db:6e:d4:3e:b5:b9:e0:68:36:d2:ff:59:52: 46:f0:86:b5:60:d4:80:ff:c3:6a:9e:38:86:dc:3c:fa: 5d:1a:e5:22:8e:f2:d5:19:96:2a:09:57:e8:5d:34:f6: 2c:c8:ca:99:a1:a8:9e:e1:6c:ec:dd:f4:85:ee:52:7b: 46:3e:31:1f:f7:af:81:ce:69:db:86:9b:f3:22:35:ed: 6b:0b:a9:48:59:06:36:61:10:2f:68:9b:2b:ff:99:98: 7b:d8:07:4e:a1:bc:30:08:ce:fa:38:83:f3:26:5b:e7: 57:46:4d:e5:8f:68:59:39:bb:ba:27:42:67:27:c8:c2 Fingerprint (SHA-256): CE:EB:BA:9D:5A:CE:C5:06:45:8E:2D:83:CA:A0:87:13:47:5F:16:DE:49:D2:A8:8F:C7:B4:F0:C6:3C:1F:CE:82 Fingerprint (SHA1): 0A:8C:E5:D3:E8:6F:17:DB:51:82:43:D2:27:FB:73:5E:B1:01:94:A5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1619: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #1620: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #1621: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1622: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1623: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1624: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161547 (0x1ee2848b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:25:51 2015 Not After : Mon May 18 20:25:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:4b:bd:20:9b:69:da:5d:4d:f6:98:58:ad:8e:d8:c9: 80:5e:16:ce:2e:f2:f4:e5:48:84:a8:00:35:51:30:b1: 93:ca:99:e2:50:0c:97:43:ad:a9:a5:bc:2c:0a:50:ae: 96:a6:28:70:01:a9:c0:e0:b5:2d:5b:9f:18:6f:86:e8: 2b:9d:1e:2c:64:26:27:c5:d5:68:f2:2b:26:9b:f9:07: 67:a8:60:69:26:17:d4:58:9b:2c:9f:51:3f:a7:a7:ba: 70:4b:41:cb:75:7f:a4:99:d4:6d:e4:c2:ef:7c:87:78: 9c:41:90:14:22:5e:11:37:04:2a:d7:aa:4a:36:43:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:eb:f0:db:6e:d4:3e:b5:b9:e0:68:36:d2:ff:59:52: 46:f0:86:b5:60:d4:80:ff:c3:6a:9e:38:86:dc:3c:fa: 5d:1a:e5:22:8e:f2:d5:19:96:2a:09:57:e8:5d:34:f6: 2c:c8:ca:99:a1:a8:9e:e1:6c:ec:dd:f4:85:ee:52:7b: 46:3e:31:1f:f7:af:81:ce:69:db:86:9b:f3:22:35:ed: 6b:0b:a9:48:59:06:36:61:10:2f:68:9b:2b:ff:99:98: 7b:d8:07:4e:a1:bc:30:08:ce:fa:38:83:f3:26:5b:e7: 57:46:4d:e5:8f:68:59:39:bb:ba:27:42:67:27:c8:c2 Fingerprint (SHA-256): CE:EB:BA:9D:5A:CE:C5:06:45:8E:2D:83:CA:A0:87:13:47:5F:16:DE:49:D2:A8:8F:C7:B4:F0:C6:3C:1F:CE:82 Fingerprint (SHA1): 0A:8C:E5:D3:E8:6F:17:DB:51:82:43:D2:27:FB:73:5E:B1:01:94:A5 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1625: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161547 (0x1ee2848b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:25:51 2015 Not After : Mon May 18 20:25:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:4b:bd:20:9b:69:da:5d:4d:f6:98:58:ad:8e:d8:c9: 80:5e:16:ce:2e:f2:f4:e5:48:84:a8:00:35:51:30:b1: 93:ca:99:e2:50:0c:97:43:ad:a9:a5:bc:2c:0a:50:ae: 96:a6:28:70:01:a9:c0:e0:b5:2d:5b:9f:18:6f:86:e8: 2b:9d:1e:2c:64:26:27:c5:d5:68:f2:2b:26:9b:f9:07: 67:a8:60:69:26:17:d4:58:9b:2c:9f:51:3f:a7:a7:ba: 70:4b:41:cb:75:7f:a4:99:d4:6d:e4:c2:ef:7c:87:78: 9c:41:90:14:22:5e:11:37:04:2a:d7:aa:4a:36:43:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:eb:f0:db:6e:d4:3e:b5:b9:e0:68:36:d2:ff:59:52: 46:f0:86:b5:60:d4:80:ff:c3:6a:9e:38:86:dc:3c:fa: 5d:1a:e5:22:8e:f2:d5:19:96:2a:09:57:e8:5d:34:f6: 2c:c8:ca:99:a1:a8:9e:e1:6c:ec:dd:f4:85:ee:52:7b: 46:3e:31:1f:f7:af:81:ce:69:db:86:9b:f3:22:35:ed: 6b:0b:a9:48:59:06:36:61:10:2f:68:9b:2b:ff:99:98: 7b:d8:07:4e:a1:bc:30:08:ce:fa:38:83:f3:26:5b:e7: 57:46:4d:e5:8f:68:59:39:bb:ba:27:42:67:27:c8:c2 Fingerprint (SHA-256): CE:EB:BA:9D:5A:CE:C5:06:45:8E:2D:83:CA:A0:87:13:47:5F:16:DE:49:D2:A8:8F:C7:B4:F0:C6:3C:1F:CE:82 Fingerprint (SHA1): 0A:8C:E5:D3:E8:6F:17:DB:51:82:43:D2:27:FB:73:5E:B1:01:94:A5 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1626: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #1627: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #1628: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1629: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1630: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1631: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161546 (0x1ee2848a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:25:49 2015 Not After : Mon May 18 20:25:49 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:22:7b:92:4c:98:2e:cd:00:a5:dd:f5:c8:d6:da:2b: 53:53:6a:e8:1d:39:07:98:04:e8:48:dd:97:e5:fa:14: 6a:52:51:89:b2:68:bf:84:14:ef:89:c8:c7:c7:26:6b: 40:59:03:1e:ef:49:73:c3:74:0f:3a:07:27:48:26:9f: 8a:37:cc:f2:9e:70:1b:71:04:4c:e3:20:5b:33:60:e9: 59:7e:6d:63:42:8e:e6:a3:a1:05:84:72:e1:99:4a:15: f1:2f:fe:c9:05:79:39:b5:94:56:1d:e8:69:37:8e:cc: 14:36:29:92:f7:42:21:65:ca:bd:0d:c6:06:26:d0:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:24:5b:94:2b:29:21:51:0f:f7:b8:aa:5f:3f:08:c7: 09:aa:32:7c:3d:ac:6c:85:bb:f6:6e:78:73:14:dc:34: 14:17:7c:b7:e6:de:35:30:fa:c1:fb:e7:3a:a0:f0:9e: f4:51:3a:f0:ab:44:60:1c:24:b7:2d:0e:3a:db:93:e2: 13:ef:20:be:b5:00:87:90:24:5b:85:9a:e6:29:60:72: ec:2a:c0:b0:ac:05:03:b9:cb:73:12:b8:96:ab:30:02: 34:b8:66:7a:e0:51:53:4c:50:38:34:ec:11:93:52:76: b6:68:0a:69:0e:93:8c:0d:39:48:b2:97:74:54:19:18 Fingerprint (SHA-256): 72:3F:38:D2:52:31:DC:55:D3:F1:EA:0E:10:A8:66:AC:53:33:96:47:2C:B1:8E:EF:F9:C9:47:62:02:9F:85:E7 Fingerprint (SHA1): 0D:E7:43:F5:1B:51:64:97:AB:0A:31:AB:30:09:6D:E3:DA:DD:43:AB Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1632: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161546 (0x1ee2848a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:25:49 2015 Not After : Mon May 18 20:25:49 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:22:7b:92:4c:98:2e:cd:00:a5:dd:f5:c8:d6:da:2b: 53:53:6a:e8:1d:39:07:98:04:e8:48:dd:97:e5:fa:14: 6a:52:51:89:b2:68:bf:84:14:ef:89:c8:c7:c7:26:6b: 40:59:03:1e:ef:49:73:c3:74:0f:3a:07:27:48:26:9f: 8a:37:cc:f2:9e:70:1b:71:04:4c:e3:20:5b:33:60:e9: 59:7e:6d:63:42:8e:e6:a3:a1:05:84:72:e1:99:4a:15: f1:2f:fe:c9:05:79:39:b5:94:56:1d:e8:69:37:8e:cc: 14:36:29:92:f7:42:21:65:ca:bd:0d:c6:06:26:d0:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:24:5b:94:2b:29:21:51:0f:f7:b8:aa:5f:3f:08:c7: 09:aa:32:7c:3d:ac:6c:85:bb:f6:6e:78:73:14:dc:34: 14:17:7c:b7:e6:de:35:30:fa:c1:fb:e7:3a:a0:f0:9e: f4:51:3a:f0:ab:44:60:1c:24:b7:2d:0e:3a:db:93:e2: 13:ef:20:be:b5:00:87:90:24:5b:85:9a:e6:29:60:72: ec:2a:c0:b0:ac:05:03:b9:cb:73:12:b8:96:ab:30:02: 34:b8:66:7a:e0:51:53:4c:50:38:34:ec:11:93:52:76: b6:68:0a:69:0e:93:8c:0d:39:48:b2:97:74:54:19:18 Fingerprint (SHA-256): 72:3F:38:D2:52:31:DC:55:D3:F1:EA:0E:10:A8:66:AC:53:33:96:47:2C:B1:8E:EF:F9:C9:47:62:02:9F:85:E7 Fingerprint (SHA1): 0D:E7:43:F5:1B:51:64:97:AB:0A:31:AB:30:09:6D:E3:DA:DD:43:AB Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1633: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #1634: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161551 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1635: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #1636: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #1637: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161552 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1638: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #1639: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #1640: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161553 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1641: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #1642: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #1643: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161554 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1644: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #1645: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #1646: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161555 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1647: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #1648: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #1649: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161556 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1650: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #1651: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #1652: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161557 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1653: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #1654: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #1655: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161558 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1656: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #1657: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #1658: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161559 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1659: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #1660: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #1661: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1662: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518161560 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1663: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1664: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518161561 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1665: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1666: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518161562 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1667: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1668: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #1669: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #1670: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1671: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518161563 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1672: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1673: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518161564 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1674: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1675: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518161565 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1676: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1677: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #1678: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #1679: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1680: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518161566 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1681: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1682: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518161567 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1683: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1684: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518161568 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1685: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1686: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #1687: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #1688: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1689: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518161569 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1690: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1691: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518161570 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1692: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1693: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518161571 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1694: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1695: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #1696: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1697: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1698: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518161572 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1699: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1700: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1701: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1702: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161573 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1703: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1704: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161551 (0x1ee2848f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 20:26:19 2015 Not After : Mon May 18 20:26:19 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:57:b6:f2:fe:62:bc:9d:69:a1:43:bf:76:13:7a:80: f1:ab:e5:bb:b0:fd:90:b5:3e:ba:c2:58:10:f4:72:13: a9:23:92:92:22:94:5d:d6:4e:bd:6e:e6:5e:d0:f5:eb: d3:65:ec:9a:de:dc:74:8c:2c:ff:c4:ef:51:43:67:8f: 67:50:6d:ae:aa:0c:1d:49:ee:88:1c:0e:cc:3f:12:fd: 7d:96:5d:2b:f1:df:64:07:87:f1:d1:5a:d8:df:ab:a5: 8b:1f:2e:8d:5c:04:eb:74:ac:b9:5a:27:95:f2:25:cc: 07:b6:40:31:14:a7:a7:19:e1:ed:b7:6b:a7:f9:77:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:91:31:50:0f:9b:db:0d:be:65:a1:34:21:0b:38:6f: 16:8b:65:bf:23:52:e9:9c:53:aa:eb:17:c4:24:4f:94: c2:57:cf:74:97:91:53:c6:da:70:d4:6b:2d:35:fb:5f: 9d:58:e0:8f:6f:0f:0a:dc:a6:80:5d:e1:a4:f0:58:fd: 33:84:88:c9:e7:04:01:c6:93:9f:a1:39:1a:3f:dd:9f: 52:6a:9c:10:b3:9f:1b:cc:69:2f:d1:b1:5a:85:21:9f: 6b:4d:2f:fd:f6:3b:13:af:ee:7d:a8:72:94:3c:a9:67: 4e:44:bf:c4:00:19:6d:68:8b:8c:82:da:d0:51:4f:77 Fingerprint (SHA-256): 50:E0:62:8C:17:B4:69:3A:D6:00:5A:E8:36:07:17:F1:5C:D7:4F:A7:44:C9:05:BD:E1:20:67:3F:A6:85:BC:96 Fingerprint (SHA1): 88:D7:76:31:B5:2D:C5:AE:11:49:6C:06:F7:C0:6D:44:45:3C:77:7D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1705: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161552 (0x1ee28490) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 20:26:21 2015 Not After : Mon May 18 20:26:21 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:9a:07:10:d9:65:15:2e:b0:5c:98:fe:1b:cc:6a:e9: 52:55:60:b0:e1:2a:1b:d5:b8:50:a1:c1:47:00:65:bd: a1:09:17:0e:13:63:2e:66:26:f9:85:73:17:5f:c3:5a: e6:2e:f8:74:cc:f9:24:d3:ba:45:27:8c:4d:21:13:97: fa:e3:c7:49:ed:0d:c8:4c:24:51:f2:d2:96:43:9d:99: 55:2b:b6:60:30:ad:52:d4:69:ef:f7:1b:b4:f4:06:62: 9d:e2:30:b1:41:f2:71:09:3f:1b:19:9b:5b:6b:bc:2d: 2d:08:c8:b8:f4:84:0a:07:6f:48:38:4a:73:d0:9c:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:fb:07:2d:16:64:c5:77:d2:bd:89:6c:ab:f3:55:ee: 5a:a8:3c:ae:79:0f:04:95:b8:bb:37:ec:83:61:df:f9: e5:29:31:91:3b:89:b3:21:38:71:ce:5a:b1:aa:f9:b0: e3:6c:fd:3d:b1:24:50:e2:4f:d6:0e:cd:ac:30:90:4a: 6b:bc:9b:62:31:a5:da:d5:4e:55:13:9e:b1:ee:2a:78: 25:d2:b0:38:32:3f:2d:39:51:82:50:27:ee:f0:ff:b2: e9:02:9c:db:6e:23:11:bb:b7:f4:f9:97:28:dc:58:bf: 50:d7:58:31:b3:ef:86:64:a4:10:f6:87:68:8f:3b:15 Fingerprint (SHA-256): 71:4B:69:B5:7D:AE:DE:D5:7C:0D:3D:25:B2:D3:6B:F9:10:6D:3B:C0:68:26:77:D6:7D:31:D1:65:B8:78:27:DB Fingerprint (SHA1): E9:D5:6D:EB:E7:ED:6B:5E:EE:0B:EB:53:05:D2:D9:AF:C0:71:30:DA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1706: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161553 (0x1ee28491) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 20:26:23 2015 Not After : Mon May 18 20:26:23 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:6f:6c:fd:04:69:1e:7c:43:03:86:ac:c3:78:d3:9b: 8a:c4:db:a3:e1:7d:59:52:a2:d3:7d:bc:fd:6b:d9:2b: bd:d5:4a:20:21:48:14:9a:2a:92:a9:d6:0f:36:71:4a: b4:d6:be:dc:50:c7:4d:4e:f2:a0:a3:f1:cc:f5:00:12: fd:67:31:2f:cd:19:09:cb:de:af:00:76:bb:a8:a8:6e: f3:4d:1d:d9:ce:3d:a3:e9:15:d0:31:ad:28:ac:fd:19: 3f:5f:ed:c4:a3:7f:29:a1:e5:c9:26:5f:ec:fc:49:d3: 5e:40:4a:2b:05:cd:f6:99:7e:9b:e9:21:65:8e:37:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 62:a2:a0:56:39:7d:d2:64:c4:cf:cd:c0:94:e4:2a:6a: 62:e3:13:04:12:4b:f0:bb:88:da:77:e4:4f:0d:e0:b7: 8e:1b:5c:ee:1c:f3:85:6c:46:21:53:34:89:bc:e2:4e: 43:e5:ff:97:32:d2:87:50:aa:d5:ed:68:09:12:d6:7e: d2:c5:38:0d:4d:70:af:47:a3:fb:db:ff:7b:48:3d:a9: 6e:fc:5a:2f:e7:f8:68:78:d7:ed:20:3b:50:30:97:93: f8:b7:78:d6:c4:23:36:3d:03:73:46:97:3e:81:46:78: 10:d3:3a:b6:5a:aa:e0:bc:61:2f:53:cd:6f:91:21:b8 Fingerprint (SHA-256): F6:DA:9D:6E:5E:A0:47:FD:35:16:12:6B:E0:1E:09:14:BA:D5:EC:4B:9A:59:BE:5A:6D:22:8E:74:33:12:54:47 Fingerprint (SHA1): C7:0D:BE:55:7F:2D:0F:28:7C:3A:D5:85:62:6B:39:38:D5:9B:F3:6C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1707: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161554 (0x1ee28492) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 20:26:26 2015 Not After : Mon May 18 20:26:26 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:b6:d7:42:0a:f5:09:0f:38:c6:4e:0d:e2:6a:d2:b5: c0:3e:99:73:3a:97:54:41:66:bb:41:35:d1:9c:85:10: 22:74:e3:c4:96:87:96:3f:83:8c:91:8c:2c:e7:29:3e: e9:35:d0:11:63:d3:83:ac:d5:d4:e9:5a:d3:ed:d9:cd: 13:cf:fb:36:bd:1a:b5:40:26:ac:9b:a7:8b:96:e6:cf: 21:b4:07:9c:53:b0:96:e2:3b:34:b6:2b:66:30:be:b1: b2:e5:3c:27:5f:d1:a9:5f:a8:c8:17:8f:79:09:b1:bf: 71:ee:5f:02:85:ee:99:f4:e4:ca:ff:97:cc:09:1c:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:c9:e5:be:bf:e4:9b:bf:6e:25:2e:21:1f:cd:d6:9c: d9:9d:47:94:81:db:43:bc:f9:b5:04:fc:9f:e4:1f:4b: 0b:a6:a7:47:8b:02:c4:46:b0:48:62:bc:d1:8e:bf:00: ac:3c:b5:9e:20:81:b6:2d:7b:02:71:22:18:bd:93:28: a1:bd:57:df:ad:b4:5a:17:23:d5:c4:45:89:e3:eb:98: 95:b1:c0:19:a4:06:36:fc:ab:c2:04:ac:74:d2:d4:21: 37:a0:b3:8f:b6:2f:fd:72:b4:84:47:76:b6:9c:f1:8a: ee:36:8a:72:0e:7a:eb:44:38:98:84:57:36:6a:3c:63 Fingerprint (SHA-256): C7:6D:E4:A1:95:2A:27:42:99:AE:2B:0A:94:7E:91:09:D7:CC:AB:41:4B:00:40:62:D5:A8:6D:F8:FB:5B:C7:14 Fingerprint (SHA1): 87:66:4A:F0:0F:73:D8:F4:7D:A5:A4:4B:A8:A9:F2:DA:25:1D:69:48 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1708: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161555 (0x1ee28493) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 20:26:29 2015 Not After : Mon May 18 20:26:29 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:e3:56:f6:fd:dd:3e:d1:d8:13:df:6f:6f:9d:74:e0: 8d:3e:49:60:55:83:e8:c9:ad:35:23:78:af:e1:77:be: 29:59:95:02:8b:23:b3:ee:91:84:23:33:a7:bf:1f:d1: af:70:60:c0:84:b9:43:b8:63:b2:72:40:f7:32:6a:e5: 5c:01:bb:a8:c5:53:af:5e:23:9d:81:e2:d7:75:e1:bc: aa:d1:b3:de:ab:03:01:eb:4a:a1:01:b8:d4:f2:9e:cc: ec:62:6e:2c:ec:a9:df:50:23:08:c3:07:3e:ca:9b:cf: 29:e2:5c:19:47:ff:1d:31:f2:34:88:8b:3a:f7:45:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a4:58:e7:89:e5:c1:73:77:d2:17:72:20:e1:7d:6b:0b: c8:2f:42:60:2c:b3:ac:99:43:26:1e:93:70:ac:f0:42: 7d:42:fd:4a:45:d0:3f:3f:d5:57:59:00:aa:b0:0c:60: b8:07:89:05:fd:ca:a6:35:68:72:a8:39:08:db:d2:78: af:25:e1:6d:fe:45:e0:4c:81:ec:11:b0:2e:1b:f7:2f: 9f:e0:1a:33:16:c4:71:bb:ef:e7:a4:58:75:1d:88:5d: 5f:68:6b:fd:48:06:21:c7:23:f7:12:e8:b3:00:50:29: 36:84:25:86:38:0f:57:12:84:57:a5:49:ca:c8:72:09 Fingerprint (SHA-256): 03:9D:A3:C2:70:56:7F:32:A2:3F:D0:E4:5B:74:1A:EC:1A:C3:41:BA:F3:CF:22:D2:48:83:69:AA:19:4D:D2:D5 Fingerprint (SHA1): F9:0A:67:C9:9D:46:39:4C:60:2F:5C:37:C0:66:9F:9D:07:F4:64:6A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1709: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161556 (0x1ee28494) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 20:26:31 2015 Not After : Mon May 18 20:26:31 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ed:cb:43:76:69:3b:53:4c:49:b1:74:f0:d2:89:13:de: b5:15:6a:93:fa:6a:04:cd:53:4b:07:b6:b9:4d:42:d7: c9:41:65:a7:bd:47:e2:a8:ca:9f:63:a7:86:6f:08:47: 53:7c:16:04:4c:8a:e1:9f:c3:66:cc:2f:e5:fa:55:39: e3:c5:a6:04:70:66:37:57:27:14:52:0e:0e:1f:33:4b: 08:7a:aa:33:0e:96:97:ef:8d:8a:81:4c:16:4a:6b:5b: a7:00:04:0a:8c:ba:78:46:1c:03:b6:67:ee:57:58:da: e2:37:14:e7:21:6a:b1:35:ef:62:96:fb:d5:8a:47:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:3c:1b:ee:82:f6:9f:7b:49:40:86:5a:87:1b:7a:da: 0f:38:8c:99:8d:55:c0:22:03:57:23:52:3f:dd:55:4f: b0:0a:6e:26:90:91:43:bb:44:fe:f6:47:6c:56:b8:b5: 41:eb:bd:53:e1:d0:e2:51:d5:8a:22:a2:4a:69:13:e6: 52:8e:14:c4:90:7c:c5:c6:95:68:f1:e7:e5:c7:e7:3e: 85:e4:0b:02:38:64:ce:61:3e:e5:c7:7a:fa:60:bb:5a: e0:34:06:5c:b8:5c:6d:09:6a:de:fa:02:3d:98:fd:a7: 46:fe:3c:40:89:99:e0:df:d9:59:c9:77:95:7d:00:6e Fingerprint (SHA-256): 59:0A:BC:55:FD:74:81:C2:D2:A0:EE:24:56:7D:8F:71:3C:26:CD:82:52:B1:43:EF:B6:09:2E:1D:F9:88:54:4B Fingerprint (SHA1): 0F:7D:93:EA:2A:B7:91:2B:04:6D:A3:22:F1:D4:60:2D:91:86:8B:7D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1710: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161557 (0x1ee28495) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 20:26:34 2015 Not After : Mon May 18 20:26:34 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:a0:b4:56:76:94:c5:79:45:dc:2e:1c:bb:d8:7e:fc: 7f:fa:2d:2e:3c:4b:ca:39:49:2b:d6:f4:cf:6d:aa:e4: 0e:d1:e6:d4:a1:70:d0:d2:96:bc:a5:47:5e:6a:76:15: c4:e5:73:c0:c0:81:07:23:20:d3:50:86:84:d7:7b:2b: ca:bc:e7:30:60:02:58:90:5d:52:17:87:45:ad:3c:31: e8:bd:54:a1:94:6d:35:16:8b:25:72:2a:4f:3c:c3:d4: 73:79:17:ed:28:34:d9:1c:b2:5c:f8:6b:1a:c4:87:07: 8d:2c:89:0a:0c:06:71:a6:c8:a0:40:df:81:ab:de:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:81:dc:b5:a3:69:9c:2b:cf:a2:e0:54:b9:b1:d2:51: 49:88:16:b2:4f:be:e2:a8:ad:15:72:04:29:db:11:3b: 0f:fe:85:d4:5a:28:90:5c:cf:7b:ad:98:0e:c6:bd:ba: 07:1b:dc:6c:2e:90:c5:59:53:eb:46:d3:7f:99:31:de: 4f:54:1c:15:0f:ae:98:67:28:6b:9a:31:0f:1a:04:e9: fb:f6:c4:72:ac:4e:67:6f:6a:73:27:04:6b:28:fb:8b: 24:5a:ba:aa:ba:6a:f4:37:5c:c6:83:17:ba:bb:c4:a7: 61:5b:11:85:0e:c1:75:df:9b:5b:8e:53:cb:a2:91:be Fingerprint (SHA-256): DE:3C:9B:63:A4:62:F7:9C:D2:FE:28:1B:99:72:6A:1C:B8:F2:14:CA:44:94:2A:88:59:F9:A2:BD:4C:93:61:00 Fingerprint (SHA1): F0:A3:DA:56:AA:39:DD:CD:EB:C7:57:41:E0:0A:62:2E:FE:CB:77:2C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1711: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161558 (0x1ee28496) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 20:26:36 2015 Not After : Mon May 18 20:26:36 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:52:9e:95:6e:c8:a0:7d:4a:a1:00:83:08:8d:53:03: 34:d2:a0:da:96:72:27:52:84:a9:78:a5:c6:d7:81:c2: 4d:74:d1:a6:58:3f:6a:95:a6:a0:7d:19:62:68:e4:be: 2e:82:9f:a6:be:71:30:46:de:e0:55:bb:be:ea:d5:b0: da:21:75:7c:0e:2e:54:f9:29:1f:ca:bc:98:82:db:fd: eb:ba:bb:c2:83:fe:1c:cc:3a:3b:b9:fe:df:52:a8:71: 49:ab:fa:3a:81:11:b8:03:f8:c4:e9:00:2e:08:65:40: 0e:21:b1:06:40:26:b4:bb:29:dd:f1:21:46:3b:5b:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:21:94:12:ba:1e:f3:28:ff:4d:95:e1:d6:d8:92:31: 65:77:ac:45:af:97:9a:d7:4e:a2:c1:7d:e2:6f:cf:e2: fb:77:ab:64:28:72:bf:c0:6e:40:3e:10:14:cb:1d:14: a1:83:76:a8:ee:c4:07:a3:96:7f:b7:7e:1c:b2:92:33: 28:be:36:51:c7:22:99:6e:a5:ad:b1:15:b9:cc:26:88: 81:a1:66:89:45:0d:27:94:46:d3:34:be:b4:29:13:5d: 4b:39:a7:bc:15:cb:be:9c:40:10:45:46:33:dd:64:f5: 4a:40:83:7c:41:32:80:8f:7e:b3:6a:8d:80:26:11:51 Fingerprint (SHA-256): C4:BA:46:BB:72:7C:A1:92:4D:F4:F3:DB:34:5E:59:96:4C:35:09:94:65:BD:B0:BD:3E:DF:88:54:72:33:0D:F3 Fingerprint (SHA1): 62:47:30:6B:72:34:4E:F5:9F:D0:6D:AD:F8:33:F3:0D:B1:25:A9:A8 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1712: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161559 (0x1ee28497) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 20:26:38 2015 Not After : Mon May 18 20:26:38 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:85:a5:7d:75:30:d1:73:7b:f6:81:31:8d:c4:9e:e1: e4:46:cb:d5:94:96:b2:b7:64:20:4c:47:2d:d0:19:fd: d2:3b:d3:c2:4f:f2:4d:a4:af:6d:d6:da:ce:18:06:3c: d2:44:7f:02:c5:4e:86:52:db:a8:a0:e2:b9:78:31:d0: ef:55:81:d2:43:fa:11:c2:33:82:0a:e2:73:45:0a:6f: 9a:38:e7:c8:a6:79:bf:ac:1b:1a:4b:2a:3a:0f:c7:62: 21:13:64:5a:45:24:c5:88:0e:49:3f:57:a5:91:b5:a6: 77:98:4b:a2:a8:1d:2b:b8:fd:eb:26:70:f1:28:fc:33 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 70:c9:b1:f1:ec:f0:50:22:45:97:e6:f2:80:6b:73:b2: 30:2d:0e:c8:40:5d:0e:07:5c:33:79:d3:a2:d9:93:c9: 40:6b:4d:d3:38:e8:02:b5:b2:37:6e:13:00:f5:b7:19: 35:80:f7:43:4b:fc:05:73:0c:1e:d3:d1:03:47:08:72: 79:7b:c6:c5:d3:77:c0:14:cc:1e:0b:03:16:1c:72:15: 6f:56:28:49:37:74:31:d4:83:87:4e:e3:bf:16:b7:04: aa:1b:9b:1d:5f:6f:03:d9:2c:66:54:9f:90:01:12:07: 26:94:83:27:d6:79:50:17:7a:a2:0b:77:d6:75:a6:31 Fingerprint (SHA-256): E1:7D:1E:7E:24:31:F6:F2:37:80:07:5C:88:4D:02:DB:49:F5:F6:42:BB:81:0E:2D:D6:8A:52:9B:60:E3:4E:AC Fingerprint (SHA1): A9:C6:A6:EA:7B:3C:93:BC:2A:30:95:CC:96:01:70:B0:6A:44:EF:C7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1713: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1714: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161574 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1715: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1716: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1717: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1718: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161575 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1719: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1720: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1721: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1722: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161576 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1723: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1724: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1725: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1726: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161577 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1727: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1728: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1729: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161574 (0x1ee284a6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:18 2015 Not After : Mon May 18 20:27:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b5:14:be:d7:eb:2d:36:d5:80:92:94:38:40:de:16: f2:4e:47:7a:df:ae:b4:64:27:60:f4:a8:76:5c:ef:b5: ff:46:dc:22:69:21:d7:23:ba:b2:35:df:62:d9:d0:44: 50:96:6f:0b:18:69:01:b3:66:3d:db:a5:9c:fb:f2:af: 54:eb:b6:f6:6d:bb:00:71:7d:f2:d0:b8:5f:93:ac:73: 51:8a:6b:af:0d:df:93:75:ec:1f:60:75:f7:5f:09:1e: 73:c5:54:e6:a1:08:44:b1:30:fc:52:6d:5b:c4:cf:50: 0d:7f:76:3b:29:cc:d4:7e:d8:4d:ea:74:2d:8a:00:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5b:6b:95:32:a0:a7:1e:a1:ec:33:7f:ec:78:82:66:5f: 09:a6:91:a6:fe:c0:e3:fa:13:ef:55:25:e2:5b:c5:a0: 45:58:7d:35:2f:fd:cc:6c:9f:8d:a5:4d:10:b4:9f:f5: da:16:cf:86:48:31:73:9f:f1:2f:80:89:b2:c8:ac:33: d3:8c:c7:6f:4b:2e:1a:c8:f3:0d:b6:31:a2:c8:03:06: 32:d6:2b:b0:7f:c2:da:03:f8:57:4d:88:f6:b3:02:b3: 1c:e4:03:d7:d5:30:33:e1:94:b2:f4:b4:68:47:09:c2: 94:98:82:86:d2:24:4b:98:27:45:96:77:dd:07:35:8e Fingerprint (SHA-256): 0E:F6:7C:CC:E4:68:3A:11:99:27:E8:1E:57:4B:0D:77:6E:E2:A2:B9:78:EA:CC:EE:48:8E:6F:FA:6C:B3:2F:A4 Fingerprint (SHA1): AB:7F:11:74:A9:21:42:14:01:3E:08:9C:EE:A0:BB:71:50:12:92:86 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1730: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1731: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161575 (0x1ee284a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:21 2015 Not After : Mon May 18 20:27:21 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:98:cf:dd:b5:8b:e1:95:fb:ae:79:7e:26:e8:c6:2f: fb:eb:37:9e:fd:50:3d:96:8a:38:e3:2b:50:f9:67:07: c8:c3:d9:1e:0a:9f:a5:d7:00:96:71:cd:6b:1c:87:ec: 75:c3:99:df:58:d9:7a:03:9e:e7:36:cb:4f:d1:8b:2f: ff:8f:53:1d:dc:cb:c5:1e:3f:86:75:e4:01:51:95:b8: 5d:82:27:f3:33:e4:6e:3a:2d:c6:8c:57:40:36:99:bf: a8:95:1a:26:67:d2:6b:72:ab:60:3c:ba:75:c7:44:be: db:04:bf:46:6f:ed:53:11:7f:99:1c:c7:29:fb:c3:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:0d:78:6b:b3:a8:cd:a0:57:66:78:c8:6b:73:87:5d: 40:55:96:9c:27:ee:f9:21:b6:c0:40:5a:d3:90:a7:fe: 0e:11:99:94:5c:57:ef:8b:3d:ad:d2:07:bc:8e:7a:cf: 77:6f:7d:fa:e0:24:e6:c0:a8:e2:d0:96:de:33:c1:70: cd:b9:c5:df:24:11:0c:36:9a:97:14:b0:cf:ed:89:85: 7d:4b:ac:08:e6:e4:9c:96:b4:2e:0a:d3:79:a1:a7:b1: ac:d7:48:7f:f9:0d:07:27:9c:94:a7:b1:88:3e:c8:ee: 22:f6:a7:f4:1b:8d:cd:aa:42:5a:4f:7f:3b:54:56:bb Fingerprint (SHA-256): 20:3B:39:8C:63:62:40:7E:EF:1B:2F:C8:86:66:C7:2B:2A:0D:53:F5:2A:A3:D9:FD:0E:83:CF:9B:5A:AC:A9:6E Fingerprint (SHA1): 47:99:1D:3D:4E:C5:6B:0A:28:68:AD:62:92:48:29:1A:E6:CB:A1:A5 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1732: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1733: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161576 (0x1ee284a8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:24 2015 Not After : Mon May 18 20:27:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:3c:63:01:0b:f2:04:3e:45:77:f7:0b:eb:53:24:f5: 79:3f:47:31:1a:cb:8c:ef:89:26:62:64:99:9b:78:76: 71:6b:38:84:cd:30:05:20:d1:6b:2d:dc:4a:35:df:26: 60:00:6a:11:54:34:d3:e5:07:7c:b1:08:ba:4a:a0:48: 46:36:f9:b8:5b:7e:c5:32:e6:b8:98:67:d1:b0:a9:8e: 1e:ad:a1:26:b1:e7:3d:dc:e6:8b:58:80:7b:8f:20:3e: 51:9f:24:06:57:0a:a6:3e:2e:62:ce:c6:5d:df:a5:5b: 68:f0:f2:cc:17:8b:84:bc:96:ef:a4:fe:b8:16:4f:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:1b:a3:23:2f:9b:ba:b2:ad:a3:c2:85:90:69:9d:b4: 34:db:37:7a:e2:57:77:4a:b1:13:6d:30:d2:b8:70:33: 8c:e4:5e:bd:9c:75:24:67:a2:de:75:f3:d4:f1:74:00: 17:f5:44:33:81:92:17:79:9f:ac:91:37:1b:b5:66:f8: 66:f7:24:c1:2b:33:6c:82:0d:b4:82:f0:a1:e0:07:e1: 0f:d5:9c:98:5a:85:2d:91:fe:35:3a:3c:5a:a3:f5:99: 41:cf:cc:38:96:c8:95:6b:2d:f3:e0:91:54:38:90:0d: 2f:64:e2:c4:99:cb:8a:4e:ad:f9:47:62:3b:73:24:39 Fingerprint (SHA-256): AF:D1:87:69:66:38:DD:E8:56:8E:C0:A1:C6:2E:4B:66:57:9D:50:BD:F6:66:90:21:B2:B0:14:1A:10:9E:2B:09 Fingerprint (SHA1): 8B:63:5F:03:39:21:21:B5:10:B0:30:3D:AA:88:DC:C9:18:D7:D6:32 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1734: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1735: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1736: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1737: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1738: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161574 (0x1ee284a6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:18 2015 Not After : Mon May 18 20:27:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b5:14:be:d7:eb:2d:36:d5:80:92:94:38:40:de:16: f2:4e:47:7a:df:ae:b4:64:27:60:f4:a8:76:5c:ef:b5: ff:46:dc:22:69:21:d7:23:ba:b2:35:df:62:d9:d0:44: 50:96:6f:0b:18:69:01:b3:66:3d:db:a5:9c:fb:f2:af: 54:eb:b6:f6:6d:bb:00:71:7d:f2:d0:b8:5f:93:ac:73: 51:8a:6b:af:0d:df:93:75:ec:1f:60:75:f7:5f:09:1e: 73:c5:54:e6:a1:08:44:b1:30:fc:52:6d:5b:c4:cf:50: 0d:7f:76:3b:29:cc:d4:7e:d8:4d:ea:74:2d:8a:00:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5b:6b:95:32:a0:a7:1e:a1:ec:33:7f:ec:78:82:66:5f: 09:a6:91:a6:fe:c0:e3:fa:13:ef:55:25:e2:5b:c5:a0: 45:58:7d:35:2f:fd:cc:6c:9f:8d:a5:4d:10:b4:9f:f5: da:16:cf:86:48:31:73:9f:f1:2f:80:89:b2:c8:ac:33: d3:8c:c7:6f:4b:2e:1a:c8:f3:0d:b6:31:a2:c8:03:06: 32:d6:2b:b0:7f:c2:da:03:f8:57:4d:88:f6:b3:02:b3: 1c:e4:03:d7:d5:30:33:e1:94:b2:f4:b4:68:47:09:c2: 94:98:82:86:d2:24:4b:98:27:45:96:77:dd:07:35:8e Fingerprint (SHA-256): 0E:F6:7C:CC:E4:68:3A:11:99:27:E8:1E:57:4B:0D:77:6E:E2:A2:B9:78:EA:CC:EE:48:8E:6F:FA:6C:B3:2F:A4 Fingerprint (SHA1): AB:7F:11:74:A9:21:42:14:01:3E:08:9C:EE:A0:BB:71:50:12:92:86 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1739: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1740: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161575 (0x1ee284a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:21 2015 Not After : Mon May 18 20:27:21 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:98:cf:dd:b5:8b:e1:95:fb:ae:79:7e:26:e8:c6:2f: fb:eb:37:9e:fd:50:3d:96:8a:38:e3:2b:50:f9:67:07: c8:c3:d9:1e:0a:9f:a5:d7:00:96:71:cd:6b:1c:87:ec: 75:c3:99:df:58:d9:7a:03:9e:e7:36:cb:4f:d1:8b:2f: ff:8f:53:1d:dc:cb:c5:1e:3f:86:75:e4:01:51:95:b8: 5d:82:27:f3:33:e4:6e:3a:2d:c6:8c:57:40:36:99:bf: a8:95:1a:26:67:d2:6b:72:ab:60:3c:ba:75:c7:44:be: db:04:bf:46:6f:ed:53:11:7f:99:1c:c7:29:fb:c3:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:0d:78:6b:b3:a8:cd:a0:57:66:78:c8:6b:73:87:5d: 40:55:96:9c:27:ee:f9:21:b6:c0:40:5a:d3:90:a7:fe: 0e:11:99:94:5c:57:ef:8b:3d:ad:d2:07:bc:8e:7a:cf: 77:6f:7d:fa:e0:24:e6:c0:a8:e2:d0:96:de:33:c1:70: cd:b9:c5:df:24:11:0c:36:9a:97:14:b0:cf:ed:89:85: 7d:4b:ac:08:e6:e4:9c:96:b4:2e:0a:d3:79:a1:a7:b1: ac:d7:48:7f:f9:0d:07:27:9c:94:a7:b1:88:3e:c8:ee: 22:f6:a7:f4:1b:8d:cd:aa:42:5a:4f:7f:3b:54:56:bb Fingerprint (SHA-256): 20:3B:39:8C:63:62:40:7E:EF:1B:2F:C8:86:66:C7:2B:2A:0D:53:F5:2A:A3:D9:FD:0E:83:CF:9B:5A:AC:A9:6E Fingerprint (SHA1): 47:99:1D:3D:4E:C5:6B:0A:28:68:AD:62:92:48:29:1A:E6:CB:A1:A5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1741: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1742: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161576 (0x1ee284a8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:24 2015 Not After : Mon May 18 20:27:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:3c:63:01:0b:f2:04:3e:45:77:f7:0b:eb:53:24:f5: 79:3f:47:31:1a:cb:8c:ef:89:26:62:64:99:9b:78:76: 71:6b:38:84:cd:30:05:20:d1:6b:2d:dc:4a:35:df:26: 60:00:6a:11:54:34:d3:e5:07:7c:b1:08:ba:4a:a0:48: 46:36:f9:b8:5b:7e:c5:32:e6:b8:98:67:d1:b0:a9:8e: 1e:ad:a1:26:b1:e7:3d:dc:e6:8b:58:80:7b:8f:20:3e: 51:9f:24:06:57:0a:a6:3e:2e:62:ce:c6:5d:df:a5:5b: 68:f0:f2:cc:17:8b:84:bc:96:ef:a4:fe:b8:16:4f:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:1b:a3:23:2f:9b:ba:b2:ad:a3:c2:85:90:69:9d:b4: 34:db:37:7a:e2:57:77:4a:b1:13:6d:30:d2:b8:70:33: 8c:e4:5e:bd:9c:75:24:67:a2:de:75:f3:d4:f1:74:00: 17:f5:44:33:81:92:17:79:9f:ac:91:37:1b:b5:66:f8: 66:f7:24:c1:2b:33:6c:82:0d:b4:82:f0:a1:e0:07:e1: 0f:d5:9c:98:5a:85:2d:91:fe:35:3a:3c:5a:a3:f5:99: 41:cf:cc:38:96:c8:95:6b:2d:f3:e0:91:54:38:90:0d: 2f:64:e2:c4:99:cb:8a:4e:ad:f9:47:62:3b:73:24:39 Fingerprint (SHA-256): AF:D1:87:69:66:38:DD:E8:56:8E:C0:A1:C6:2E:4B:66:57:9D:50:BD:F6:66:90:21:B2:B0:14:1A:10:9E:2B:09 Fingerprint (SHA1): 8B:63:5F:03:39:21:21:B5:10:B0:30:3D:AA:88:DC:C9:18:D7:D6:32 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1743: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1744: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1745: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161578 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1746: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1747: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1748: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1749: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161579 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1750: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1751: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1752: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1753: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161580 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1754: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1755: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1756: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1757: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518161581 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1758: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1759: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1760: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1761: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518161582 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1762: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1763: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1764: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161578 (0x1ee284aa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:41 2015 Not After : Mon May 18 20:27:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:8f:3a:20:2b:f4:0f:f4:7f:02:ef:fd:0c:10:9a:91: 48:3a:5e:cc:03:5b:40:bc:f4:ea:74:a7:12:7d:5b:41: 4d:89:3b:09:8a:35:52:f9:52:87:eb:55:a1:e8:04:a3: 48:80:0c:b7:9f:d8:25:ea:f5:01:27:12:37:3f:ba:77: b7:51:f4:a0:b3:f9:c1:22:5c:d8:21:ff:90:4b:f3:c9: 22:8b:47:d5:53:97:3b:7e:2b:f3:3e:40:ec:9d:5e:92: 90:db:e8:02:9c:c6:e3:d3:5e:7d:47:66:95:6f:6d:cd: 31:bb:51:69:54:01:8a:5f:85:d1:5d:30:ee:9f:ce:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:50:9e:c8:0b:48:49:85:6d:52:43:31:a8:ee:b7:f6: ef:48:ef:7d:35:38:a1:22:7b:6f:59:ae:85:27:b5:48: 17:dc:d8:31:6e:3a:07:51:c8:aa:08:e9:49:20:2f:63: eb:c7:dd:cf:47:d7:20:12:ed:e5:b1:4a:4c:9b:60:08: 99:1d:18:26:f3:a2:3d:d0:d7:ac:48:bd:84:0f:72:fc: ed:6e:9f:64:3a:1a:f0:00:2a:3a:3c:4e:18:7c:0b:84: d3:32:4a:e0:ee:ed:2b:c7:d3:fe:76:ea:a1:b5:0d:b0: d0:57:3a:b1:8d:11:06:2e:1a:a4:df:1d:62:9d:bd:15 Fingerprint (SHA-256): 42:F0:0B:19:1F:72:CB:D3:9B:92:89:06:E7:78:E5:B7:D5:32:70:59:44:83:41:03:1D:45:E6:BF:4E:43:87:07 Fingerprint (SHA1): 98:F9:92:76:76:62:01:B2:CB:D3:99:C7:EB:5A:6D:5B:BD:14:D9:54 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1765: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1766: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161579 (0x1ee284ab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:44 2015 Not After : Mon May 18 20:27:44 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:9d:7e:e1:c5:83:f0:47:f2:31:5b:dd:be:2e:64:fb: 4e:47:02:2b:dd:c0:cf:e6:6f:5a:83:dd:fb:f3:b7:0f: 59:82:f3:b2:01:db:51:06:a5:7f:36:98:7b:94:e4:fa: c2:c3:b6:38:14:53:f1:bd:65:ae:50:9d:11:1a:a3:c0: ed:ed:6c:fc:36:3d:06:e3:4a:86:48:b3:f2:c1:88:c4: 64:d9:8a:92:b7:4d:3c:8b:ad:97:86:d5:b8:20:6b:af: 9b:e8:22:bb:c1:78:7c:89:7e:a7:24:75:fa:58:94:84: 2f:2f:d4:3c:0e:7b:68:27:f8:95:25:e3:38:b6:f8:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:28:9d:74:14:04:9c:4f:64:3c:30:80:c1:94:fd:6a: 7e:6d:a5:96:4b:93:68:c9:75:15:2f:74:93:e6:6f:1f: 34:71:b6:5e:56:5e:0c:0f:40:c1:42:7c:8c:4e:9d:59: 15:be:a2:30:73:0a:fa:3e:5b:5d:6e:53:6c:65:3d:5f: 7a:e2:2d:b8:ee:e3:b6:07:5d:09:42:07:ee:c2:02:8c: 76:f2:48:f9:33:d1:74:ec:39:1b:61:0f:bf:f9:57:d6: f9:35:23:53:d2:04:71:be:d5:13:a3:d5:9a:dc:81:07: d5:f7:37:ed:9c:d1:14:5f:d7:f9:65:a9:e6:e1:f3:4f Fingerprint (SHA-256): E1:88:F9:B3:87:DE:C8:AF:04:76:F0:46:85:5B:D5:F8:4C:15:28:A2:00:37:77:B7:2B:1C:A5:18:E7:D5:97:9A Fingerprint (SHA1): 6F:49:D7:D3:C5:89:8A:11:2D:54:04:C5:B1:2C:0A:E2:69:E4:5F:0A Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1767: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1768: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161580 (0x1ee284ac) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:48 2015 Not After : Mon May 18 20:27:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:d9:a7:82:c2:03:9f:b0:48:4b:2c:ea:d1:51:5a:9b: a7:04:76:e3:52:ec:d4:0a:a5:a0:52:b0:76:cc:a6:f5: 49:b0:c8:e4:c5:f7:9b:dc:56:48:a8:4a:04:be:f3:90: d9:49:74:91:da:f8:31:00:5d:55:30:2a:71:a2:99:49: 13:21:b3:85:f0:ac:39:7a:b4:7c:28:af:6b:15:d5:4d: e6:d3:c3:fa:e2:4b:cd:65:34:d8:43:80:0a:8b:8c:92: 45:8f:4d:f5:9b:e1:37:d0:e2:12:63:ab:cb:12:02:ee: 86:06:71:19:c2:a5:3b:22:fd:d7:83:1b:fe:ce:15:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:08:9b:6e:1c:0e:70:06:1f:22:c6:e0:e0:fc:4a:6a: 94:33:ae:38:f9:07:00:77:36:2d:06:62:74:27:4a:e7: c6:fa:8d:90:4a:c0:ff:13:c9:78:02:3a:7c:cf:05:11: 0b:d7:30:e7:d0:45:0a:36:b0:f7:aa:f9:a6:fe:c8:26: 67:eb:2c:82:f8:f9:60:57:c5:c1:f6:b1:b9:71:27:8a: ff:12:b6:d0:35:83:d6:e3:72:cf:6e:d0:60:0f:9c:22: 09:3a:2a:b3:20:fb:55:79:8b:cf:26:70:d5:1f:85:4b: 88:6e:c7:d8:84:22:ad:a8:34:2d:09:9c:0e:5a:fa:16 Fingerprint (SHA-256): 98:90:3E:A5:06:B2:D8:5F:AB:71:1C:86:4B:1A:69:C9:27:96:84:A9:4B:66:C0:A5:14:1C:09:D6:18:D3:B9:32 Fingerprint (SHA1): 84:39:C3:D2:7F:6C:DB:BA:42:65:F2:2E:04:50:AB:42:E9:4C:A6:B9 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1769: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1770: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1771: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1772: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1773: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161578 (0x1ee284aa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:41 2015 Not After : Mon May 18 20:27:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:8f:3a:20:2b:f4:0f:f4:7f:02:ef:fd:0c:10:9a:91: 48:3a:5e:cc:03:5b:40:bc:f4:ea:74:a7:12:7d:5b:41: 4d:89:3b:09:8a:35:52:f9:52:87:eb:55:a1:e8:04:a3: 48:80:0c:b7:9f:d8:25:ea:f5:01:27:12:37:3f:ba:77: b7:51:f4:a0:b3:f9:c1:22:5c:d8:21:ff:90:4b:f3:c9: 22:8b:47:d5:53:97:3b:7e:2b:f3:3e:40:ec:9d:5e:92: 90:db:e8:02:9c:c6:e3:d3:5e:7d:47:66:95:6f:6d:cd: 31:bb:51:69:54:01:8a:5f:85:d1:5d:30:ee:9f:ce:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:50:9e:c8:0b:48:49:85:6d:52:43:31:a8:ee:b7:f6: ef:48:ef:7d:35:38:a1:22:7b:6f:59:ae:85:27:b5:48: 17:dc:d8:31:6e:3a:07:51:c8:aa:08:e9:49:20:2f:63: eb:c7:dd:cf:47:d7:20:12:ed:e5:b1:4a:4c:9b:60:08: 99:1d:18:26:f3:a2:3d:d0:d7:ac:48:bd:84:0f:72:fc: ed:6e:9f:64:3a:1a:f0:00:2a:3a:3c:4e:18:7c:0b:84: d3:32:4a:e0:ee:ed:2b:c7:d3:fe:76:ea:a1:b5:0d:b0: d0:57:3a:b1:8d:11:06:2e:1a:a4:df:1d:62:9d:bd:15 Fingerprint (SHA-256): 42:F0:0B:19:1F:72:CB:D3:9B:92:89:06:E7:78:E5:B7:D5:32:70:59:44:83:41:03:1D:45:E6:BF:4E:43:87:07 Fingerprint (SHA1): 98:F9:92:76:76:62:01:B2:CB:D3:99:C7:EB:5A:6D:5B:BD:14:D9:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1774: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1775: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161579 (0x1ee284ab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:44 2015 Not After : Mon May 18 20:27:44 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:9d:7e:e1:c5:83:f0:47:f2:31:5b:dd:be:2e:64:fb: 4e:47:02:2b:dd:c0:cf:e6:6f:5a:83:dd:fb:f3:b7:0f: 59:82:f3:b2:01:db:51:06:a5:7f:36:98:7b:94:e4:fa: c2:c3:b6:38:14:53:f1:bd:65:ae:50:9d:11:1a:a3:c0: ed:ed:6c:fc:36:3d:06:e3:4a:86:48:b3:f2:c1:88:c4: 64:d9:8a:92:b7:4d:3c:8b:ad:97:86:d5:b8:20:6b:af: 9b:e8:22:bb:c1:78:7c:89:7e:a7:24:75:fa:58:94:84: 2f:2f:d4:3c:0e:7b:68:27:f8:95:25:e3:38:b6:f8:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:28:9d:74:14:04:9c:4f:64:3c:30:80:c1:94:fd:6a: 7e:6d:a5:96:4b:93:68:c9:75:15:2f:74:93:e6:6f:1f: 34:71:b6:5e:56:5e:0c:0f:40:c1:42:7c:8c:4e:9d:59: 15:be:a2:30:73:0a:fa:3e:5b:5d:6e:53:6c:65:3d:5f: 7a:e2:2d:b8:ee:e3:b6:07:5d:09:42:07:ee:c2:02:8c: 76:f2:48:f9:33:d1:74:ec:39:1b:61:0f:bf:f9:57:d6: f9:35:23:53:d2:04:71:be:d5:13:a3:d5:9a:dc:81:07: d5:f7:37:ed:9c:d1:14:5f:d7:f9:65:a9:e6:e1:f3:4f Fingerprint (SHA-256): E1:88:F9:B3:87:DE:C8:AF:04:76:F0:46:85:5B:D5:F8:4C:15:28:A2:00:37:77:B7:2B:1C:A5:18:E7:D5:97:9A Fingerprint (SHA1): 6F:49:D7:D3:C5:89:8A:11:2D:54:04:C5:B1:2C:0A:E2:69:E4:5F:0A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1776: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1777: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161580 (0x1ee284ac) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:48 2015 Not After : Mon May 18 20:27:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:d9:a7:82:c2:03:9f:b0:48:4b:2c:ea:d1:51:5a:9b: a7:04:76:e3:52:ec:d4:0a:a5:a0:52:b0:76:cc:a6:f5: 49:b0:c8:e4:c5:f7:9b:dc:56:48:a8:4a:04:be:f3:90: d9:49:74:91:da:f8:31:00:5d:55:30:2a:71:a2:99:49: 13:21:b3:85:f0:ac:39:7a:b4:7c:28:af:6b:15:d5:4d: e6:d3:c3:fa:e2:4b:cd:65:34:d8:43:80:0a:8b:8c:92: 45:8f:4d:f5:9b:e1:37:d0:e2:12:63:ab:cb:12:02:ee: 86:06:71:19:c2:a5:3b:22:fd:d7:83:1b:fe:ce:15:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:08:9b:6e:1c:0e:70:06:1f:22:c6:e0:e0:fc:4a:6a: 94:33:ae:38:f9:07:00:77:36:2d:06:62:74:27:4a:e7: c6:fa:8d:90:4a:c0:ff:13:c9:78:02:3a:7c:cf:05:11: 0b:d7:30:e7:d0:45:0a:36:b0:f7:aa:f9:a6:fe:c8:26: 67:eb:2c:82:f8:f9:60:57:c5:c1:f6:b1:b9:71:27:8a: ff:12:b6:d0:35:83:d6:e3:72:cf:6e:d0:60:0f:9c:22: 09:3a:2a:b3:20:fb:55:79:8b:cf:26:70:d5:1f:85:4b: 88:6e:c7:d8:84:22:ad:a8:34:2d:09:9c:0e:5a:fa:16 Fingerprint (SHA-256): 98:90:3E:A5:06:B2:D8:5F:AB:71:1C:86:4B:1A:69:C9:27:96:84:A9:4B:66:C0:A5:14:1C:09:D6:18:D3:B9:32 Fingerprint (SHA1): 84:39:C3:D2:7F:6C:DB:BA:42:65:F2:2E:04:50:AB:42:E9:4C:A6:B9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1778: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1779: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161578 (0x1ee284aa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:41 2015 Not After : Mon May 18 20:27:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:8f:3a:20:2b:f4:0f:f4:7f:02:ef:fd:0c:10:9a:91: 48:3a:5e:cc:03:5b:40:bc:f4:ea:74:a7:12:7d:5b:41: 4d:89:3b:09:8a:35:52:f9:52:87:eb:55:a1:e8:04:a3: 48:80:0c:b7:9f:d8:25:ea:f5:01:27:12:37:3f:ba:77: b7:51:f4:a0:b3:f9:c1:22:5c:d8:21:ff:90:4b:f3:c9: 22:8b:47:d5:53:97:3b:7e:2b:f3:3e:40:ec:9d:5e:92: 90:db:e8:02:9c:c6:e3:d3:5e:7d:47:66:95:6f:6d:cd: 31:bb:51:69:54:01:8a:5f:85:d1:5d:30:ee:9f:ce:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:50:9e:c8:0b:48:49:85:6d:52:43:31:a8:ee:b7:f6: ef:48:ef:7d:35:38:a1:22:7b:6f:59:ae:85:27:b5:48: 17:dc:d8:31:6e:3a:07:51:c8:aa:08:e9:49:20:2f:63: eb:c7:dd:cf:47:d7:20:12:ed:e5:b1:4a:4c:9b:60:08: 99:1d:18:26:f3:a2:3d:d0:d7:ac:48:bd:84:0f:72:fc: ed:6e:9f:64:3a:1a:f0:00:2a:3a:3c:4e:18:7c:0b:84: d3:32:4a:e0:ee:ed:2b:c7:d3:fe:76:ea:a1:b5:0d:b0: d0:57:3a:b1:8d:11:06:2e:1a:a4:df:1d:62:9d:bd:15 Fingerprint (SHA-256): 42:F0:0B:19:1F:72:CB:D3:9B:92:89:06:E7:78:E5:B7:D5:32:70:59:44:83:41:03:1D:45:E6:BF:4E:43:87:07 Fingerprint (SHA1): 98:F9:92:76:76:62:01:B2:CB:D3:99:C7:EB:5A:6D:5B:BD:14:D9:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1780: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161578 (0x1ee284aa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:41 2015 Not After : Mon May 18 20:27:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:8f:3a:20:2b:f4:0f:f4:7f:02:ef:fd:0c:10:9a:91: 48:3a:5e:cc:03:5b:40:bc:f4:ea:74:a7:12:7d:5b:41: 4d:89:3b:09:8a:35:52:f9:52:87:eb:55:a1:e8:04:a3: 48:80:0c:b7:9f:d8:25:ea:f5:01:27:12:37:3f:ba:77: b7:51:f4:a0:b3:f9:c1:22:5c:d8:21:ff:90:4b:f3:c9: 22:8b:47:d5:53:97:3b:7e:2b:f3:3e:40:ec:9d:5e:92: 90:db:e8:02:9c:c6:e3:d3:5e:7d:47:66:95:6f:6d:cd: 31:bb:51:69:54:01:8a:5f:85:d1:5d:30:ee:9f:ce:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:50:9e:c8:0b:48:49:85:6d:52:43:31:a8:ee:b7:f6: ef:48:ef:7d:35:38:a1:22:7b:6f:59:ae:85:27:b5:48: 17:dc:d8:31:6e:3a:07:51:c8:aa:08:e9:49:20:2f:63: eb:c7:dd:cf:47:d7:20:12:ed:e5:b1:4a:4c:9b:60:08: 99:1d:18:26:f3:a2:3d:d0:d7:ac:48:bd:84:0f:72:fc: ed:6e:9f:64:3a:1a:f0:00:2a:3a:3c:4e:18:7c:0b:84: d3:32:4a:e0:ee:ed:2b:c7:d3:fe:76:ea:a1:b5:0d:b0: d0:57:3a:b1:8d:11:06:2e:1a:a4:df:1d:62:9d:bd:15 Fingerprint (SHA-256): 42:F0:0B:19:1F:72:CB:D3:9B:92:89:06:E7:78:E5:B7:D5:32:70:59:44:83:41:03:1D:45:E6:BF:4E:43:87:07 Fingerprint (SHA1): 98:F9:92:76:76:62:01:B2:CB:D3:99:C7:EB:5A:6D:5B:BD:14:D9:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1781: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161579 (0x1ee284ab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:44 2015 Not After : Mon May 18 20:27:44 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:9d:7e:e1:c5:83:f0:47:f2:31:5b:dd:be:2e:64:fb: 4e:47:02:2b:dd:c0:cf:e6:6f:5a:83:dd:fb:f3:b7:0f: 59:82:f3:b2:01:db:51:06:a5:7f:36:98:7b:94:e4:fa: c2:c3:b6:38:14:53:f1:bd:65:ae:50:9d:11:1a:a3:c0: ed:ed:6c:fc:36:3d:06:e3:4a:86:48:b3:f2:c1:88:c4: 64:d9:8a:92:b7:4d:3c:8b:ad:97:86:d5:b8:20:6b:af: 9b:e8:22:bb:c1:78:7c:89:7e:a7:24:75:fa:58:94:84: 2f:2f:d4:3c:0e:7b:68:27:f8:95:25:e3:38:b6:f8:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:28:9d:74:14:04:9c:4f:64:3c:30:80:c1:94:fd:6a: 7e:6d:a5:96:4b:93:68:c9:75:15:2f:74:93:e6:6f:1f: 34:71:b6:5e:56:5e:0c:0f:40:c1:42:7c:8c:4e:9d:59: 15:be:a2:30:73:0a:fa:3e:5b:5d:6e:53:6c:65:3d:5f: 7a:e2:2d:b8:ee:e3:b6:07:5d:09:42:07:ee:c2:02:8c: 76:f2:48:f9:33:d1:74:ec:39:1b:61:0f:bf:f9:57:d6: f9:35:23:53:d2:04:71:be:d5:13:a3:d5:9a:dc:81:07: d5:f7:37:ed:9c:d1:14:5f:d7:f9:65:a9:e6:e1:f3:4f Fingerprint (SHA-256): E1:88:F9:B3:87:DE:C8:AF:04:76:F0:46:85:5B:D5:F8:4C:15:28:A2:00:37:77:B7:2B:1C:A5:18:E7:D5:97:9A Fingerprint (SHA1): 6F:49:D7:D3:C5:89:8A:11:2D:54:04:C5:B1:2C:0A:E2:69:E4:5F:0A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1782: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161579 (0x1ee284ab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:27:44 2015 Not After : Mon May 18 20:27:44 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:9d:7e:e1:c5:83:f0:47:f2:31:5b:dd:be:2e:64:fb: 4e:47:02:2b:dd:c0:cf:e6:6f:5a:83:dd:fb:f3:b7:0f: 59:82:f3:b2:01:db:51:06:a5:7f:36:98:7b:94:e4:fa: c2:c3:b6:38:14:53:f1:bd:65:ae:50:9d:11:1a:a3:c0: ed:ed:6c:fc:36:3d:06:e3:4a:86:48:b3:f2:c1:88:c4: 64:d9:8a:92:b7:4d:3c:8b:ad:97:86:d5:b8:20:6b:af: 9b:e8:22:bb:c1:78:7c:89:7e:a7:24:75:fa:58:94:84: 2f:2f:d4:3c:0e:7b:68:27:f8:95:25:e3:38:b6:f8:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:28:9d:74:14:04:9c:4f:64:3c:30:80:c1:94:fd:6a: 7e:6d:a5:96:4b:93:68:c9:75:15:2f:74:93:e6:6f:1f: 34:71:b6:5e:56:5e:0c:0f:40:c1:42:7c:8c:4e:9d:59: 15:be:a2:30:73:0a:fa:3e:5b:5d:6e:53:6c:65:3d:5f: 7a:e2:2d:b8:ee:e3:b6:07:5d:09:42:07:ee:c2:02:8c: 76:f2:48:f9:33:d1:74:ec:39:1b:61:0f:bf:f9:57:d6: f9:35:23:53:d2:04:71:be:d5:13:a3:d5:9a:dc:81:07: d5:f7:37:ed:9c:d1:14:5f:d7:f9:65:a9:e6:e1:f3:4f Fingerprint (SHA-256): E1:88:F9:B3:87:DE:C8:AF:04:76:F0:46:85:5B:D5:F8:4C:15:28:A2:00:37:77:B7:2B:1C:A5:18:E7:D5:97:9A Fingerprint (SHA1): 6F:49:D7:D3:C5:89:8A:11:2D:54:04:C5:B1:2C:0A:E2:69:E4:5F:0A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1783: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161580 (0x1ee284ac) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:48 2015 Not After : Mon May 18 20:27:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:d9:a7:82:c2:03:9f:b0:48:4b:2c:ea:d1:51:5a:9b: a7:04:76:e3:52:ec:d4:0a:a5:a0:52:b0:76:cc:a6:f5: 49:b0:c8:e4:c5:f7:9b:dc:56:48:a8:4a:04:be:f3:90: d9:49:74:91:da:f8:31:00:5d:55:30:2a:71:a2:99:49: 13:21:b3:85:f0:ac:39:7a:b4:7c:28:af:6b:15:d5:4d: e6:d3:c3:fa:e2:4b:cd:65:34:d8:43:80:0a:8b:8c:92: 45:8f:4d:f5:9b:e1:37:d0:e2:12:63:ab:cb:12:02:ee: 86:06:71:19:c2:a5:3b:22:fd:d7:83:1b:fe:ce:15:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:08:9b:6e:1c:0e:70:06:1f:22:c6:e0:e0:fc:4a:6a: 94:33:ae:38:f9:07:00:77:36:2d:06:62:74:27:4a:e7: c6:fa:8d:90:4a:c0:ff:13:c9:78:02:3a:7c:cf:05:11: 0b:d7:30:e7:d0:45:0a:36:b0:f7:aa:f9:a6:fe:c8:26: 67:eb:2c:82:f8:f9:60:57:c5:c1:f6:b1:b9:71:27:8a: ff:12:b6:d0:35:83:d6:e3:72:cf:6e:d0:60:0f:9c:22: 09:3a:2a:b3:20:fb:55:79:8b:cf:26:70:d5:1f:85:4b: 88:6e:c7:d8:84:22:ad:a8:34:2d:09:9c:0e:5a:fa:16 Fingerprint (SHA-256): 98:90:3E:A5:06:B2:D8:5F:AB:71:1C:86:4B:1A:69:C9:27:96:84:A9:4B:66:C0:A5:14:1C:09:D6:18:D3:B9:32 Fingerprint (SHA1): 84:39:C3:D2:7F:6C:DB:BA:42:65:F2:2E:04:50:AB:42:E9:4C:A6:B9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1784: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161580 (0x1ee284ac) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:27:48 2015 Not After : Mon May 18 20:27:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:d9:a7:82:c2:03:9f:b0:48:4b:2c:ea:d1:51:5a:9b: a7:04:76:e3:52:ec:d4:0a:a5:a0:52:b0:76:cc:a6:f5: 49:b0:c8:e4:c5:f7:9b:dc:56:48:a8:4a:04:be:f3:90: d9:49:74:91:da:f8:31:00:5d:55:30:2a:71:a2:99:49: 13:21:b3:85:f0:ac:39:7a:b4:7c:28:af:6b:15:d5:4d: e6:d3:c3:fa:e2:4b:cd:65:34:d8:43:80:0a:8b:8c:92: 45:8f:4d:f5:9b:e1:37:d0:e2:12:63:ab:cb:12:02:ee: 86:06:71:19:c2:a5:3b:22:fd:d7:83:1b:fe:ce:15:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:08:9b:6e:1c:0e:70:06:1f:22:c6:e0:e0:fc:4a:6a: 94:33:ae:38:f9:07:00:77:36:2d:06:62:74:27:4a:e7: c6:fa:8d:90:4a:c0:ff:13:c9:78:02:3a:7c:cf:05:11: 0b:d7:30:e7:d0:45:0a:36:b0:f7:aa:f9:a6:fe:c8:26: 67:eb:2c:82:f8:f9:60:57:c5:c1:f6:b1:b9:71:27:8a: ff:12:b6:d0:35:83:d6:e3:72:cf:6e:d0:60:0f:9c:22: 09:3a:2a:b3:20:fb:55:79:8b:cf:26:70:d5:1f:85:4b: 88:6e:c7:d8:84:22:ad:a8:34:2d:09:9c:0e:5a:fa:16 Fingerprint (SHA-256): 98:90:3E:A5:06:B2:D8:5F:AB:71:1C:86:4B:1A:69:C9:27:96:84:A9:4B:66:C0:A5:14:1C:09:D6:18:D3:B9:32 Fingerprint (SHA1): 84:39:C3:D2:7F:6C:DB:BA:42:65:F2:2E:04:50:AB:42:E9:4C:A6:B9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1785: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1786: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161583 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1787: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1788: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1789: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1790: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161584 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1791: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1792: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1793: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1794: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161585 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1795: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1796: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1797: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1798: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518161586 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1799: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1800: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1801: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1802: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518161587 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1803: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1804: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1805: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1806: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518161588 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1807: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1808: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #1809: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1810: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518161589 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1811: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1812: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1813: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1814: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1815: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1816: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1817: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161583 (0x1ee284af) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:10 2015 Not After : Mon May 18 20:28:10 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:24:26:98:5d:e2:2f:70:7d:5f:0c:58:d1:53:64:37: fb:2a:65:3a:d9:96:c3:1e:7b:36:14:2f:b0:6b:a2:fb: 1d:47:31:85:23:bd:e8:54:cb:15:e0:18:fd:55:76:d5: f7:fb:f6:ca:3b:cc:37:af:9b:45:82:c2:2c:3c:6a:16: 27:dc:16:50:0f:ef:7d:0d:1b:46:bd:1e:20:76:d3:e8: 17:e3:25:f0:d9:87:1e:5a:9d:e1:c0:06:cf:c2:a9:bc: cd:57:c7:66:c6:2e:c2:d0:89:5f:41:1d:91:ba:b2:3f: a6:c0:be:72:f5:ea:fa:03:3b:9c:cb:8e:63:0a:f1:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: cf:09:d6:32:c3:2f:78:11:f3:d0:d5:bd:af:05:d1:be: 26:68:d4:f1:dd:9f:66:89:6e:38:b0:f9:97:87:95:f6: bc:35:45:72:01:7e:33:15:ba:3d:36:8b:f0:06:30:a1: 8c:f9:9e:09:ae:62:6d:b3:4a:46:47:4b:82:ee:19:45: cf:15:b1:63:73:ca:c2:db:83:1c:68:5f:5e:ea:c4:7f: c8:50:e7:72:b0:10:2a:b2:1c:f8:83:1b:dd:df:a9:14: 00:36:fa:1f:6d:95:a3:e7:be:fc:5a:66:9b:0b:a4:16: 53:7f:ee:fe:ad:f3:0f:45:4f:ad:ae:04:ba:55:35:7d Fingerprint (SHA-256): B3:C9:B8:D7:A6:AE:37:4F:C1:11:0D:D6:D6:ED:59:90:D5:76:05:20:56:98:60:44:B6:4D:40:74:45:12:DE:4F Fingerprint (SHA1): B9:1A:1E:4B:F4:E9:E3:1B:90:64:93:C9:F5:22:3C:B7:01:22:85:81 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1818: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1819: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1820: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1821: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161583 (0x1ee284af) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:10 2015 Not After : Mon May 18 20:28:10 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:24:26:98:5d:e2:2f:70:7d:5f:0c:58:d1:53:64:37: fb:2a:65:3a:d9:96:c3:1e:7b:36:14:2f:b0:6b:a2:fb: 1d:47:31:85:23:bd:e8:54:cb:15:e0:18:fd:55:76:d5: f7:fb:f6:ca:3b:cc:37:af:9b:45:82:c2:2c:3c:6a:16: 27:dc:16:50:0f:ef:7d:0d:1b:46:bd:1e:20:76:d3:e8: 17:e3:25:f0:d9:87:1e:5a:9d:e1:c0:06:cf:c2:a9:bc: cd:57:c7:66:c6:2e:c2:d0:89:5f:41:1d:91:ba:b2:3f: a6:c0:be:72:f5:ea:fa:03:3b:9c:cb:8e:63:0a:f1:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: cf:09:d6:32:c3:2f:78:11:f3:d0:d5:bd:af:05:d1:be: 26:68:d4:f1:dd:9f:66:89:6e:38:b0:f9:97:87:95:f6: bc:35:45:72:01:7e:33:15:ba:3d:36:8b:f0:06:30:a1: 8c:f9:9e:09:ae:62:6d:b3:4a:46:47:4b:82:ee:19:45: cf:15:b1:63:73:ca:c2:db:83:1c:68:5f:5e:ea:c4:7f: c8:50:e7:72:b0:10:2a:b2:1c:f8:83:1b:dd:df:a9:14: 00:36:fa:1f:6d:95:a3:e7:be:fc:5a:66:9b:0b:a4:16: 53:7f:ee:fe:ad:f3:0f:45:4f:ad:ae:04:ba:55:35:7d Fingerprint (SHA-256): B3:C9:B8:D7:A6:AE:37:4F:C1:11:0D:D6:D6:ED:59:90:D5:76:05:20:56:98:60:44:B6:4D:40:74:45:12:DE:4F Fingerprint (SHA1): B9:1A:1E:4B:F4:E9:E3:1B:90:64:93:C9:F5:22:3C:B7:01:22:85:81 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1822: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1823: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1824: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161590 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1825: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1826: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1827: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1828: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161591 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1829: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1830: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1831: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1832: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518161592 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1833: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1834: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1835: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1836: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518161593 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1837: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1838: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1839: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1840: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518161594 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1841: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1842: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1843: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1844: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518161595 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1845: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1846: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1847: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1848: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518161596 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1849: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1850: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1851: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1852: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518161597 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1853: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1854: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1855: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1856: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518161598 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1857: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1858: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1859: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1860: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518161599 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1861: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1862: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1863: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1864: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518161600 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1865: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1866: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1867: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1868: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518161601 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1869: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1870: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1871: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1872: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518161602 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1873: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1874: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1875: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1876: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518161603 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1877: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1878: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1879: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1880: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518161604 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1881: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1882: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1883: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1884: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518161605 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1885: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1886: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1887: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1888: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518161606 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1889: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1890: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1891: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1892: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518161607 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1893: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1894: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1895: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1896: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518161608 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1897: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1898: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1899: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1900: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518161609 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1901: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1902: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1903: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1904: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518161610 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1905: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1906: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1907: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1908: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518161611 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1909: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1910: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1911: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1912: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518161612 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1913: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1914: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1915: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1916: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518161613 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1917: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1918: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1919: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1920: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518161614 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1921: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1922: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1923: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1924: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518161615 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1925: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1926: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1927: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1928: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518161616 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1929: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1930: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1931: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1932: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518161617 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1933: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1934: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1935: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1936: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518161618 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1937: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1938: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1939: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1940: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518161619 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1941: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1942: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1943: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1944: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1945: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1946: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1947: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1948: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1949: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1950: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1951: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1952: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1953: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1954: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1955: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1956: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1957: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1958: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1959: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1960: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1961: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1962: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1963: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1964: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1965: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161590 (0x1ee284b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:28:37 2015 Not After : Mon May 18 20:28:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:59:1c:00:94:33:4d:fd:d3:ac:17:42:7a:dd:82:f1: e8:fe:15:30:eb:9d:f5:79:68:5b:a9:b5:07:fc:c2:da: 8a:6e:3a:10:a3:41:2b:65:78:19:ef:9e:8f:c6:e0:42: de:31:12:3d:d8:d3:a8:e5:2e:fb:80:2d:fc:89:36:a6: 5e:e6:58:74:d4:75:80:8c:6c:f5:28:23:8d:f1:02:e2: d7:36:bb:fd:79:bb:74:5a:51:50:18:6d:92:ec:13:9b: 0a:11:c1:89:17:06:5d:d9:eb:f9:eb:9f:97:60:46:83: fd:2b:4e:6f:5c:d0:65:95:10:53:a8:79:88:b8:40:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:31:fa:ad:bf:a9:85:93:be:18:92:a3:e1:78:54:2c: 9a:00:d1:35:b1:74:c6:2a:b0:be:4b:ca:8a:79:8c:e5: 55:ad:d9:6c:af:3c:32:59:81:88:6d:17:d4:84:30:ce: 87:b3:8c:9a:6b:13:24:25:d0:9f:9a:a2:c8:9b:2e:c4: bd:c6:f5:ad:fb:c7:0d:42:11:4c:e7:73:be:05:d4:ca: 0a:3a:c4:b9:15:15:99:5e:c9:b3:53:a9:d1:68:d8:f0: 25:61:5e:10:80:cd:68:97:3c:e5:b2:ca:df:53:db:b6: df:46:25:ca:4e:b5:2e:9c:6f:f7:e4:80:66:ee:d5:f4 Fingerprint (SHA-256): 88:03:DD:7F:94:BE:5F:F6:3F:D9:BC:1E:0C:CC:2F:E7:79:7C:18:91:48:C1:16:60:B8:F2:E4:90:0C:6F:8C:B8 Fingerprint (SHA1): 56:C1:4E:7A:92:BE:EE:EC:EC:77:87:CA:92:3E:F4:4B:72:67:74:EA Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1966: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1967: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1968: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161620 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1969: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1970: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1971: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1972: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518161621 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1973: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1974: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1975: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1976: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518161622 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1977: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1978: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1979: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1980: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518161623 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1981: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1982: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1983: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1984: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518161624 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1985: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1986: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1987: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1988: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518161625 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1989: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1990: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1991: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1992: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518161626 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1993: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1994: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1995: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161620 (0x1ee284d4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:30:33 2015 Not After : Mon May 18 20:30:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:3d:11:6f:26:f1:23:7b:a1:53:de:7f:b8:cc:3f:b2: 67:4b:e9:09:4d:8d:a8:bf:49:74:f9:67:ab:57:16:1c: 88:08:f8:45:66:06:81:74:f6:89:87:21:5b:75:97:ea: 63:2b:90:e7:de:6f:91:c8:cd:7f:66:e9:62:0e:51:8a: db:cc:f1:4d:9c:82:7e:b8:39:e0:d5:78:6d:3c:ef:62: 6d:8a:f2:22:53:af:0a:17:31:88:2b:02:55:6f:a4:aa: 13:5a:05:16:bb:42:73:c1:b7:5a:d7:6f:1c:6b:3a:2e: 99:fc:64:fe:db:ad:9a:79:5a:aa:fc:fc:01:b6:4c:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:ff:28:d5:df:c6:55:90:16:9a:ca:51:f1:71:94:fa: 46:eb:40:f9:15:16:46:54:d5:4b:89:35:79:f0:53:a2: 49:d1:02:4a:61:2d:a6:e9:7b:22:e8:e4:91:0d:fe:bd: 16:8c:50:c6:4f:17:42:c9:07:49:8a:c4:2d:a7:59:eb: d7:99:e9:35:b5:19:8e:e3:34:de:30:e4:e3:97:ac:64: fe:a0:e3:6c:6c:e8:03:a6:86:c1:bb:f6:2d:90:61:c8: d3:0b:f1:03:5f:2f:26:ea:f8:d3:f5:7e:9e:a0:c5:1f: 17:3a:d2:ab:3b:59:13:55:2a:fd:89:50:1a:17:e7:a6 Fingerprint (SHA-256): 1A:0D:DE:47:77:C4:94:3D:A2:91:A6:51:D5:16:5F:3E:8F:C4:27:8B:EA:D8:1E:F6:89:45:B3:B6:07:83:D9:A7 Fingerprint (SHA1): 74:37:5C:BE:29:DF:70:17:A2:0E:F5:3F:D3:31:FA:74:A5:8F:2D:D9 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1996: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1997: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1998: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1999: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161620 (0x1ee284d4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:30:33 2015 Not After : Mon May 18 20:30:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:3d:11:6f:26:f1:23:7b:a1:53:de:7f:b8:cc:3f:b2: 67:4b:e9:09:4d:8d:a8:bf:49:74:f9:67:ab:57:16:1c: 88:08:f8:45:66:06:81:74:f6:89:87:21:5b:75:97:ea: 63:2b:90:e7:de:6f:91:c8:cd:7f:66:e9:62:0e:51:8a: db:cc:f1:4d:9c:82:7e:b8:39:e0:d5:78:6d:3c:ef:62: 6d:8a:f2:22:53:af:0a:17:31:88:2b:02:55:6f:a4:aa: 13:5a:05:16:bb:42:73:c1:b7:5a:d7:6f:1c:6b:3a:2e: 99:fc:64:fe:db:ad:9a:79:5a:aa:fc:fc:01:b6:4c:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:ff:28:d5:df:c6:55:90:16:9a:ca:51:f1:71:94:fa: 46:eb:40:f9:15:16:46:54:d5:4b:89:35:79:f0:53:a2: 49:d1:02:4a:61:2d:a6:e9:7b:22:e8:e4:91:0d:fe:bd: 16:8c:50:c6:4f:17:42:c9:07:49:8a:c4:2d:a7:59:eb: d7:99:e9:35:b5:19:8e:e3:34:de:30:e4:e3:97:ac:64: fe:a0:e3:6c:6c:e8:03:a6:86:c1:bb:f6:2d:90:61:c8: d3:0b:f1:03:5f:2f:26:ea:f8:d3:f5:7e:9e:a0:c5:1f: 17:3a:d2:ab:3b:59:13:55:2a:fd:89:50:1a:17:e7:a6 Fingerprint (SHA-256): 1A:0D:DE:47:77:C4:94:3D:A2:91:A6:51:D5:16:5F:3E:8F:C4:27:8B:EA:D8:1E:F6:89:45:B3:B6:07:83:D9:A7 Fingerprint (SHA1): 74:37:5C:BE:29:DF:70:17:A2:0E:F5:3F:D3:31:FA:74:A5:8F:2D:D9 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #2000: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2001: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2002: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2003: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161627 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2004: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2005: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2006: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2007: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161628 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2008: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2009: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2010: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2011: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161629 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2012: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2013: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2014: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2015: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161630 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2016: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2017: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2018: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2019: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2020: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2021: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161627 (0x1ee284db) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:31:02 2015 Not After : Mon May 18 20:31:02 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:c9:44:95:17:ae:bc:28:db:c7:51:e7:2a:e2:cb:9c: df:82:8c:7b:d1:94:80:af:b9:54:35:b8:68:1a:37:65: 66:90:91:be:99:96:56:c4:87:20:11:2e:c3:5d:9c:14: e6:c2:0b:1c:18:d1:19:45:26:7f:ab:74:8a:d1:94:59: 93:31:44:fb:18:9d:ed:2d:af:09:ed:16:a4:64:07:6e: 90:21:40:11:73:da:ea:31:41:e7:33:29:0f:3e:00:8f: fc:71:61:b8:06:75:ba:9a:ef:83:18:be:e5:5e:76:e1: 6e:23:2c:f8:cf:65:b7:68:07:b5:62:52:1d:c2:ad:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:50:10:e1:c3:c2:36:0c:1c:91:a1:05:e6:06:2a:3d: d3:08:75:e8:38:aa:3c:ca:fa:86:f4:d2:d5:40:27:ce: d4:cb:b8:86:66:1c:e2:1a:aa:3d:2a:9f:18:71:44:43: fc:74:7c:25:ee:80:3e:6d:c8:43:7b:12:c0:15:0e:d3: df:fc:47:d8:74:7b:e5:c9:88:51:16:72:8a:50:6b:28: c8:b7:4f:9b:8d:f2:d9:7f:05:34:65:69:71:7e:fa:aa: 2b:ce:63:06:ee:80:2e:96:45:32:18:a7:1b:f5:ec:a5: 96:d2:20:a3:40:28:7e:9d:9b:11:fb:7b:32:57:3a:f2 Fingerprint (SHA-256): E4:CC:54:1F:EA:4E:B0:9C:C7:2E:01:3A:2E:9B:F4:D1:0F:F7:17:43:2D:DE:CD:47:9E:AA:E1:79:88:E3:4F:AB Fingerprint (SHA1): 4C:33:B1:8B:08:60:31:18:E4:89:6E:A1:66:81:03:9A:66:A8:7B:9C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2022: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2023: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2024: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161628 (0x1ee284dc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:31:06 2015 Not After : Mon May 18 20:31:06 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:ee:00:c1:e0:97:36:7e:a9:84:62:e1:d1:40:c2:d3: 59:35:14:45:41:4f:a1:b7:19:cd:b8:18:29:48:40:10: cb:6d:7d:c9:bc:29:f3:34:d7:fa:2a:ce:91:9d:24:38: 7a:a6:09:04:65:f3:55:9e:55:a4:19:e7:15:9b:2c:97: eb:0c:b1:ef:c2:20:9d:74:e8:f3:b9:ed:6d:01:c3:c8: 8b:af:34:dd:e5:67:31:a4:34:74:ff:9e:27:64:15:80: 3d:a8:1b:54:69:a5:18:8f:4b:d2:b4:ed:9a:9c:fe:79: 3a:1d:d4:5c:6c:2a:f2:14:5c:38:20:e7:c7:fd:9c:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:53:c9:4f:94:6d:d5:b1:6e:36:74:a8:8e:c6:70:5d: 72:ad:4c:22:cc:77:65:69:48:7e:28:f6:46:25:f8:14: 98:77:5e:cb:2c:84:5e:4e:9b:ed:07:bb:86:a1:7d:8f: db:ba:a0:ac:d6:6e:a7:04:91:86:cd:13:bd:95:46:3e: a4:8a:8c:a2:78:5b:b8:4a:cc:49:f0:4c:0a:b8:a9:f4: 1a:78:d9:87:21:84:e6:0c:88:e5:bb:79:49:a5:bb:ea: 0e:5f:8d:b8:80:f6:83:7b:e5:f6:f4:29:f5:48:fe:79: c5:7b:53:37:8e:87:da:d3:b0:7d:e6:a7:ad:7a:cb:cf Fingerprint (SHA-256): 5D:65:D9:3A:93:98:96:0A:AB:C8:A3:55:40:B6:D3:68:CD:E4:40:4D:12:BE:92:25:01:75:CD:52:D2:F0:E3:5C Fingerprint (SHA1): B9:8F:FC:EA:AB:B6:89:D6:30:7D:CF:77:71:91:F2:61:78:5C:B2:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2025: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2026: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161629 (0x1ee284dd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:31:10 2015 Not After : Mon May 18 20:31:10 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:c3:fc:10:b9:c4:34:13:b6:2a:d5:95:25:f6:67:f5: af:87:72:73:be:51:75:b1:e6:9a:b2:83:77:b4:b5:fc: 80:38:63:4e:d1:b9:12:b6:ed:20:f7:1d:b9:8f:df:dd: ed:3f:fe:db:4a:42:2c:cb:fe:d2:19:36:0b:35:ef:2c: 0f:77:3b:47:e7:c4:24:98:ef:d5:00:1f:dc:79:26:02: 71:1c:fb:fa:38:c3:eb:77:60:d8:ba:78:c9:74:74:0e: 65:fa:6a:14:f5:f7:b5:2a:10:39:40:01:05:ed:2f:73: f4:38:98:67:89:88:25:69:ca:5c:00:d8:a7:55:f8:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 53:e1:52:1a:28:b7:63:3d:76:f2:bd:aa:8e:2c:7a:ea: 9a:b7:bf:f4:28:54:63:7c:2b:c8:e6:62:27:6d:7b:10: 9f:09:ab:70:be:6b:ca:97:01:a8:0a:be:d3:9a:81:7a: c0:84:18:61:5f:e6:df:96:37:5d:6f:86:be:e2:74:c8: 55:76:9a:d9:ea:03:b1:75:44:c5:91:28:88:7c:04:6f: 53:c3:20:a0:dd:bd:1f:7c:98:c4:05:1a:07:88:3a:2e: 6a:b6:b8:c3:5f:a4:0b:51:f5:19:1e:46:1c:87:be:c8: cd:51:8b:7d:7c:3e:de:32:7d:69:eb:71:97:e0:cd:f3 Fingerprint (SHA-256): 69:8B:63:49:4C:0F:C0:BE:53:44:9C:3C:68:6D:FD:76:0D:1A:B0:40:7A:47:AF:9E:10:47:2C:5F:AC:1C:02:82 Fingerprint (SHA1): D2:5B:F5:96:4B:85:36:E2:FE:D8:EA:B6:B1:CB:80:A7:76:7D:72:B5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #2027: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2028: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161631 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2029: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2030: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2031: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2032: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161632 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2033: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2034: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2035: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2036: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161633 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2037: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2038: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2039: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2040: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518161634 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2041: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2042: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2043: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2044: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518161635 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2045: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2046: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2047: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2048: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2049: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2050: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #2051: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161631 (0x1ee284df) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:31:21 2015 Not After : Mon May 18 20:31:21 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:f5:d6:96:e0:5e:53:05:b0:0d:eb:e4:4a:0a:ba:f6: af:25:b2:75:98:d6:d9:a6:38:1d:d2:25:6b:c6:49:97: 9c:8e:0e:58:96:a5:68:89:7e:15:90:38:2a:4f:e4:40: 73:9e:19:d6:58:59:0b:c6:a6:50:e6:30:8c:75:00:cd: 16:22:f2:b4:5d:63:a2:99:38:97:be:fe:97:c8:a6:dd: 5e:12:71:e5:f1:ae:bc:f9:05:9b:ea:93:b8:e8:ea:1a: 3e:b0:1c:f6:70:82:01:3f:a9:93:42:e4:48:cc:f4:d2: 46:d6:16:93:f1:56:e1:c0:2d:41:97:00:35:15:c5:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:30:0d:04:c8:83:cc:3f:f5:48:60:fd:9f:2e:ed:f6: db:55:6c:a3:e3:23:ad:1b:85:df:b3:4d:3a:1d:28:8a: 3e:08:17:d4:54:42:98:56:d0:73:42:0f:ad:2d:7f:3a: 34:55:c8:03:80:d2:09:0c:5b:1e:9f:ee:06:7b:0e:6c: 53:c5:05:38:e4:46:92:79:41:e0:3b:ea:90:a0:e0:f3: cf:d0:46:fb:01:10:fb:36:32:65:6f:51:0a:ae:1f:f4: b2:c1:d9:8f:7b:fa:ae:9c:51:f0:b5:d8:6c:eb:de:94: 0b:9f:56:14:0a:17:a8:3a:e6:57:b5:1e:d3:93:dd:23 Fingerprint (SHA-256): 73:0B:2B:1C:9F:8B:66:3B:EA:BA:6E:1A:C6:04:B5:E4:EC:0B:85:D1:22:2A:6B:07:3A:DE:00:60:AE:65:A0:C1 Fingerprint (SHA1): 47:01:D4:70:A8:D1:7F:7E:A6:E9:9D:C4:B7:1E:B2:A4:06:5C:59:5B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2052: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2053: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161632 (0x1ee284e0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:31:25 2015 Not After : Mon May 18 20:31:25 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:fd:c1:27:98:46:8e:98:80:42:b3:91:13:0c:34:e6: c7:df:f9:8f:cc:b9:02:d1:70:93:ab:b6:f5:58:6f:9e: c6:9f:48:b7:16:ac:15:6e:87:b3:7c:62:de:33:b1:8d: 16:6e:62:3e:2f:a1:a1:5c:01:8e:d1:6d:71:ad:61:75: ce:be:c9:05:e0:9d:6a:f1:a0:a2:48:47:94:84:10:51: 10:fd:d5:69:65:63:c9:00:6d:44:c5:70:59:db:94:d4: 59:48:60:88:e0:6e:0d:12:84:d0:1b:e7:32:7a:93:91: 22:33:a0:4a:97:a4:7f:e1:86:13:9d:67:e3:ce:08:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: dc:41:2f:a8:79:dc:82:76:b4:ac:15:30:09:de:61:e8: 6c:30:d5:7e:45:49:d0:d6:72:cf:8d:78:ea:9b:22:3d: 80:02:f3:6b:96:6b:86:b1:04:5a:d6:6a:2d:46:cc:2b: af:8c:61:a0:50:a2:bd:49:ed:d7:d9:50:a2:df:aa:d9: bd:d6:dd:a6:db:f6:b4:f7:59:e4:db:76:bb:99:f6:bf: 53:f4:f2:17:fd:a8:d7:84:2e:15:fe:89:ca:60:f0:5d: a2:f5:17:04:1d:7a:8b:ea:3e:89:a5:8a:1d:dc:60:3d: 10:81:59:91:ad:04:ab:b3:80:70:23:d7:05:f1:5d:85 Fingerprint (SHA-256): C5:AB:6C:04:97:33:08:E8:C1:90:44:FA:14:D9:15:53:73:5F:85:AD:A4:B4:33:09:6F:18:5A:2D:83:40:99:38 Fingerprint (SHA1): E3:A5:F8:51:26:47:16:0E:58:92:A2:66:C2:2B:9B:C7:C2:E5:44:F1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2054: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2055: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2056: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161633 (0x1ee284e1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:31:27 2015 Not After : Mon May 18 20:31:27 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:f7:13:18:83:04:4a:36:cf:c1:76:36:64:5f:ea:de: 60:c1:5d:f0:9d:3d:15:3d:fa:31:d5:b1:87:27:f3:39: db:29:e4:cf:b8:42:89:b9:4d:c3:f1:5b:0e:a8:98:68: 25:4e:71:a8:a5:e1:05:7a:bd:c7:7f:61:6f:7d:bf:88: 9a:fd:02:fd:b9:6f:65:96:fe:f6:bc:5c:fb:03:04:fc: 78:5b:a8:61:74:34:64:c4:16:81:d8:11:5a:8c:1c:c2: 42:5e:2b:73:a0:8c:f2:f5:62:0c:74:c5:ee:69:ec:bf: 39:b3:d2:bf:05:bc:21:78:84:98:51:b4:b7:26:f2:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1a:85:ea:ce:a0:4a:a2:ce:57:ec:87:c6:f0:42:08:09: c8:f1:5b:d8:64:21:9e:bc:42:65:c3:13:8e:ce:b8:db: 2c:08:07:37:99:0b:37:d2:fd:85:26:bd:17:a3:24:fd: 20:1d:e5:75:31:e4:5d:f8:0b:a7:30:cf:46:13:db:8f: 07:a7:84:0c:52:a3:bd:d9:d2:cc:d0:cb:6c:51:27:1a: b3:63:68:d7:9c:6d:c9:3f:ff:8e:8e:fa:ce:a8:dc:f6: 91:da:46:f6:87:15:c9:e0:52:c5:88:c5:d6:8c:3c:8e: 98:09:39:67:6d:09:6d:4c:1b:0a:44:1a:cb:7c:5f:03 Fingerprint (SHA-256): 12:D1:D1:4B:F1:DF:93:79:1A:1B:07:44:C9:8B:5A:63:DA:F0:18:4C:44:B7:CB:AE:28:B9:2D:09:B8:A6:5D:DC Fingerprint (SHA1): 54:BC:FA:C8:95:56:3A:25:E6:03:BF:C7:B3:EF:67:C5:37:48:7B:8D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2057: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2058: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161636 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2059: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2060: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2061: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2062: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161637 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2063: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2064: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2065: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2066: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161638 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA1Root-518161415.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2067: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2068: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2069: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2070: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518161639 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2071: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2072: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #2073: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161636 (0x1ee284e4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:31:43 2015 Not After : Mon May 18 20:31:43 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:62:78:3f:c8:7d:1f:a3:a5:65:7f:e9:99:f1:cf:e3: 4a:a6:e7:2f:08:b3:7a:72:44:34:61:ca:94:11:94:c7: dd:e4:5b:a4:10:46:0f:b9:81:b1:67:e6:a8:f3:c1:f1: 3c:84:c4:93:24:bc:aa:2b:a2:67:69:b4:be:ad:76:82: b8:26:4c:8d:5b:ca:12:88:5e:5e:72:eb:6e:87:94:00: 41:50:ff:60:d6:78:b8:ed:f0:79:7e:04:cb:b1:0a:15: b6:18:b3:bd:7d:71:84:45:a0:4e:34:b4:e4:4a:d1:bf: c2:77:0c:59:a1:a8:f4:43:fa:ea:32:c6:7c:22:e4:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:8a:8d:39:da:02:9f:6d:ba:24:5d:a1:1e:aa:17:73: 3f:a7:74:c9:7b:4e:86:4b:4d:96:a2:0e:94:a7:be:12: f9:8d:c3:15:83:72:53:d6:0d:80:dd:0b:68:fd:68:07: e0:18:14:fb:98:25:7d:3e:f6:8e:2c:bf:4f:9e:35:b8: 4b:64:a3:cf:3d:2a:2a:95:4d:8a:49:c3:81:41:2a:3e: 19:29:2e:ba:59:7a:a1:1d:eb:56:b6:b7:0c:24:05:4d: ee:f1:87:08:c3:40:3b:f4:cf:80:7e:01:55:de:01:d3: 71:9f:c6:41:32:62:6e:0f:6f:15:01:74:b2:57:f7:3f Fingerprint (SHA-256): 12:30:1B:0B:4D:AE:AA:84:96:28:97:F3:B9:15:46:8F:D4:9E:2D:D6:75:BA:4F:FC:78:19:D4:A5:0D:95:B8:8D Fingerprint (SHA1): 6E:D1:2D:78:23:22:63:9D:97:06:1C:0D:A2:81:AB:F0:FB:A0:35:FF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2074: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2075: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161640 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2076: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2077: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2078: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161641 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2079: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2080: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2081: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2082: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161642 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2083: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2084: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161643 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2085: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2086: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2087: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2088: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2089: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161644 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518161416.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2090: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2091: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2092: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2093: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161645 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2094: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2095: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2096: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2097: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161641 (0x1ee284e9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:31:59 2015 Not After : Mon May 18 20:31:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:61:2d:52:2f:97:72:01:d0:ec:fe:be:b8:0d:a6:53: 84:b7:e6:4e:b9:f6:fc:11:fb:53:02:cd:31:66:e7:92: a7:46:d3:5d:94:a5:c1:36:59:09:c3:6f:6d:37:f2:54: 54:20:e2:5c:9e:f6:6f:e0:02:38:c5:3c:d1:8c:40:a6: f1:ad:d6:c8:f1:8a:87:89:66:9c:ce:b2:51:9f:36:e2: 55:e3:0c:81:7a:62:42:a4:1b:fb:90:32:d4:3d:bd:3f: 47:06:94:8f:4c:6b:7d:c1:86:a6:c0:8f:21:2d:fa:7e: 14:9d:f1:92:82:4d:6a:6c:28:9c:d2:87:1c:e0:c9:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c4:1c:af:b5:44:fc:b3:1a:23:9d:e3:f4:0b:cc:24:9f: 97:9b:dc:d7:a3:20:4c:7a:f5:ff:7b:2d:4e:35:da:7b: 28:29:25:1f:cf:48:18:0b:0d:2e:f3:d0:5d:49:3f:b9: ac:30:fa:b6:fa:ea:d6:ff:cc:4f:99:e2:dc:ff:76:44: 5b:d6:f4:30:b7:fb:af:02:ba:eb:5f:fd:5b:fc:52:b1: 87:be:53:70:68:45:18:58:a9:47:b3:cb:bd:dd:7c:0a: 7a:7f:6a:24:85:ba:b4:b1:48:ee:7b:88:f2:88:71:9e: be:f5:d9:ea:88:5d:44:a8:da:7d:64:f8:ea:44:61:f8 Fingerprint (SHA-256): FF:E4:56:77:B1:81:F5:7F:9F:79:0B:C7:66:9D:F0:61:9D:5A:E1:41:E9:FA:F0:A8:40:E9:B5:25:48:FA:2B:C9 Fingerprint (SHA1): 04:DB:26:F1:48:62:8D:42:FB:15:E8:A1:85:AD:BC:02:85:A8:A8:EB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2098: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161641 (0x1ee284e9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:31:59 2015 Not After : Mon May 18 20:31:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:61:2d:52:2f:97:72:01:d0:ec:fe:be:b8:0d:a6:53: 84:b7:e6:4e:b9:f6:fc:11:fb:53:02:cd:31:66:e7:92: a7:46:d3:5d:94:a5:c1:36:59:09:c3:6f:6d:37:f2:54: 54:20:e2:5c:9e:f6:6f:e0:02:38:c5:3c:d1:8c:40:a6: f1:ad:d6:c8:f1:8a:87:89:66:9c:ce:b2:51:9f:36:e2: 55:e3:0c:81:7a:62:42:a4:1b:fb:90:32:d4:3d:bd:3f: 47:06:94:8f:4c:6b:7d:c1:86:a6:c0:8f:21:2d:fa:7e: 14:9d:f1:92:82:4d:6a:6c:28:9c:d2:87:1c:e0:c9:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c4:1c:af:b5:44:fc:b3:1a:23:9d:e3:f4:0b:cc:24:9f: 97:9b:dc:d7:a3:20:4c:7a:f5:ff:7b:2d:4e:35:da:7b: 28:29:25:1f:cf:48:18:0b:0d:2e:f3:d0:5d:49:3f:b9: ac:30:fa:b6:fa:ea:d6:ff:cc:4f:99:e2:dc:ff:76:44: 5b:d6:f4:30:b7:fb:af:02:ba:eb:5f:fd:5b:fc:52:b1: 87:be:53:70:68:45:18:58:a9:47:b3:cb:bd:dd:7c:0a: 7a:7f:6a:24:85:ba:b4:b1:48:ee:7b:88:f2:88:71:9e: be:f5:d9:ea:88:5d:44:a8:da:7d:64:f8:ea:44:61:f8 Fingerprint (SHA-256): FF:E4:56:77:B1:81:F5:7F:9F:79:0B:C7:66:9D:F0:61:9D:5A:E1:41:E9:FA:F0:A8:40:E9:B5:25:48:FA:2B:C9 Fingerprint (SHA1): 04:DB:26:F1:48:62:8D:42:FB:15:E8:A1:85:AD:BC:02:85:A8:A8:EB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2099: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2100: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161646 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2101: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2102: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2103: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161647 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2104: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2105: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2106: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2107: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518161648 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2108: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2109: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518161649 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2110: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2111: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2112: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2113: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2114: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161650 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518161417.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2115: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2116: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2117: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2118: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161651 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2119: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2120: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2121: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2122: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518161652 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-BridgeNavy-518161418.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2123: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2124: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2125: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2126: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161653 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2127: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2128: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2129: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2130: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161647 (0x1ee284ef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:32:17 2015 Not After : Mon May 18 20:32:17 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:9d:9a:ea:b2:e3:e8:f6:fd:bc:26:6f:0f:af:25:37: 68:d8:76:fb:42:d2:9a:0a:c1:77:22:7a:e6:7d:b9:42: 2e:4c:7a:d3:21:28:2f:fb:3a:1c:08:7c:89:a4:d1:80: 12:15:00:66:87:d9:f4:4a:71:91:93:c9:26:43:16:13: 97:d7:f1:00:48:ca:38:20:4e:eb:25:67:2d:08:ca:5b: f6:66:6f:8f:04:43:6b:e6:89:d0:61:93:1d:0c:de:cb: 35:51:38:23:75:1e:f7:d0:11:87:c8:a8:64:fa:0d:64: 58:5a:a0:e2:1f:68:e9:5b:63:ce:af:27:fa:da:d2:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:00:e5:e7:3e:5a:d8:11:9f:32:6b:ed:47:90:fc:c7: c8:8d:a9:8f:29:50:0a:bc:2d:c4:07:35:0e:c9:a5:0c: b4:89:dc:d6:28:90:1c:16:02:01:97:62:f3:4d:56:4e: 3d:1f:9b:46:f3:b1:d4:92:72:9b:c8:33:5a:03:50:a8: 4f:05:82:e0:3b:36:bc:28:df:26:cc:c4:16:35:ca:36: 45:f8:ac:95:21:40:aa:13:59:a6:90:b6:6c:99:32:24: e7:96:4a:8d:18:0e:37:26:8f:48:95:c4:e7:f6:6c:3d: 59:6f:3d:df:50:ad:32:4e:bc:df:f9:1f:43:80:ab:34 Fingerprint (SHA-256): B9:95:D1:E7:4E:F6:6B:AD:66:4C:4A:68:06:FA:50:AD:A5:00:73:0C:3B:FD:C1:E8:1D:96:95:7E:AF:35:61:3D Fingerprint (SHA1): EC:C8:DE:E6:1D:33:F2:F9:31:7A:E4:D4:11:BC:1A:BF:C4:DD:63:14 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2131: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161647 (0x1ee284ef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:32:17 2015 Not After : Mon May 18 20:32:17 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:9d:9a:ea:b2:e3:e8:f6:fd:bc:26:6f:0f:af:25:37: 68:d8:76:fb:42:d2:9a:0a:c1:77:22:7a:e6:7d:b9:42: 2e:4c:7a:d3:21:28:2f:fb:3a:1c:08:7c:89:a4:d1:80: 12:15:00:66:87:d9:f4:4a:71:91:93:c9:26:43:16:13: 97:d7:f1:00:48:ca:38:20:4e:eb:25:67:2d:08:ca:5b: f6:66:6f:8f:04:43:6b:e6:89:d0:61:93:1d:0c:de:cb: 35:51:38:23:75:1e:f7:d0:11:87:c8:a8:64:fa:0d:64: 58:5a:a0:e2:1f:68:e9:5b:63:ce:af:27:fa:da:d2:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:00:e5:e7:3e:5a:d8:11:9f:32:6b:ed:47:90:fc:c7: c8:8d:a9:8f:29:50:0a:bc:2d:c4:07:35:0e:c9:a5:0c: b4:89:dc:d6:28:90:1c:16:02:01:97:62:f3:4d:56:4e: 3d:1f:9b:46:f3:b1:d4:92:72:9b:c8:33:5a:03:50:a8: 4f:05:82:e0:3b:36:bc:28:df:26:cc:c4:16:35:ca:36: 45:f8:ac:95:21:40:aa:13:59:a6:90:b6:6c:99:32:24: e7:96:4a:8d:18:0e:37:26:8f:48:95:c4:e7:f6:6c:3d: 59:6f:3d:df:50:ad:32:4e:bc:df:f9:1f:43:80:ab:34 Fingerprint (SHA-256): B9:95:D1:E7:4E:F6:6B:AD:66:4C:4A:68:06:FA:50:AD:A5:00:73:0C:3B:FD:C1:E8:1D:96:95:7E:AF:35:61:3D Fingerprint (SHA1): EC:C8:DE:E6:1D:33:F2:F9:31:7A:E4:D4:11:BC:1A:BF:C4:DD:63:14 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2132: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #2133: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161646 (0x1ee284ee) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:32:15 2015 Not After : Mon May 18 20:32:15 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:76:1c:e2:1b:79:c0:7b:db:f9:49:0d:73:4b:18:a9: 2c:27:f7:0d:63:de:62:b9:9a:52:7c:6e:07:33:63:ce: a7:60:0f:d3:af:22:b8:5e:65:50:4b:4a:73:3a:77:47: 99:b2:83:3a:ea:07:62:cd:22:ad:17:b1:7e:b5:1f:fd: 3b:11:81:cd:f8:1f:42:52:96:f9:b8:c5:fb:75:e2:99: c7:80:ac:26:4b:6f:b2:b7:53:78:dc:44:7a:a7:90:9c: f1:7e:00:a4:0c:06:2a:a6:f9:56:32:53:b3:4d:9c:41: 7d:a4:e6:cc:60:9a:42:c3:65:24:f3:0f:96:61:ef:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:43:fd:c2:ca:ac:74:36:49:52:4a:60:44:95:e0:b0: 4b:ea:82:93:ed:c1:dc:8f:80:ee:82:f9:1e:ce:e6:bc: c2:93:6f:4b:ed:5d:3b:c3:35:df:af:22:32:ce:49:28: da:47:b7:13:ec:30:ab:73:b0:55:03:c9:33:4b:18:20: c6:37:95:ea:03:b9:63:24:8f:43:36:90:e4:1a:36:69: 47:ef:4d:f4:97:36:88:09:04:c3:43:4c:a9:f3:cf:51: a2:de:5b:35:f4:68:46:9c:10:2c:83:88:e4:5b:69:45: 0f:e6:79:4b:1a:81:e4:f6:ee:65:91:19:0a:3e:27:14 Fingerprint (SHA-256): BE:A1:00:96:04:3E:9F:94:4F:BB:11:C4:11:6F:B8:9F:0F:3D:57:AC:D3:00:10:45:EA:3A:3F:0E:DD:28:6D:CE Fingerprint (SHA1): 79:ED:C9:61:EA:0D:A5:AE:83:38:E0:22:D6:30:DC:83:1E:31:33:65 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2134: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161647 (0x1ee284ef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:32:17 2015 Not After : Mon May 18 20:32:17 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:9d:9a:ea:b2:e3:e8:f6:fd:bc:26:6f:0f:af:25:37: 68:d8:76:fb:42:d2:9a:0a:c1:77:22:7a:e6:7d:b9:42: 2e:4c:7a:d3:21:28:2f:fb:3a:1c:08:7c:89:a4:d1:80: 12:15:00:66:87:d9:f4:4a:71:91:93:c9:26:43:16:13: 97:d7:f1:00:48:ca:38:20:4e:eb:25:67:2d:08:ca:5b: f6:66:6f:8f:04:43:6b:e6:89:d0:61:93:1d:0c:de:cb: 35:51:38:23:75:1e:f7:d0:11:87:c8:a8:64:fa:0d:64: 58:5a:a0:e2:1f:68:e9:5b:63:ce:af:27:fa:da:d2:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:00:e5:e7:3e:5a:d8:11:9f:32:6b:ed:47:90:fc:c7: c8:8d:a9:8f:29:50:0a:bc:2d:c4:07:35:0e:c9:a5:0c: b4:89:dc:d6:28:90:1c:16:02:01:97:62:f3:4d:56:4e: 3d:1f:9b:46:f3:b1:d4:92:72:9b:c8:33:5a:03:50:a8: 4f:05:82:e0:3b:36:bc:28:df:26:cc:c4:16:35:ca:36: 45:f8:ac:95:21:40:aa:13:59:a6:90:b6:6c:99:32:24: e7:96:4a:8d:18:0e:37:26:8f:48:95:c4:e7:f6:6c:3d: 59:6f:3d:df:50:ad:32:4e:bc:df:f9:1f:43:80:ab:34 Fingerprint (SHA-256): B9:95:D1:E7:4E:F6:6B:AD:66:4C:4A:68:06:FA:50:AD:A5:00:73:0C:3B:FD:C1:E8:1D:96:95:7E:AF:35:61:3D Fingerprint (SHA1): EC:C8:DE:E6:1D:33:F2:F9:31:7A:E4:D4:11:BC:1A:BF:C4:DD:63:14 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2135: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161647 (0x1ee284ef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:32:17 2015 Not After : Mon May 18 20:32:17 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:9d:9a:ea:b2:e3:e8:f6:fd:bc:26:6f:0f:af:25:37: 68:d8:76:fb:42:d2:9a:0a:c1:77:22:7a:e6:7d:b9:42: 2e:4c:7a:d3:21:28:2f:fb:3a:1c:08:7c:89:a4:d1:80: 12:15:00:66:87:d9:f4:4a:71:91:93:c9:26:43:16:13: 97:d7:f1:00:48:ca:38:20:4e:eb:25:67:2d:08:ca:5b: f6:66:6f:8f:04:43:6b:e6:89:d0:61:93:1d:0c:de:cb: 35:51:38:23:75:1e:f7:d0:11:87:c8:a8:64:fa:0d:64: 58:5a:a0:e2:1f:68:e9:5b:63:ce:af:27:fa:da:d2:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:00:e5:e7:3e:5a:d8:11:9f:32:6b:ed:47:90:fc:c7: c8:8d:a9:8f:29:50:0a:bc:2d:c4:07:35:0e:c9:a5:0c: b4:89:dc:d6:28:90:1c:16:02:01:97:62:f3:4d:56:4e: 3d:1f:9b:46:f3:b1:d4:92:72:9b:c8:33:5a:03:50:a8: 4f:05:82:e0:3b:36:bc:28:df:26:cc:c4:16:35:ca:36: 45:f8:ac:95:21:40:aa:13:59:a6:90:b6:6c:99:32:24: e7:96:4a:8d:18:0e:37:26:8f:48:95:c4:e7:f6:6c:3d: 59:6f:3d:df:50:ad:32:4e:bc:df:f9:1f:43:80:ab:34 Fingerprint (SHA-256): B9:95:D1:E7:4E:F6:6B:AD:66:4C:4A:68:06:FA:50:AD:A5:00:73:0C:3B:FD:C1:E8:1D:96:95:7E:AF:35:61:3D Fingerprint (SHA1): EC:C8:DE:E6:1D:33:F2:F9:31:7A:E4:D4:11:BC:1A:BF:C4:DD:63:14 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2136: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2137: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161654 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2138: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2139: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2140: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161655 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2141: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2142: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #2143: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2144: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518161656 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2145: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2146: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #2147: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2148: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518161657 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2149: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2150: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2151: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2152: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518161658 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2153: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2154: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518161659 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2155: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2156: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #2157: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2158: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2159: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518161660 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2160: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2161: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2162: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2163: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518161661 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2164: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2165: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2166: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2167: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161662 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2168: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2169: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2170: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2171: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161663 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2172: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2173: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2174: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161654 (0x1ee284f6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:32:44 2015 Not After : Mon May 18 20:32:44 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:71:4d:fe:77:8a:7a:f3:d5:2f:2c:74:a9:d1:ba:c6: e7:23:4d:1a:8e:6e:f0:a9:cd:99:6a:7c:6c:da:77:af: a3:b7:0d:ed:35:77:67:b5:9d:22:17:c8:92:61:e5:88: 7f:77:ee:27:d2:bb:49:db:0d:47:2c:aa:b0:c0:37:bf: ca:4d:c7:b5:ea:35:4b:8a:bb:68:fe:04:7c:b7:a7:07: d2:0a:81:79:ab:bd:f5:6d:e5:14:eb:7a:31:cf:1d:d9: 28:8f:be:f6:cb:64:b1:24:c6:a7:7e:8c:10:66:20:ce: c5:5b:db:ed:9d:2b:dc:0a:f3:6b:0b:de:78:77:46:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c6:5a:3c:8a:9b:e6:4d:d7:b2:50:85:49:f9:b7:8d:0e: 79:94:c0:ce:d2:71:fe:7e:cf:e7:ad:02:16:db:e8:02: 9d:6d:f5:16:f2:3f:58:fe:b8:0b:43:d3:37:91:09:d5: ed:ec:8a:69:5c:ce:1a:16:4f:e2:af:bb:35:4c:d6:4e: fd:14:67:56:ae:63:15:f3:dd:2b:ca:d9:57:dd:52:ff: f9:d1:db:e5:28:b8:a0:34:26:d0:25:8e:42:75:e8:98: 1b:3d:2b:26:f8:ec:8b:88:43:43:b3:0e:86:f3:fb:05: 1d:e0:e3:d5:b9:59:85:a1:d9:80:0e:c1:0a:6a:df:13 Fingerprint (SHA-256): B5:76:EE:FE:54:BA:48:B8:36:BE:AD:F3:85:05:67:CD:23:8C:57:BB:21:EF:E3:6C:F3:EB:86:00:5F:47:AB:09 Fingerprint (SHA1): E2:47:09:81:A3:9A:A2:EB:84:8A:33:58:F4:7B:AC:AA:C6:EF:87:8A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #2175: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2176: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2177: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2178: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2179: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2180: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2181: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2182: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2183: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161655 (0x1ee284f7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:32:46 2015 Not After : Mon May 18 20:32:46 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:4b:e5:f8:b4:1b:c4:70:90:d4:1e:49:b4:bd:bb:ea: 8c:af:b8:67:f2:86:b3:11:b1:2a:7a:74:67:2a:bc:40: f5:52:5e:29:73:83:74:47:e8:37:c8:db:35:48:d5:1f: 42:08:45:4c:30:84:34:9e:c6:16:62:88:73:96:d5:f3: 3c:40:17:a5:b5:86:4c:c2:b7:9e:24:a7:d6:6e:9a:12: 23:0c:01:b3:28:75:34:a1:ba:c1:41:af:91:07:d1:5b: e9:1f:ff:c8:32:72:48:f3:68:10:bc:55:01:30:37:5b: cb:f6:0b:87:27:40:c1:fb:37:ef:b5:7f:0f:6d:e9:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 22:b2:e4:6b:81:4f:63:bb:aa:5a:99:a6:06:cd:65:7a: 4c:05:91:36:ac:e4:09:61:c3:ee:bf:45:00:79:8a:75: cc:93:80:7e:9f:99:8b:7e:6a:66:14:2f:3c:5d:f1:d3: 46:39:09:e7:e9:00:ac:f4:da:c4:48:ec:94:a6:b2:65: dc:77:c8:5c:67:3d:1e:62:4d:09:73:8e:8c:16:50:37: a1:1f:82:cb:f7:83:76:c3:48:21:2b:06:18:3e:8e:73: bc:99:42:24:8d:7b:ca:83:69:a7:96:66:ea:08:56:7e: 9f:bd:ca:2e:15:e5:ea:8f:ef:10:9a:c0:90:8c:3f:76 Fingerprint (SHA-256): C8:AD:0F:09:28:A9:22:ED:97:99:2A:B3:9B:54:1A:02:8F:FD:5D:CB:F7:96:37:B9:6B:56:84:D4:AA:CC:00:E7 Fingerprint (SHA1): 92:70:0A:12:BE:41:88:92:79:A8:69:2E:01:A0:38:E7:85:DB:F3:0A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #2184: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2185: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2186: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2187: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2188: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2189: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2190: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #2191: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #2192: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #2193: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #2194: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #2195: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #2196: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #2197: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2198: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2199: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2200: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2201: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2202: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161664 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2203: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2204: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2205: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2206: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518161665 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2207: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2208: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2209: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2210: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518161666 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2211: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2212: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2213: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2214: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518161667 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2215: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2216: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2217: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2218: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518161668 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2219: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2220: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2221: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2222: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518161669 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2223: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2224: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #2225: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2226: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518161670 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2227: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2228: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #2229: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2230: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518161671 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2231: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2232: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #2233: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2234: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518161672 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2235: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2236: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2237: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161664 (0x1ee28500) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:30 2015 Not After : Mon May 18 20:33:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 59:3f:49:57:79:4f:84:4e:60:fd:61:ab:ec:20:5e:be: 83:da:3a:53:a5:cf:2c:33:2c:83:b2:0f:c9:9f:08:7e: 03:10:a5:cb:1b:7f:e8:3c:15:1c:83:df:1e:47:bf:66: 39:db:29:19:2d:8d:c2:93:94:f1:7c:04:61:e4:71:df: 80:e3:4b:de:aa:fc:55:99:c7:13:c4:e9:53:7a:b2:a0: 73:39:63:39:41:ab:e6:e3:76:85:b3:08:1c:c0:c5:06: 99:27:bc:df:0d:60:6a:aa:0d:a6:dd:1d:93:a6:4d:af: 7a:64:f6:5c:ec:69:b5:50:e7:85:35:0b:10:ac:e0:ca Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:b3:5e:94:4c:ae:75:87:07:ae:73:ea: ce:0d:61:6d:d0:62:b1:dc:1f:02:14:53:cf:ec:0f:8f: c6:5f:eb:d6:94:4a:5e:2f:89:de:c6:67:45:32:78 Fingerprint (SHA-256): A7:49:CA:17:84:5B:97:D8:35:64:B7:7E:4C:98:32:50:04:35:A5:7D:05:57:78:3E:17:D2:16:2D:12:EA:BE:C0 Fingerprint (SHA1): D6:34:7B:0C:A8:2D:F5:33:BF:ED:76:C8:6E:7D:51:63:3B:54:D8:4A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2238: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161664 (0x1ee28500) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:30 2015 Not After : Mon May 18 20:33:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 59:3f:49:57:79:4f:84:4e:60:fd:61:ab:ec:20:5e:be: 83:da:3a:53:a5:cf:2c:33:2c:83:b2:0f:c9:9f:08:7e: 03:10:a5:cb:1b:7f:e8:3c:15:1c:83:df:1e:47:bf:66: 39:db:29:19:2d:8d:c2:93:94:f1:7c:04:61:e4:71:df: 80:e3:4b:de:aa:fc:55:99:c7:13:c4:e9:53:7a:b2:a0: 73:39:63:39:41:ab:e6:e3:76:85:b3:08:1c:c0:c5:06: 99:27:bc:df:0d:60:6a:aa:0d:a6:dd:1d:93:a6:4d:af: 7a:64:f6:5c:ec:69:b5:50:e7:85:35:0b:10:ac:e0:ca Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:b3:5e:94:4c:ae:75:87:07:ae:73:ea: ce:0d:61:6d:d0:62:b1:dc:1f:02:14:53:cf:ec:0f:8f: c6:5f:eb:d6:94:4a:5e:2f:89:de:c6:67:45:32:78 Fingerprint (SHA-256): A7:49:CA:17:84:5B:97:D8:35:64:B7:7E:4C:98:32:50:04:35:A5:7D:05:57:78:3E:17:D2:16:2D:12:EA:BE:C0 Fingerprint (SHA1): D6:34:7B:0C:A8:2D:F5:33:BF:ED:76:C8:6E:7D:51:63:3B:54:D8:4A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2239: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161664 (0x1ee28500) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:30 2015 Not After : Mon May 18 20:33:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 59:3f:49:57:79:4f:84:4e:60:fd:61:ab:ec:20:5e:be: 83:da:3a:53:a5:cf:2c:33:2c:83:b2:0f:c9:9f:08:7e: 03:10:a5:cb:1b:7f:e8:3c:15:1c:83:df:1e:47:bf:66: 39:db:29:19:2d:8d:c2:93:94:f1:7c:04:61:e4:71:df: 80:e3:4b:de:aa:fc:55:99:c7:13:c4:e9:53:7a:b2:a0: 73:39:63:39:41:ab:e6:e3:76:85:b3:08:1c:c0:c5:06: 99:27:bc:df:0d:60:6a:aa:0d:a6:dd:1d:93:a6:4d:af: 7a:64:f6:5c:ec:69:b5:50:e7:85:35:0b:10:ac:e0:ca Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:b3:5e:94:4c:ae:75:87:07:ae:73:ea: ce:0d:61:6d:d0:62:b1:dc:1f:02:14:53:cf:ec:0f:8f: c6:5f:eb:d6:94:4a:5e:2f:89:de:c6:67:45:32:78 Fingerprint (SHA-256): A7:49:CA:17:84:5B:97:D8:35:64:B7:7E:4C:98:32:50:04:35:A5:7D:05:57:78:3E:17:D2:16:2D:12:EA:BE:C0 Fingerprint (SHA1): D6:34:7B:0C:A8:2D:F5:33:BF:ED:76:C8:6E:7D:51:63:3B:54:D8:4A Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2240: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161664 (0x1ee28500) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:30 2015 Not After : Mon May 18 20:33:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 59:3f:49:57:79:4f:84:4e:60:fd:61:ab:ec:20:5e:be: 83:da:3a:53:a5:cf:2c:33:2c:83:b2:0f:c9:9f:08:7e: 03:10:a5:cb:1b:7f:e8:3c:15:1c:83:df:1e:47:bf:66: 39:db:29:19:2d:8d:c2:93:94:f1:7c:04:61:e4:71:df: 80:e3:4b:de:aa:fc:55:99:c7:13:c4:e9:53:7a:b2:a0: 73:39:63:39:41:ab:e6:e3:76:85:b3:08:1c:c0:c5:06: 99:27:bc:df:0d:60:6a:aa:0d:a6:dd:1d:93:a6:4d:af: 7a:64:f6:5c:ec:69:b5:50:e7:85:35:0b:10:ac:e0:ca Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:b3:5e:94:4c:ae:75:87:07:ae:73:ea: ce:0d:61:6d:d0:62:b1:dc:1f:02:14:53:cf:ec:0f:8f: c6:5f:eb:d6:94:4a:5e:2f:89:de:c6:67:45:32:78 Fingerprint (SHA-256): A7:49:CA:17:84:5B:97:D8:35:64:B7:7E:4C:98:32:50:04:35:A5:7D:05:57:78:3E:17:D2:16:2D:12:EA:BE:C0 Fingerprint (SHA1): D6:34:7B:0C:A8:2D:F5:33:BF:ED:76:C8:6E:7D:51:63:3B:54:D8:4A Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #2241: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2242: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2243: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2244: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2245: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2246: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2247: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2248: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2249: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2250: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2251: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2252: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2253: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2254: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2255: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2256: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #2257: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2258: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2259: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2260: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2261: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2262: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2263: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2264: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2265: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2266: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2267: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2268: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518203423Z nextupdate=20160518203423Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:34:23 2015 Next Update: Wed May 18 20:34:23 2016 CRL Extensions: chains.sh: #2269: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518203424Z nextupdate=20160518203424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:34:24 2015 Next Update: Wed May 18 20:34:24 2016 CRL Extensions: chains.sh: #2270: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518203424Z nextupdate=20160518203424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:34:24 2015 Next Update: Wed May 18 20:34:24 2016 CRL Extensions: chains.sh: #2271: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518203425Z nextupdate=20160518203425Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:34:25 2015 Next Update: Wed May 18 20:34:25 2016 CRL Extensions: chains.sh: #2272: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518203426Z addcert 14 20150518203426Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:34:26 2015 Next Update: Wed May 18 20:34:24 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 20:34:26 2015 CRL Extensions: chains.sh: #2273: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518203427Z addcert 15 20150518203427Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:34:27 2015 Next Update: Wed May 18 20:34:24 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 20:34:27 2015 CRL Extensions: chains.sh: #2274: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2275: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2276: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2277: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #2278: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #2279: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #2280: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #2281: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #2282: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #2283: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:59 2015 Not After : Mon May 18 20:33:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:aa:d5:a0:b5:ca:b5:47:e9:cc:ef:9b:1f:57:8a:08: bf:65:ef:5d:17:5f:ee:94:12:48:b6:ea:21:c7:b4:eb: d2:29:00:00:1c:54:48:ae:11:20:84:e8:e6:63:29:b2: fd:1e:e1:af:97:13:d8:17:9f:44:7f:4d:77:6f:05:cb: 8c:e2:33:7e:2d:9f:bb:06:3e:61:d2:ed:da:44:93:7e: 81:64:fe:2d:5f:19:28:65:a4:df:84:d9:29:91:57:2d: 0b:85:59:1a:3a:5d:bb:50:cf:4c:77:b5:0a:24:3c:7c: ca:9b:78:25:da:e1:61:9e:c7:2a:9b:14:3c:d4:60:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 69:50:9b:c4:b1:38:a4:30:ea:fc:6d:37:c5:3f:31:d7: cf:a6:ee:ae:06:75:ca:e4:f4:e6:54:54:53:5e:47:ff: 8a:b7:ff:38:c9:5a:ef:45:a4:e2:d9:95:99:88:ef:4b: 97:70:32:c1:31:ab:95:88:ba:b8:c6:b1:f3:97:bd:f1: 03:dd:e9:81:94:88:a8:62:c6:93:b3:07:6f:6a:72:ca: 28:2e:94:31:b2:33:4f:8b:3a:14:2f:2e:4a:87:59:b5: 1a:8d:9c:d6:c4:5f:88:4b:29:8c:1c:98:f5:f1:32:2a: b9:c5:9c:7a:11:49:5c:2c:3d:99:16:74:90:58:c6:f5 Fingerprint (SHA-256): 97:53:A1:A7:6F:F4:B7:FF:31:31:65:87:3A:AC:D4:78:97:EC:7F:50:22:DF:45:02:3B:AC:4A:16:B5:FB:05:32 Fingerprint (SHA1): 74:C7:1D:A0:2D:EB:CC:98:56:59:53:41:2A:05:20:EB:1C:EA:75:2D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2284: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2285: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:33:59 2015 Not After : Mon May 18 20:33:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:aa:d5:a0:b5:ca:b5:47:e9:cc:ef:9b:1f:57:8a:08: bf:65:ef:5d:17:5f:ee:94:12:48:b6:ea:21:c7:b4:eb: d2:29:00:00:1c:54:48:ae:11:20:84:e8:e6:63:29:b2: fd:1e:e1:af:97:13:d8:17:9f:44:7f:4d:77:6f:05:cb: 8c:e2:33:7e:2d:9f:bb:06:3e:61:d2:ed:da:44:93:7e: 81:64:fe:2d:5f:19:28:65:a4:df:84:d9:29:91:57:2d: 0b:85:59:1a:3a:5d:bb:50:cf:4c:77:b5:0a:24:3c:7c: ca:9b:78:25:da:e1:61:9e:c7:2a:9b:14:3c:d4:60:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 69:50:9b:c4:b1:38:a4:30:ea:fc:6d:37:c5:3f:31:d7: cf:a6:ee:ae:06:75:ca:e4:f4:e6:54:54:53:5e:47:ff: 8a:b7:ff:38:c9:5a:ef:45:a4:e2:d9:95:99:88:ef:4b: 97:70:32:c1:31:ab:95:88:ba:b8:c6:b1:f3:97:bd:f1: 03:dd:e9:81:94:88:a8:62:c6:93:b3:07:6f:6a:72:ca: 28:2e:94:31:b2:33:4f:8b:3a:14:2f:2e:4a:87:59:b5: 1a:8d:9c:d6:c4:5f:88:4b:29:8c:1c:98:f5:f1:32:2a: b9:c5:9c:7a:11:49:5c:2c:3d:99:16:74:90:58:c6:f5 Fingerprint (SHA-256): 97:53:A1:A7:6F:F4:B7:FF:31:31:65:87:3A:AC:D4:78:97:EC:7F:50:22:DF:45:02:3B:AC:4A:16:B5:FB:05:32 Fingerprint (SHA1): 74:C7:1D:A0:2D:EB:CC:98:56:59:53:41:2A:05:20:EB:1C:EA:75:2D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2286: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2287: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2288: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161673 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2289: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2290: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2291: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2292: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518161674 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2293: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2294: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2295: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161445.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2296: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161419.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2297: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2298: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2299: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161445.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2300: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518161675 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2301: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2302: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2303: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161445.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2304: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161420.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2305: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2306: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2307: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2308: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518161676 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2309: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2310: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2311: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161445.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2312: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161421.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2313: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2314: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2315: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518161445.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2316: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518161422.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2317: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2318: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518203500Z nextupdate=20160518203500Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:35:00 2015 Next Update: Wed May 18 20:35:00 2016 CRL Extensions: chains.sh: #2319: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518203501Z nextupdate=20160518203501Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:35:01 2015 Next Update: Wed May 18 20:35:01 2016 CRL Extensions: chains.sh: #2320: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518203501Z nextupdate=20160518203501Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:35:01 2015 Next Update: Wed May 18 20:35:01 2016 CRL Extensions: chains.sh: #2321: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518203502Z nextupdate=20160518203502Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:35:02 2015 Next Update: Wed May 18 20:35:02 2016 CRL Extensions: chains.sh: #2322: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518203503Z addcert 20 20150518203503Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:35:03 2015 Next Update: Wed May 18 20:35:01 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:35:03 2015 CRL Extensions: chains.sh: #2323: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518203504Z addcert 40 20150518203504Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:35:04 2015 Next Update: Wed May 18 20:35:01 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:35:03 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 20:35:04 2015 CRL Extensions: chains.sh: #2324: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2325: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2326: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2327: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161673 (0x1ee28509) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:34:37 2015 Not After : Mon May 18 20:34:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:0b:7f:27:83:27:bd:0b:b1:72:e3:15:d7:d2:b3:97: 17:b8:d7:01:85:87:4c:bd:89:35:5e:5d:2d:b4:61:c2: 55:3a:57:56:3c:0a:a7:40:aa:b0:53:ae:cc:a9:93:24: d1:85:a7:98:02:36:52:fa:8d:1d:a0:1f:01:a9:ab:a5: 97:1e:7d:2f:66:8c:e1:8c:92:ab:4e:c1:a6:38:bc:69: fb:6b:2b:0b:93:dc:75:c5:99:25:c8:a2:c4:90:c9:5b: 94:d1:40:23:7e:9b:d8:14:dc:2b:a0:b2:48:8a:87:80: a9:e5:50:6b:f2:aa:f9:94:5f:7a:a5:21:b5:bb:69:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:1c:3c:6b:ec:c4:7c:39:28:c1:0e:0d:87:26:3e: 5b:ab:e2:c4:0f:ff:1b:32:83:09:9a:4b:90:39:fd:44: 12:a0:8a:9b:21:b3:c3:6c:80:43:16:88:ec:2b:b5:56: b5:e4:d1:ca:8d:78:80:85:12:a6:43:ab:70:cf:4d:7d: dd:eb:d4:07:91:0b:af:08:d2:65:11:18:dd:e2:00:b2: a4:6d:ca:27:74:4d:fb:8f:13:d9:d1:da:de:0b:f9:1d: 4d:d3:a0:36:cb:31:8e:fd:05:20:64:b2:ed:94:0a:f4: 4b:38:3d:34:39:ea:94:24:db:66:cc:7e:59:1e:85:68 Fingerprint (SHA-256): 8D:68:9B:5E:35:9C:A0:8C:FD:AC:5E:9D:CC:BA:1F:22:69:79:D4:86:4A:C0:37:FD:F5:7B:95:B5:5C:6B:80:96 Fingerprint (SHA1): 33:82:18:63:CB:F1:B8:CA:2C:81:5D:1B:97:E2:0E:A3:3C:90:AA:92 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2328: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2329: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161673 (0x1ee28509) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:34:37 2015 Not After : Mon May 18 20:34:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:0b:7f:27:83:27:bd:0b:b1:72:e3:15:d7:d2:b3:97: 17:b8:d7:01:85:87:4c:bd:89:35:5e:5d:2d:b4:61:c2: 55:3a:57:56:3c:0a:a7:40:aa:b0:53:ae:cc:a9:93:24: d1:85:a7:98:02:36:52:fa:8d:1d:a0:1f:01:a9:ab:a5: 97:1e:7d:2f:66:8c:e1:8c:92:ab:4e:c1:a6:38:bc:69: fb:6b:2b:0b:93:dc:75:c5:99:25:c8:a2:c4:90:c9:5b: 94:d1:40:23:7e:9b:d8:14:dc:2b:a0:b2:48:8a:87:80: a9:e5:50:6b:f2:aa:f9:94:5f:7a:a5:21:b5:bb:69:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:8e:1c:3c:6b:ec:c4:7c:39:28:c1:0e:0d:87:26:3e: 5b:ab:e2:c4:0f:ff:1b:32:83:09:9a:4b:90:39:fd:44: 12:a0:8a:9b:21:b3:c3:6c:80:43:16:88:ec:2b:b5:56: b5:e4:d1:ca:8d:78:80:85:12:a6:43:ab:70:cf:4d:7d: dd:eb:d4:07:91:0b:af:08:d2:65:11:18:dd:e2:00:b2: a4:6d:ca:27:74:4d:fb:8f:13:d9:d1:da:de:0b:f9:1d: 4d:d3:a0:36:cb:31:8e:fd:05:20:64:b2:ed:94:0a:f4: 4b:38:3d:34:39:ea:94:24:db:66:cc:7e:59:1e:85:68 Fingerprint (SHA-256): 8D:68:9B:5E:35:9C:A0:8C:FD:AC:5E:9D:CC:BA:1F:22:69:79:D4:86:4A:C0:37:FD:F5:7B:95:B5:5C:6B:80:96 Fingerprint (SHA1): 33:82:18:63:CB:F1:B8:CA:2C:81:5D:1B:97:E2:0E:A3:3C:90:AA:92 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2330: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2331: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #2332: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161677 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2333: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #2334: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2335: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2336: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518161678 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2337: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2338: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2339: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2340: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518161679 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2341: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2342: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2343: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2344: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518161680 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2345: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2346: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #2347: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518161681 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2348: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #2349: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #2350: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2351: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518161682 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2352: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2353: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2354: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2355: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518161683 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2356: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2357: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #2358: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #2359: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #2360: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161677 (0x1ee2850d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:35:11 2015 Not After : Mon May 18 20:35:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:1a:4e:3d:da:1d:41:27:2f:dd:79:57:bf:41:a5:98: 3b:dc:1b:42:80:b7:4b:9d:2d:64:8e:00:bc:9e:7a:8d: f0:67:76:29:ae:c0:94:f5:4e:4d:e6:71:d1:ec:28:11: 4f:8f:33:ab:d3:2c:b8:19:ac:70:68:7f:8c:8f:48:7f: ee:70:ec:83:1b:d0:e9:4f:06:ec:70:5e:a0:23:71:a5: c9:cc:53:a2:a4:50:e7:e4:40:18:7e:fb:29:22:2e:3a: 93:cc:6f:f0:1d:61:da:e8:73:2a:1c:3f:b4:05:83:68: e7:3e:d9:85:7f:27:82:1c:6a:ec:53:e2:e4:aa:26:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: af:6f:99:8c:49:27:f5:f8:30:b5:25:1c:02:ca:ff:ca: c3:bb:03:8d:33:f8:e9:be:b5:e9:b0:ec:ca:2a:0d:e0: 41:bc:94:3c:4b:36:78:69:a8:e7:aa:03:99:50:6a:66: 7b:ea:1b:07:7d:4f:4d:ab:74:b7:4b:41:8b:36:a6:e5: fc:d9:bc:8e:6a:13:18:cc:1c:1a:72:2c:f7:04:6c:b6: 21:89:b3:84:bb:14:0d:78:de:1b:01:bd:b2:ab:2e:29: e6:67:7e:25:5d:71:1b:7d:70:ee:ad:ef:a3:86:51:b0: e2:0f:cc:70:e1:83:cd:67:c3:61:df:26:3e:32:b4:93 Fingerprint (SHA-256): D2:69:B5:7D:03:0F:F9:E7:08:87:F6:3A:F2:31:15:8B:F9:D2:BF:15:71:21:0D:79:5A:7E:FA:99:8A:7F:F0:0B Fingerprint (SHA1): 67:A0:03:44:87:06:0C:FB:31:F3:5D:5E:61:85:49:52:59:4F:D0:DE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2361: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161679 (0x1ee2850f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:35:17 2015 Not After : Mon May 18 20:35:17 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:a5:44:05:e5:3b:a6:cf:da:81:c5:83:f6:17:00:5d: 9f:8f:27:66:1f:ce:41:56:6a:c8:dc:3d:07:e4:a1:60: 1e:e1:f5:c8:7f:d9:0d:d4:02:76:98:ea:2e:7c:d5:0e: 03:c5:8f:73:d1:6b:a4:40:75:36:f2:ed:83:26:43:fb: b4:43:bd:ac:dd:2b:df:f8:a3:51:e9:73:5a:2f:ff:09: 7d:87:91:ce:42:50:1f:90:b9:16:d0:e9:2c:c6:c5:f3: b7:7a:b6:41:18:f4:a4:04:07:d4:7d:29:97:b9:f5:cc: f5:28:cc:58:cd:6e:40:a3:18:af:d1:94:b2:4c:80:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:5d:3f:88:fd:d0:e3:62:67:41:34:c1:1d:69:0a:98: 12:c5:40:ca:11:2a:4c:48:70:aa:83:14:a9:da:44:6b: 91:c8:69:31:78:b2:b3:4c:da:2d:66:54:fe:e9:80:30: 3c:3a:6f:9b:83:63:26:bc:7b:b0:86:2f:63:3d:ff:65: da:f3:ee:77:f1:b8:b4:94:19:d7:21:8f:82:72:31:ee: 74:48:7a:72:88:cb:6d:18:39:e3:fb:41:c6:4b:c2:cb: 45:d0:21:63:f3:33:f2:ae:be:e6:76:0e:4a:97:8f:78: 6e:5b:24:15:da:8f:a6:12:e7:57:99:b8:4b:3d:26:f1 Fingerprint (SHA-256): 14:BE:EC:AF:E4:CD:A1:44:A2:50:65:69:B3:8D:18:F3:62:1F:A9:66:C0:19:F4:A1:24:66:F8:2A:42:C2:E2:D6 Fingerprint (SHA1): 5C:94:E5:DD:19:85:90:AD:3B:36:25:25:87:61:2B:C1:A4:9E:A5:C1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2362: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161677 (0x1ee2850d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:35:11 2015 Not After : Mon May 18 20:35:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:1a:4e:3d:da:1d:41:27:2f:dd:79:57:bf:41:a5:98: 3b:dc:1b:42:80:b7:4b:9d:2d:64:8e:00:bc:9e:7a:8d: f0:67:76:29:ae:c0:94:f5:4e:4d:e6:71:d1:ec:28:11: 4f:8f:33:ab:d3:2c:b8:19:ac:70:68:7f:8c:8f:48:7f: ee:70:ec:83:1b:d0:e9:4f:06:ec:70:5e:a0:23:71:a5: c9:cc:53:a2:a4:50:e7:e4:40:18:7e:fb:29:22:2e:3a: 93:cc:6f:f0:1d:61:da:e8:73:2a:1c:3f:b4:05:83:68: e7:3e:d9:85:7f:27:82:1c:6a:ec:53:e2:e4:aa:26:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: af:6f:99:8c:49:27:f5:f8:30:b5:25:1c:02:ca:ff:ca: c3:bb:03:8d:33:f8:e9:be:b5:e9:b0:ec:ca:2a:0d:e0: 41:bc:94:3c:4b:36:78:69:a8:e7:aa:03:99:50:6a:66: 7b:ea:1b:07:7d:4f:4d:ab:74:b7:4b:41:8b:36:a6:e5: fc:d9:bc:8e:6a:13:18:cc:1c:1a:72:2c:f7:04:6c:b6: 21:89:b3:84:bb:14:0d:78:de:1b:01:bd:b2:ab:2e:29: e6:67:7e:25:5d:71:1b:7d:70:ee:ad:ef:a3:86:51:b0: e2:0f:cc:70:e1:83:cd:67:c3:61:df:26:3e:32:b4:93 Fingerprint (SHA-256): D2:69:B5:7D:03:0F:F9:E7:08:87:F6:3A:F2:31:15:8B:F9:D2:BF:15:71:21:0D:79:5A:7E:FA:99:8A:7F:F0:0B Fingerprint (SHA1): 67:A0:03:44:87:06:0C:FB:31:F3:5D:5E:61:85:49:52:59:4F:D0:DE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2363: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #2364: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161677 (0x1ee2850d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:35:11 2015 Not After : Mon May 18 20:35:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:1a:4e:3d:da:1d:41:27:2f:dd:79:57:bf:41:a5:98: 3b:dc:1b:42:80:b7:4b:9d:2d:64:8e:00:bc:9e:7a:8d: f0:67:76:29:ae:c0:94:f5:4e:4d:e6:71:d1:ec:28:11: 4f:8f:33:ab:d3:2c:b8:19:ac:70:68:7f:8c:8f:48:7f: ee:70:ec:83:1b:d0:e9:4f:06:ec:70:5e:a0:23:71:a5: c9:cc:53:a2:a4:50:e7:e4:40:18:7e:fb:29:22:2e:3a: 93:cc:6f:f0:1d:61:da:e8:73:2a:1c:3f:b4:05:83:68: e7:3e:d9:85:7f:27:82:1c:6a:ec:53:e2:e4:aa:26:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: af:6f:99:8c:49:27:f5:f8:30:b5:25:1c:02:ca:ff:ca: c3:bb:03:8d:33:f8:e9:be:b5:e9:b0:ec:ca:2a:0d:e0: 41:bc:94:3c:4b:36:78:69:a8:e7:aa:03:99:50:6a:66: 7b:ea:1b:07:7d:4f:4d:ab:74:b7:4b:41:8b:36:a6:e5: fc:d9:bc:8e:6a:13:18:cc:1c:1a:72:2c:f7:04:6c:b6: 21:89:b3:84:bb:14:0d:78:de:1b:01:bd:b2:ab:2e:29: e6:67:7e:25:5d:71:1b:7d:70:ee:ad:ef:a3:86:51:b0: e2:0f:cc:70:e1:83:cd:67:c3:61:df:26:3e:32:b4:93 Fingerprint (SHA-256): D2:69:B5:7D:03:0F:F9:E7:08:87:F6:3A:F2:31:15:8B:F9:D2:BF:15:71:21:0D:79:5A:7E:FA:99:8A:7F:F0:0B Fingerprint (SHA1): 67:A0:03:44:87:06:0C:FB:31:F3:5D:5E:61:85:49:52:59:4F:D0:DE Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2365: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161679 (0x1ee2850f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:35:17 2015 Not After : Mon May 18 20:35:17 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:a5:44:05:e5:3b:a6:cf:da:81:c5:83:f6:17:00:5d: 9f:8f:27:66:1f:ce:41:56:6a:c8:dc:3d:07:e4:a1:60: 1e:e1:f5:c8:7f:d9:0d:d4:02:76:98:ea:2e:7c:d5:0e: 03:c5:8f:73:d1:6b:a4:40:75:36:f2:ed:83:26:43:fb: b4:43:bd:ac:dd:2b:df:f8:a3:51:e9:73:5a:2f:ff:09: 7d:87:91:ce:42:50:1f:90:b9:16:d0:e9:2c:c6:c5:f3: b7:7a:b6:41:18:f4:a4:04:07:d4:7d:29:97:b9:f5:cc: f5:28:cc:58:cd:6e:40:a3:18:af:d1:94:b2:4c:80:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:5d:3f:88:fd:d0:e3:62:67:41:34:c1:1d:69:0a:98: 12:c5:40:ca:11:2a:4c:48:70:aa:83:14:a9:da:44:6b: 91:c8:69:31:78:b2:b3:4c:da:2d:66:54:fe:e9:80:30: 3c:3a:6f:9b:83:63:26:bc:7b:b0:86:2f:63:3d:ff:65: da:f3:ee:77:f1:b8:b4:94:19:d7:21:8f:82:72:31:ee: 74:48:7a:72:88:cb:6d:18:39:e3:fb:41:c6:4b:c2:cb: 45:d0:21:63:f3:33:f2:ae:be:e6:76:0e:4a:97:8f:78: 6e:5b:24:15:da:8f:a6:12:e7:57:99:b8:4b:3d:26:f1 Fingerprint (SHA-256): 14:BE:EC:AF:E4:CD:A1:44:A2:50:65:69:B3:8D:18:F3:62:1F:A9:66:C0:19:F4:A1:24:66:F8:2A:42:C2:E2:D6 Fingerprint (SHA1): 5C:94:E5:DD:19:85:90:AD:3B:36:25:25:87:61:2B:C1:A4:9E:A5:C1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2366: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #2367: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #2368: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #2369: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161677 (0x1ee2850d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:35:11 2015 Not After : Mon May 18 20:35:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:1a:4e:3d:da:1d:41:27:2f:dd:79:57:bf:41:a5:98: 3b:dc:1b:42:80:b7:4b:9d:2d:64:8e:00:bc:9e:7a:8d: f0:67:76:29:ae:c0:94:f5:4e:4d:e6:71:d1:ec:28:11: 4f:8f:33:ab:d3:2c:b8:19:ac:70:68:7f:8c:8f:48:7f: ee:70:ec:83:1b:d0:e9:4f:06:ec:70:5e:a0:23:71:a5: c9:cc:53:a2:a4:50:e7:e4:40:18:7e:fb:29:22:2e:3a: 93:cc:6f:f0:1d:61:da:e8:73:2a:1c:3f:b4:05:83:68: e7:3e:d9:85:7f:27:82:1c:6a:ec:53:e2:e4:aa:26:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: af:6f:99:8c:49:27:f5:f8:30:b5:25:1c:02:ca:ff:ca: c3:bb:03:8d:33:f8:e9:be:b5:e9:b0:ec:ca:2a:0d:e0: 41:bc:94:3c:4b:36:78:69:a8:e7:aa:03:99:50:6a:66: 7b:ea:1b:07:7d:4f:4d:ab:74:b7:4b:41:8b:36:a6:e5: fc:d9:bc:8e:6a:13:18:cc:1c:1a:72:2c:f7:04:6c:b6: 21:89:b3:84:bb:14:0d:78:de:1b:01:bd:b2:ab:2e:29: e6:67:7e:25:5d:71:1b:7d:70:ee:ad:ef:a3:86:51:b0: e2:0f:cc:70:e1:83:cd:67:c3:61:df:26:3e:32:b4:93 Fingerprint (SHA-256): D2:69:B5:7D:03:0F:F9:E7:08:87:F6:3A:F2:31:15:8B:F9:D2:BF:15:71:21:0D:79:5A:7E:FA:99:8A:7F:F0:0B Fingerprint (SHA1): 67:A0:03:44:87:06:0C:FB:31:F3:5D:5E:61:85:49:52:59:4F:D0:DE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2370: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161681 (0x1ee28511) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:35:23 2015 Not After : Mon May 18 20:35:23 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e1:b1:b7:f2:52:cb:93:cc:e9:69:5a:53:e8:62:92:cc: fd:a1:7d:fa:64:50:3a:d3:d0:bf:15:c7:a7:4f:81:78: 12:74:c9:29:0f:c6:9c:5f:f9:0c:44:4f:7e:17:9c:ae: aa:13:80:e5:5c:e2:e2:a5:d2:99:cf:be:9b:b9:84:35: c6:43:77:b0:f0:07:74:3e:66:e0:b2:40:6f:26:96:65: c0:84:6e:f4:79:f9:86:ff:d5:69:80:f3:05:44:14:41: 26:41:96:10:8d:77:87:09:3d:be:c8:f0:83:c1:80:96: b5:5b:a7:8b:8b:41:83:26:0a:ad:51:0b:d0:96:86:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:05:45:00:c5:fb:81:bc:b4:eb:76:d3:8f:7f:55:7a: 00:58:7b:96:2f:36:a1:9b:3d:60:cf:07:e1:a6:8a:d1: 24:1f:3b:31:9c:4c:40:3c:c9:ee:71:f6:31:92:9c:4d: d1:ce:12:7e:d0:12:59:b8:56:51:c8:e9:31:6c:96:c2: 3e:29:ab:6c:e5:a5:5f:0b:f7:77:b1:23:2e:52:41:f2: f4:20:89:c9:50:73:c1:df:f5:22:e3:ea:1b:bc:e0:09: 51:3e:be:d5:d2:ab:7e:da:19:ed:6a:67:74:21:4b:bb: 11:34:76:be:fa:00:05:ed:ac:08:c8:0f:a9:01:22:58 Fingerprint (SHA-256): 18:04:77:7F:EE:64:38:4E:43:79:F9:73:FA:1A:81:D9:95:22:55:64:27:5B:57:87:B9:46:E7:FE:0C:32:6B:92 Fingerprint (SHA1): 67:4C:10:5E:D1:EF:A1:84:B5:4B:BD:40:42:69:06:BC:38:2F:8F:87 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #2371: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161677 (0x1ee2850d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:35:11 2015 Not After : Mon May 18 20:35:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:1a:4e:3d:da:1d:41:27:2f:dd:79:57:bf:41:a5:98: 3b:dc:1b:42:80:b7:4b:9d:2d:64:8e:00:bc:9e:7a:8d: f0:67:76:29:ae:c0:94:f5:4e:4d:e6:71:d1:ec:28:11: 4f:8f:33:ab:d3:2c:b8:19:ac:70:68:7f:8c:8f:48:7f: ee:70:ec:83:1b:d0:e9:4f:06:ec:70:5e:a0:23:71:a5: c9:cc:53:a2:a4:50:e7:e4:40:18:7e:fb:29:22:2e:3a: 93:cc:6f:f0:1d:61:da:e8:73:2a:1c:3f:b4:05:83:68: e7:3e:d9:85:7f:27:82:1c:6a:ec:53:e2:e4:aa:26:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: af:6f:99:8c:49:27:f5:f8:30:b5:25:1c:02:ca:ff:ca: c3:bb:03:8d:33:f8:e9:be:b5:e9:b0:ec:ca:2a:0d:e0: 41:bc:94:3c:4b:36:78:69:a8:e7:aa:03:99:50:6a:66: 7b:ea:1b:07:7d:4f:4d:ab:74:b7:4b:41:8b:36:a6:e5: fc:d9:bc:8e:6a:13:18:cc:1c:1a:72:2c:f7:04:6c:b6: 21:89:b3:84:bb:14:0d:78:de:1b:01:bd:b2:ab:2e:29: e6:67:7e:25:5d:71:1b:7d:70:ee:ad:ef:a3:86:51:b0: e2:0f:cc:70:e1:83:cd:67:c3:61:df:26:3e:32:b4:93 Fingerprint (SHA-256): D2:69:B5:7D:03:0F:F9:E7:08:87:F6:3A:F2:31:15:8B:F9:D2:BF:15:71:21:0D:79:5A:7E:FA:99:8A:7F:F0:0B Fingerprint (SHA1): 67:A0:03:44:87:06:0C:FB:31:F3:5D:5E:61:85:49:52:59:4F:D0:DE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2372: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #2373: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #2374: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #2375: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #2376: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #2377: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518161682 (0x1ee28512) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:35:26 2015 Not After : Mon May 18 20:35:26 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:51:ea:3a:15:cb:b5:6d:35:99:a7:13:3e:1d:6f:a0: 30:ca:79:a0:a4:bf:48:3f:83:94:5e:c8:dc:f6:db:2f: f0:c0:ee:0e:8d:a6:68:85:ef:1d:01:e5:01:15:4e:d6: 5b:21:fb:18:34:62:57:f1:d1:dc:ba:49:1c:d1:4d:64: 94:da:89:8b:90:72:a4:50:ff:2e:25:d6:85:f2:82:e5: 54:7f:2a:f4:db:af:40:11:42:f9:7a:d8:da:9e:64:ac: f0:e6:91:bc:4e:fe:29:20:dc:e6:a0:82:36:db:88:d4: 9d:cf:c1:d5:19:0f:5b:34:38:60:bc:64:25:06:ab:2f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:27:cf:3d:be:d9:7d:74:40:00:32:7f:6a:a6:a3:20: 6a:b5:06:0f:74:ef:7b:28:63:72:6c:26:65:1d:98:31: c2:a7:10:dc:78:e3:6a:7b:b9:70:33:92:07:3b:89:7f: ad:bd:bf:a9:69:eb:6d:4c:65:33:41:3a:0e:ab:c1:a8: a0:ca:72:25:4e:b8:92:3f:4b:85:0e:ff:12:7c:67:52: eb:76:ac:bf:34:5e:1e:de:9a:8d:9f:b5:8f:43:cf:74: 0d:8d:7f:9b:43:a9:9c:9a:a3:6e:7e:1b:4c:88:cb:6d: 53:b5:c3:ad:4c:bd:ca:4c:51:d4:cc:eb:db:da:80:d3 Fingerprint (SHA-256): 38:02:7F:50:3B:E4:20:C0:8B:E8:AB:98:01:9B:EF:2A:D8:BB:77:A5:F7:A3:8F:88:B3:7E:5C:F2:25:E0:40:B1 Fingerprint (SHA1): B7:68:04:5D:49:EC:02:9D:97:70:A4:68:60:11:9C:97:60:A2:2B:AC Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #2378: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #2379: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #2380: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #2381: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #2382: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2383: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2384: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2385: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2386: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2387: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2388: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2389: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2390: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2391: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2392: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2393: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2394: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2395: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2396: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #2397: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2398: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2399: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2400: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2401: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 3275 at Mon May 18 16:35:58 EDT 2015 kill -USR1 3275 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 3275 killed at Mon May 18 16:35:58 EDT 2015 TIMESTAMP chains END: Mon May 18 16:35:58 EDT 2015 chains.sh: Testing with PKIX =============================== Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 16:35:59 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 16:35:59 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Mon May 18 16:35:59 EDT 2015 TIMESTAMP libpkix END: Mon May 18 16:35:59 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Mon May 18 16:35:59 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2402: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -f ../tests.pw cert.sh: #2403: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2404: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2405: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2406: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -f ../tests.pw cert.sh: #2407: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2408: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2409: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2410: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2411: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2412: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2413: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2414: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -f ../tests.pw cert.sh: #2415: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2416: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2417: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2418: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2419: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2420: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2421: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2422: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2423: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #2424: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2425: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #2426: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2427: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2428: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2429: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2430: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2431: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #2432: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2433: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2434: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2435: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2436: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw cert.sh: #2437: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2438: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2439: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2440: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2441: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2442: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2443: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2444: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2445: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2446: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2447: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2448: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2449: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2450: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2451: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2452: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2453: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2454: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2455: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw cert.sh: #2456: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2457: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2458: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #2459: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2460: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2461: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2462: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #2463: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2464: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2465: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2466: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #2467: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2468: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2469: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2470: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2471: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2472: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2473: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2474: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw cert.sh: #2475: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2476: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA.ca.cert cert.sh: #2477: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA-ec.ca.cert cert.sh: #2478: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2479: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #2480: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2481: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2482: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #2483: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2484: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2485: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #2486: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2487: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2488: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2489: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA.ca.cert cert.sh: #2490: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA-ec.ca.cert cert.sh: #2491: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2492: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2493: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2494: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2495: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2496: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2497: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2498: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2499: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2500: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2501: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #2502: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2503: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2504: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #2505: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2506: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2507: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2508: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2509: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2510: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2511: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw cert.sh: #2512: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2513: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA.ca.cert cert.sh: #2514: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #2515: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2516: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #2517: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2518: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2519: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #2520: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2521: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2522: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #2523: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2524: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw cert.sh: #2525: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2526: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA.ca.cert cert.sh: #2527: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #2528: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2529: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #2530: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2531: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2532: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #2533: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2534: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2535: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #2536: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2537: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw cert.sh: #2538: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2539: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA.ca.cert cert.sh: #2540: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #2541: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2542: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #2543: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2544: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2545: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #2546: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2547: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2548: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #2549: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2550: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw cert.sh: #2551: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2552: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA.ca.cert cert.sh: #2553: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #2554: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2555: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2556: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2557: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2558: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2559: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2560: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2561: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2562: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2563: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #2564: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2565: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2566: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2567: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2568: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #2569: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2570: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2571: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw cert.sh: #2572: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2573: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #2574: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2575: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw cert.sh: #2576: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2577: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #2578: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2579: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #2580: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2581: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2582: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #2583: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2584: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2585: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #2586: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2587: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw cert.sh: #2588: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2589: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #2590: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #2591: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2592: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #2593: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2594: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2595: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #2596: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2597: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2598: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #2599: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2600: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:82 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:11 2015 Not After : Tue Aug 18 20:38:11 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:83:f6:4a:53:9c:a7:af:fc:a6:c5:7d:ed:2e:e7:e2: 08:4a:dd:88:39:02:93:73:00:17:1c:25:cd:89:41:f3: b8:31:a1:26:d4:82:1f:a5:3a:ad:bc:67:d0:9d:59:f3: d4:2f:b5:f1:b7:42:8c:76:89:e3:61:dd:5e:c7:b5:dd: ff:55:99:f1:d7:7f:76:89:6c:3f:36:74:0d:33:50:50: 19:60:63:9e:e9:20:61:94:50:16:06:d7:56:38:0a:7d: 8b:4b:87:4a:33:be:93:68:dc:a5:e2:4d:d9:fb:76:45: 79:2f:a3:fa:59:f7:de:e9:f4:38:ca:0d:de:a1:48:35 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:60:ec:64:78:76:87:20:44:84:38:98:6e:00:82:b3: 0a:ff:c6:23:80:e5:12:18:08:ea:44:77:59:59:85:af: c5:d4:ac:92:01:35:78:f3:6b:d6:c3:32:c1:35:61:26: 75:8a:27:de:87:f0:5e:fa:76:d8:ef:3e:25:c4:4a:d1: 5b:f6:8e:3b:9c:1d:7c:33:b9:42:ae:c8:bd:56:1e:17: 3b:5e:e2:5b:a9:db:5e:f1:c3:a4:cc:c0:96:47:7a:ea: cb:44:cc:53:37:0e:9d:04:84:64:d9:3e:cc:62:40:55: 62:ff:4e:c4:29:46:0e:53:5a:0e:1c:b0:b6:7f:c2:12 Fingerprint (SHA-256): 21:DD:F8:DA:D3:F2:D8:9E:D4:B0:9B:AF:B3:FC:CC:1F:D3:62:32:AB:C1:84:BA:82:63:2E:2C:5F:DD:B6:89:39 Fingerprint (SHA1): A4:2E:43:5B:EA:C2:76:67:B7:CB:5A:D9:2F:C9:53:C5:00:D8:7D:1E Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2601: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:87 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:13 2015 Not After : Tue Aug 18 20:38:13 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:c4:db:be:40:07:5f:12:d2:74:00:68:6f:3d:91:b6: 6d:a2:3e:a9:86:64:3b:4f:d2:bb:67:c9:fa:95:a8:d8: 86:73:e7:26:49:c7:9d:97:4a:62:87:3d:dd:94:3a:81: 51:49:36:b4:72:42:bc:9b:44:59:36:56:99:9a:e2:bb: df:6f:19:de:0d:71:43:65:82:ba:18:72:43:3b:ab:33: e2:79:ff:69:ba:50:0d:7d:25:88:fe:68:b9:73:f2:24: 2f:81:18:31:c2:6f:f4:1d:58:30:b0:be:c9:c6:5b:4e: 9f:18:eb:e5:01:08:ea:21:5b:50:f2:18:11:c3:8b:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:9d:06:5a:91:ed:a9:0d:54:e4:39:45:e3:9b:5d:02: cc:a5:ed:10:6a:6a:62:b3:5e:90:e1:70:42:32:84:78: 68:3e:90:a8:64:10:d9:bd:90:fd:56:a0:db:54:f6:8f: c6:a3:72:a4:15:1d:41:43:cc:9f:4d:15:59:6e:e3:f0: 0f:25:20:38:25:60:61:81:31:bd:76:91:15:5d:5c:65: c1:a1:cd:26:76:34:39:17:28:c2:1c:dc:08:96:a5:4e: 31:39:d1:10:46:68:6d:cd:a8:20:4b:69:b4:9c:3a:f1: 8d:1f:c6:15:14:f9:0b:eb:c2:23:4f:dd:b2:db:b4:ec Fingerprint (SHA-256): 06:8C:C5:A8:75:17:44:06:40:21:E5:DA:4E:90:E2:8A:56:C9:E2:ED:E5:2E:B7:A9:DA:BB:8A:6B:28:C5:E0:EA Fingerprint (SHA1): B3:1E:9D:AF:33:C8:53:9A:C2:68:7C:77:49:24:5F:88:A4:64:BC:CD Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2602: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:8a Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:15 2015 Not After : Tue Aug 18 20:38:15 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:54:b0:b5:ff:4b:88:82:aa:31:f7:be:9d:ff:40:5a: 92:17:3d:a9:2a:71:71:bc:e4:ff:4d:5f:2a:02:da:2b: f1:99:14:d4:25:e7:04:77:9f:6e:8b:58:8f:ed:68:0b: b1:d5:05:91:bc:1c:8b:8d:0c:f2:1b:85:68:f1:7e:d9: 3f:ba:f6:73:27:41:8c:a6:55:9a:5f:0d:e4:d1:49:75: 1c:45:40:75:4e:de:9b:90:63:21:e0:97:0e:e2:17:5e: 95:fe:f7:21:48:d7:47:b2:d2:ad:5f:13:c0:58:bf:79: f9:ba:c6:e0:bd:f3:2a:62:39:9c:ab:c4:51:65:3e:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:59:67:c1:0c:4a:e5:50:77:3c:e1:ba:09:23:25:62: d6:e3:8c:e5:81:b1:08:51:0a:ad:c4:59:07:68:4e:8a: 2a:7c:50:96:45:b9:05:c4:d5:58:38:7e:73:b6:52:dc: 22:32:77:63:54:ae:0e:0e:27:5d:69:50:bf:71:fb:ea: fd:f6:68:b3:26:82:77:66:19:1a:a5:f6:59:94:16:36: 5b:86:c1:e8:e6:96:41:a4:56:80:a6:98:86:56:9c:aa: 7c:91:66:a1:c1:1c:22:84:62:65:b3:b8:a7:79:08:22: 9c:6c:0c:28:9d:6b:ed:5b:ec:59:05:bc:67:c4:d4:51 Fingerprint (SHA-256): B6:9A:8A:78:2E:9E:98:71:51:2B:5A:C4:94:25:92:5B:63:46:20:B5:72:FB:D5:75:CB:7B:C5:42:70:90:5F:DE Fingerprint (SHA1): 0E:3A:11:8B:0A:53:0A:87:37:B7:68:F0:21:79:50:4D:32:5C:A6:F2 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2603: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:8e Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:18 2015 Not After : Tue Aug 18 20:38:18 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:6d:2c:47:26:eb:29:28:34:6c:ef:ef:79:db:93:66: 9d:4c:ee:57:57:3a:f9:90:c2:91:a8:1d:ec:d4:9a:b8: 2e:79:d8:85:66:b9:ba:8c:58:52:30:65:5e:1e:b7:c3: c9:40:f6:c8:8c:c8:29:d3:da:13:c4:56:e8:e3:9c:29: 6a:86:14:99:6b:d8:02:5c:08:20:13:8f:53:b1:04:fe: 90:54:a2:7c:66:42:7a:55:ca:0f:59:e6:c4:f6:f1:25: 93:1f:2a:4c:47:29:1f:69:bd:e1:82:79:66:31:fd:de: 4d:32:be:d7:2a:36:7f:ec:b1:1a:8d:a8:f2:ad:36:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:67:a1:ab:51:7f:8d:d5:3c:5f:49:e4:da:a7:e8:65: 62:88:17:e0:b8:b8:ed:26:44:8a:ea:65:ff:8a:2c:fc: 68:04:e1:98:c4:62:82:91:fd:8b:e6:16:28:39:be:2c: ef:78:97:7a:8b:2e:b9:f8:dd:28:8d:a0:05:6e:43:a3: 18:fd:33:4b:5a:7f:dc:45:88:90:6d:ce:99:97:d1:71: 5c:d2:e1:01:3f:49:3b:b5:20:6c:cc:3a:7b:c1:2b:7b: 6e:c6:94:c1:ed:d8:cd:6d:d1:d5:13:a2:6f:eb:d5:f2: c9:39:14:4b:1b:5d:ef:6b:bc:3a:52:dc:1a:82:45:ad Fingerprint (SHA-256): 98:1A:BB:61:B4:29:C7:C0:E8:AF:79:2A:CD:27:CC:FD:9D:07:32:9A:05:09:19:71:B0:E6:11:23:A6:64:E3:A2 Fingerprint (SHA1): 6B:30:35:63:51:A7:8A:F1:0F:42:97:50:FA:27:E6:95:FB:D5:F3:51 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2604: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:93 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:21 2015 Not After : Tue Aug 18 20:38:21 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:8d:5a:e8:3e:ee:55:91:c5:14:02:cc:b9:3a:91:33: a7:9e:88:41:07:e9:bf:fa:3b:90:9e:3b:c6:2a:8f:d4: bc:c5:55:60:6e:6b:4d:d0:34:10:1d:ec:2c:a2:4d:6e: ae:4c:36:43:11:4c:25:5a:19:6f:f5:73:1e:31:cc:cf: 75:89:bf:51:bd:73:15:a4:11:18:b5:1f:41:cc:94:69: e3:1a:f1:6d:19:d1:1f:77:38:53:04:db:cb:06:11:86: 99:31:44:59:dc:df:f0:fb:35:7f:b8:41:aa:bc:20:57: ab:1b:e3:1e:bc:9c:71:08:33:30:0a:d0:f9:2c:9b:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 22:a6:95:51:cb:6f:fb:08:74:36:fc:63:e4:5d:9c:e0: 8a:ed:b4:f0:4c:48:d9:9d:a9:eb:51:f9:67:78:f6:71: 62:cd:e4:c2:6c:43:0d:05:42:46:e3:a0:1e:c9:62:ed: 7b:57:5f:45:0b:a9:de:12:6f:74:7e:56:83:2c:c6:f0: f5:52:34:f1:f7:0b:0c:4b:e7:7b:5e:8f:08:15:ef:c4: 1e:e5:76:21:e2:e1:58:de:97:d5:cf:64:96:89:55:8d: c2:4d:33:82:b3:72:33:13:e3:fa:cc:d6:2a:13:9b:38: a7:6d:ff:75:ab:e3:ae:90:dc:38:d6:76:6c:71:34:7f Fingerprint (SHA-256): FD:15:6D:C3:6E:7B:F0:F2:20:38:77:30:B0:B7:68:03:C4:60:BF:39:B3:DB:03:4D:41:CF:54:30:68:5C:90:84 Fingerprint (SHA1): 21:98:9F:AB:A4:12:09:72:B1:0F:A9:81:C9:CE:B7:F4:EB:8E:2C:68 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2605: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:99 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:23 2015 Not After : Tue Aug 18 20:38:23 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:b1:56:c2:c3:92:67:69:f7:50:5f:79:24:cd:c7:c6: 81:73:02:17:7e:4f:d4:72:f7:91:02:56:02:fc:e5:74: 34:0d:57:b4:79:55:56:35:df:6f:e3:71:55:d8:9b:50: 9f:42:22:ee:fd:2e:44:75:72:46:a5:78:4e:fd:bb:38: 56:19:46:72:dd:eb:cb:3b:35:d9:77:92:8f:eb:ee:d5: a7:c7:aa:54:c4:aa:a8:6e:f6:70:ed:25:cb:26:43:f2: 50:ce:bf:ae:cd:f9:4f:1e:81:8c:51:71:e7:77:55:07: e6:85:cc:aa:19:aa:a5:f7:53:29:04:e1:e9:c8:de:1f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:3c:ad:03:73:8c:51:3e:f2:5a:7c:39:83:aa:dc:a6: 5a:8f:99:f2:94:51:a2:38:d9:ba:d7:b9:1f:a7:0b:69: 54:a2:56:8f:a0:3c:5c:5f:e9:cc:b7:f0:75:b4:c1:b4: 12:cc:40:42:57:a7:8b:b9:cb:6d:77:f7:b1:fd:d7:b9: c8:02:e0:c5:2a:d0:79:69:e5:2f:9c:b7:e5:1b:d2:03: b6:3a:8a:61:10:a1:3c:3a:e6:55:a6:fa:40:6e:17:aa: f8:d0:fe:ca:e1:8f:35:46:da:d5:d0:86:02:b1:a1:cf: d8:49:10:69:2b:7d:5c:84:13:b2:dc:2b:2e:a5:0d:a3 Fingerprint (SHA-256): A6:A5:1F:95:B6:FC:0F:34:8B:D9:B5:EE:56:53:5F:85:08:88:F4:10:6A:06:EB:A9:C3:A6:E5:CA:DA:08:06:4F Fingerprint (SHA1): 11:3E:27:24:F1:B7:DB:AD:D3:C2:B2:02:26:F7:3E:11:AD:20:76:D4 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2606: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:9e Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:26 2015 Not After : Tue Aug 18 20:38:26 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:1d:44:57:ab:a4:6f:9c:14:c3:02:69:6b:6c:c9:b5: 3d:b2:31:66:49:75:b1:f5:5f:c7:9f:3a:d6:a3:ef:fa: ab:b8:92:05:1e:a8:5d:4f:3f:ff:6f:7d:77:16:3c:f5: 95:49:89:c9:2d:e1:63:e1:f7:6a:86:0a:20:26:b7:6e: 3d:e4:04:c0:06:55:a2:a1:e7:e1:9d:a0:a3:38:4e:cc: 43:b1:3f:d3:be:ab:3d:9c:a1:f2:e4:9e:2c:29:ae:07: 3e:1a:6e:a9:2c:75:f9:7d:a6:f9:b4:3d:c3:7c:5f:15: ef:8b:71:35:7b:31:cf:23:c2:90:55:29:a8:d8:0f:6f Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d1:0c:a5:22:55:db:8e:e1:d6:6a:e9:a9:4d:7f:ee:ae: 27:f7:a2:cb:0a:b8:d2:79:58:e6:ef:02:22:cf:34:91: 5b:47:f5:ce:7c:06:58:05:25:5c:60:cd:81:3a:14:c2: 23:e9:f9:42:d1:09:27:da:0a:63:06:e1:b8:41:02:78: 76:6c:c8:ae:b4:73:c3:e0:05:ff:6a:dd:2d:5e:a5:c3: a4:80:df:24:9f:bc:4f:1f:6b:66:ba:9f:ae:f4:bf:0f: 67:8d:1c:af:8f:b4:ee:c0:ac:6a:da:88:7a:a9:00:91: 91:46:97:95:11:e9:4f:9b:32:81:ef:97:27:99:75:70 Fingerprint (SHA-256): 39:95:65:FB:7D:6C:4B:AC:48:2E:4C:1F:DF:1F:29:98:0F:15:C7:59:99:A3:EC:85:1E:B0:6B:A1:2D:C4:DD:3F Fingerprint (SHA1): 5C:4B:41:43:BE:4D:CD:43:28:EE:2C:97:07:EB:3C:85:0F:83:B2:58 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2607: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:a3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:28 2015 Not After : Tue Aug 18 20:38:28 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:e7:46:73:29:85:89:bb:13:b9:2d:21:5a:cc:e0:de: 37:f6:71:23:38:9b:29:86:e2:7f:94:f7:d3:3d:e2:8f: c7:ab:7e:88:e2:bc:87:7d:d0:02:00:25:8c:27:77:50: dc:15:04:33:23:7e:4c:eb:79:a6:95:4d:a6:13:a0:a7: 38:d8:7b:35:b7:a0:8e:ac:ea:74:9a:57:10:fa:d3:89: 15:8a:5e:64:69:3d:5a:8f:df:ad:8d:7f:79:f4:ba:e0: 2d:cd:99:64:c6:44:d2:18:45:2e:6e:1d:36:17:bb:4b: 63:d6:d1:4b:db:75:13:b9:aa:d4:f4:b7:4d:8f:07:7d Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:7a:5f:85:79:3d:57:26:c9:47:c9:f0:c6:24:06:3e: 40:57:76:71:0a:a3:b2:c3:83:22:23:66:23:31:0d:b6: 65:a5:eb:6b:52:5f:95:9f:8e:55:b1:25:7c:d4:8e:5b: 43:0f:95:39:bf:b3:c0:03:33:62:1f:b4:1a:91:ad:e6: bb:2f:ff:33:11:69:01:45:ca:b2:fd:8d:fb:d4:92:11: 65:26:c0:98:82:8f:e0:69:35:22:6d:c6:28:96:af:d7: f0:1a:6a:34:65:cb:ac:22:13:8c:13:20:5c:c9:87:66: 5c:cb:0d:ff:41:8d:ee:b4:dc:9e:d3:ba:e5:6f:8b:a7 Fingerprint (SHA-256): 3C:28:37:9B:EE:EB:C9:54:4F:DD:02:FF:35:44:EF:6F:D5:93:34:26:8D:F7:14:3A:0A:C3:EA:FB:D4:27:69:A3 Fingerprint (SHA1): 74:EB:50:75:FA:11:5F:B1:C7:88:E1:47:D2:F9:0C:99:4F:9E:9D:D6 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2608: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:a7 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:31 2015 Not After : Tue Aug 18 20:38:31 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:20:ca:4f:d2:cc:bf:fc:9a:30:1f:e7:dd:a8:7a:f5: 21:65:50:0a:ba:8b:dd:d4:29:e5:ac:5d:80:17:d7:71: e9:55:6f:48:38:f6:c6:14:5a:18:cb:50:0f:e7:f9:6b: c9:1f:6f:78:92:34:50:3f:4f:a7:57:54:b3:e5:9a:02: 40:98:4c:4c:c4:ec:45:f8:2c:86:ab:55:50:54:c0:8a: 32:42:e0:7d:65:11:5a:b3:97:ff:99:fb:4b:71:ba:98: 4d:4d:8a:05:bf:a2:8a:46:f5:e6:00:0f:d6:d5:b4:88: 8e:6c:2d:5c:23:0b:66:c9:55:b5:02:34:10:e3:32:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b4:95:5e:e1:49:7b:98:95:24:17:db:38:4b:cb:bf:5e: 34:30:e6:b9:35:2e:3c:dd:46:63:6d:32:a7:c7:71:52: 5d:c1:24:6d:c3:27:a2:e7:eb:79:f9:2d:f6:cf:67:ac: 8e:55:1d:b0:3d:7f:40:f2:fa:0a:7f:34:60:da:c4:67: bb:a5:24:df:fe:cd:fa:e4:04:6d:85:3b:32:1a:b2:07: 8d:bd:18:60:bf:d5:b5:4c:17:ef:f4:47:16:0b:4d:2e: 03:52:40:1f:1b:1f:2a:ea:7a:96:ba:f6:98:a5:f6:19: f7:82:7c:94:0d:b8:3f:69:2b:3e:8f:d5:cb:06:7a:52 Fingerprint (SHA-256): 80:9D:58:56:9E:20:C5:11:76:5A:2E:3B:74:94:4E:B8:9B:14:8E:8E:70:6E:06:59:74:00:92:5E:FE:C9:B8:22 Fingerprint (SHA1): F1:C5:D3:B0:09:88:20:FF:F0:4A:4F:83:34:03:C3:B5:16:A4:1B:46 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2609: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:ac Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:34 2015 Not After : Tue Aug 18 20:38:34 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:b6:ec:e1:f6:c5:27:c4:d0:34:45:42:e0:47:54:c9: c9:0c:c6:c1:df:19:3c:c9:1a:5a:67:f5:c3:64:45:79: 51:6e:de:09:df:43:bc:82:4f:e2:53:11:16:9c:01:7d: 64:e2:cc:47:32:07:81:1c:bb:23:27:18:34:89:a3:f6: 45:ba:cc:63:88:48:2f:6b:6d:d4:3f:5f:b4:ff:23:ea: 9c:fe:4c:a3:28:07:d0:24:13:f6:6b:f3:37:49:48:70: b4:8e:2c:6d:c9:f1:fb:33:b4:a4:fd:31:f1:aa:29:74: 40:6f:e4:22:e8:45:52:ae:e0:10:4f:5d:a3:9a:d7:af Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:f1:1d:7a:23:a3:ba:c1:c0:be:59:21:92:99:9b:da: 42:0f:b0:8e:ea:d1:ff:7d:18:2a:73:10:4e:bc:52:d4: 39:cd:5e:b7:f9:46:bf:e1:47:5c:45:29:b3:c1:fb:cb: 61:35:10:73:2b:b2:83:a5:72:86:d3:ec:a4:a5:dc:49: 2b:92:c3:99:ad:43:d1:de:16:f5:77:06:76:77:b5:fd: ee:4f:81:30:4e:2e:96:f0:5a:7f:89:93:b1:3d:fa:69: a9:4d:50:c2:fd:c9:e0:88:63:81:07:fd:70:23:ef:64: 68:6d:62:89:54:27:c0:6f:1c:07:7b:1c:f7:ca:7b:11 Fingerprint (SHA-256): 7B:B3:FD:29:F8:15:4E:DB:7D:D8:C7:35:3F:3E:CD:99:61:84:35:F1:56:6B:12:5E:A3:18:91:D2:75:E7:BE:8A Fingerprint (SHA1): E6:17:EB:96:9A:79:B1:6F:0B:09:D5:B8:CF:02:20:A8:9D:E3:0A:65 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2610: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:b3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 20:38:36 2015 Not After : Tue Aug 18 20:38:36 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:dc:fe:ca:03:a6:02:8d:62:f4:4c:a4:a2:1b:f9:d5: 30:61:76:e3:da:77:72:4b:69:b6:a7:c9:f3:e9:1a:c8: c3:d2:bb:e5:d3:46:03:41:9c:80:e9:97:2e:8b:7c:d6: 90:e6:e8:4b:42:21:ae:ad:25:12:35:02:70:08:f1:9e: be:41:ad:e1:39:e7:19:b7:11:a6:51:e2:d4:e9:0e:bd: 9d:81:a2:41:06:52:43:23:0c:6a:11:5d:dc:8e:83:07: 36:ba:39:c3:f6:60:58:8c:bf:d0:87:67:01:9a:c9:72: 23:cb:5c:2e:db:c6:e0:fa:de:4a:1e:2c:6b:9a:a0:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 89:e8:5c:e2:d1:fe:60:56:79:8b:0c:4a:81:1a:8c:ec: 79:fc:6d:01:8e:45:6e:be:4f:9b:12:ae:32:71:03:a5: 3d:d6:7f:b5:d8:bd:99:67:2a:3d:55:34:e2:65:87:24: 77:8e:c0:4d:5a:23:37:20:8c:eb:13:31:2c:c6:48:d7: 21:cf:cf:93:35:51:a2:fc:32:af:96:28:67:a0:6b:5f: 2b:88:ef:90:56:87:dd:34:e8:44:3e:d6:56:a2:d1:a4: f8:0a:b8:cd:6e:ba:3b:23:64:25:f7:6b:ae:bd:51:a2: 36:71:34:bc:1d:96:82:e3:67:9b:64:10:c1:40:62:94 Fingerprint (SHA-256): B4:40:44:FB:D9:6E:19:47:D3:13:1C:A2:08:C8:95:99:0A:FD:6F:82:C4:F0:6E:62:1A:14:03:9B:0E:16:28:BA Fingerprint (SHA1): E1:B6:61:62:15:D3:FD:40:5A:F4:68:08:1A:77:DE:C8:79:26:C1:43 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2611: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2612: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2613: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #2614: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:bd Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 20:38:42 2015 Not After : Tue Aug 18 20:38:42 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:94:f4:62:13:ef:5a:93:2a:c1:35:f8:80:70:44:67: 84:3a:78:37:c2:53:82:07:0a:1f:68:15:4b:fd:07:3c: e4:e8:70:02:23:44:48:20:69:59:cd:9f:78:8c:f9:fd: 2b:b5:e8:97:58:45:56:4d:0a:df:98:a8:25:bb:5d:aa: 42:cf:b2:2b:b9:df:48:2c:d7:1e:84:2d:af:64:9e:2f: e1:29:cf:83:3f:bc:cf:09:ca:3e:94:49:6f:63:be:9e: 1e:59:4b:a3:18:6a:8c:36:9c:75:2b:6e:ea:d2:46:ab: 6c:77:60:a0:41:6f:02:74:09:1a:1b:3b:37:de:9e:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:2a:e5:d1:38:c1:cb:f1:67:b9:06:64:54:f7:24:9b: bd:af:3e:4d:a0:03:6f:5b:e7:8c:21:1a:7a:7c:5f:17: bf:c2:b9:ea:5c:5e:b7:3c:b6:e5:be:13:2d:d7:43:10: dd:e5:14:35:ef:7f:36:1b:8e:d3:41:96:b0:61:3c:4e: 29:ad:b2:1e:51:4d:3f:05:56:a2:10:52:60:5e:5f:9d: dd:00:9f:0b:fb:50:b4:71:a0:0e:d5:53:50:d8:78:9c: 65:13:95:49:c4:3d:15:43:23:34:17:b2:29:5e:e3:83: b3:94:16:d4:06:21:00:71:1f:e1:c4:07:cb:ed:dd:dd Fingerprint (SHA-256): CA:CE:7D:CF:36:67:ED:35:5D:4B:08:F9:2C:EE:44:F8:25:D4:0C:EA:61:5F:57:B9:74:52:96:C4:CA:C4:F4:06 Fingerprint (SHA1): 0F:B2:4B:BB:7B:46:6D:24:FD:BD:BB:88:AD:4C:B9:04:33:5D:3E:AB Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2615: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der cert.sh: #2616: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2617: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2618: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2619: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2620: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2621: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #2622: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:25:cf Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 20:38:53 2015 Not After : Tue Aug 18 20:38:53 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:72:f5:fd:ff:81:ab:bf:a7:54:d0:5f:37:bb:a9:d1: 1f:cc:59:52:16:e7:43:c1:cc:7a:fa:40:ad:e9:4a:15: db:9c:33:c8:4d:a7:58:99:ae:fe:f3:09:de:dd:77:f2: 60:45:e8:f0:c1:83:6b:2c:3b:97:16:a3:3a:f5:c8:63: b2:c1:9a:0b:fe:d0:0f:02:11:0b:e3:05:60:3c:ae:84: f5:12:65:d6:2b:99:84:60:54:d8:c5:00:a9:22:84:af: 42:1a:91:a1:28:7e:6d:0f:24:b2:10:ff:59:6b:8e:a2: f5:fb:06:1d:d9:51:04:ae:3b:6b:53:bb:df:2e:38:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:a6:98:ab:ff:e9:f0:d8:d3:46:a2:60:b3:62:c6:00: b3:bf:4d:32:21:60:54:73:7e:bb:40:9a:dd:8e:83:50: 6a:42:f5:eb:72:cd:a1:fc:a8:14:da:7c:13:bc:ad:21: 4a:31:de:89:97:3e:ee:ef:c7:a0:e8:be:67:5a:ab:21: a6:20:41:06:ff:19:87:7d:e2:0f:67:65:04:0a:35:83: 35:44:a7:14:70:89:dd:38:7b:bf:4a:f6:e5:1d:85:b8: 41:dd:41:bc:ee:29:b9:69:3b:74:82:eb:6a:9a:ed:37: 0d:92:29:7f:2e:9f:0b:b0:53:f1:78:9e:24:8b:a0:61 Fingerprint (SHA-256): 9A:0C:AD:1C:23:23:61:43:8B:69:ED:18:B3:0A:5E:E9:23:06:4A:76:93:26:04:88:10:00:DF:AB:54:92:C3:0A Fingerprint (SHA1): 07:1F:3B:32:1A:F4:C3:5E:73:EB:E0:D9:55:F1:7D:6B:46:62:28:26 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2623: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2624: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2625: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw cert.sh: #2626: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2627: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2628: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -o root.cert cert.sh: #2629: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #2630: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2631: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #2632: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2633: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2634: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA.ca.cert cert.sh: #2635: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #2636: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2637: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #2638: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2639: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2640: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #2641: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2642: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2643: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #2644: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2645: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2646: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #2647: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2648: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #2649: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2650: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #2651: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2652: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2653: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2654: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2655: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2656: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2657: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2658: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2659: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2660: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2661: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2662: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2663: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2664: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #2665: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2666: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #2667: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2668: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2669: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #2670: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2671: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2672: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #2673: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2674: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2675: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #2676: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2677: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2678: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #2679: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2680: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2681: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #2682: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2683: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2684: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #2685: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2686: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2687: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #2688: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2689: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2690: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #2691: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2692: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2693: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #2694: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2695: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2696: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #2697: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2698: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2699: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #2700: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2701: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2702: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #2703: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2704: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2705: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #2706: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2707: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2708: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #2709: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2710: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2711: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #2712: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2713: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2714: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #2715: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2716: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2717: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #2718: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2719: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2720: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #2721: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2722: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2723: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #2724: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2725: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2726: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #2727: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2728: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2729: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #2730: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2731: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2732: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #2733: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2734: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2735: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #2736: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2737: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2738: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #2739: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2740: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2741: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #2742: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2743: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2744: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #2745: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2746: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2747: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #2748: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2749: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2750: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #2751: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2752: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2753: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #2754: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2755: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2756: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #2757: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2758: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2759: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #2760: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2761: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2762: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #2763: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2764: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2765: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #2766: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2767: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2768: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #2769: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2770: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2771: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #2772: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2773: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2774: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #2775: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2776: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2777: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #2778: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2779: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2780: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #2781: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2782: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #2783: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #2784: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #2785: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #2786: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #2787: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #2788: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #2789: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #2790: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #2791: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #2792: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2793: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #2794: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2795: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #2796: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Mon May 18 16:41:02 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 16:41:02 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2797: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 04:87:92:bd:6c:25:e3:74:57:92:71:01:72:fb:4b:c5 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2798: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2799: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2800: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2801: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ba:25:97:2c:22:31:a6:d9:5f:63:b9:bc:ae:7c:c0:65 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 20:36:18 2015 Not After : Mon May 18 20:36:18 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:97:f2:6d:97:8d:7f:8b:5d:0d:fc:0d:a2:71:bb: 70:3a:6f:80:21:e4:d9:95:4d:84:ad:42:80:e2:fc:37: fa:13:52:89:9e:2a:87:f5:c7:b3:a2:ac:dd:12:66:aa: 2c:b6:33:47:14:d7:86:2e:0d:fd:96:46:ba:60:46:a7: 48:1f:44:01:ea:1c:74:d5:c8:d7:5a:23:a2:5a:4e:dc: 3b:04:67:d3:cb:21:fb:7d:8c:6e:10:a5:96:34:48:94: d7:f5:92:d2:1f:b9:cc:1e:23:0e:75:37:f4:4c:cc:c0: e3:57:fc:17:4b:e9:16:64:46:12:81:10:bd:50:15:f6: 88:9c:9d:52:45 Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:37:9d:ce:26:8f:84:06:ec:6b:16: b0:61:b5:4b:48:2f:b6:87:b8:35:e0:7b:9f:8c:f7:1e: 70:09:17:70:4f:5c:ca:f8:03:44:99:de:29:72:58:5b: b6:d2:dc:78:47:c4:af:8e:80:4c:3f:bb:d1:cd:28:28: 1b:79:f9:84:71:91:5f:02:42:01:d5:05:ea:01:18:72: 03:4d:a3:5f:6a:fc:15:88:ea:3f:30:c3:21:fc:06:3c: b3:2a:3a:a1:7b:8b:af:10:92:8a:bc:66:3d:56:56:a7: 2a:c7:eb:e8:0d:2f:31:2d:3e:bb:75:ec:a2:b5:0e:39: 71:fa:d0:e0:5f:5e:d2:d7:2a:59:76 Fingerprint (SHA-256): 11:0B:EC:2F:50:0D:8E:94:11:60:61:66:B8:6C:3A:61:92:E9:74:BC:D4:32:54:B8:7E:56:05:FF:16:10:36:C1 Fingerprint (SHA1): BD:9F:FB:02:EA:79:9F:9A:6D:6F:9A:01:B8:10:50:20:0B:CE:90:C8 Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 20:37:19 2015 Not After : Mon May 18 20:37:19 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:a0:3f:0d:83:ac:5f:b3:b8:2b:92:af:21:6b:a6:af: 01:64:9c:eb:b8:3a:0a:27:8c:f6:e1:33:f5:e7:19:cc: 87:ed:fc:37:59:e0:07:33:b8:1a:e2:bb:1b:74:de:6e: d4:e7:6e:f1:0e:5c:b4:46:ff:5d:03:9f:ff:b3:9d:2c: 66:2e:81:4c:7b:f4:07:e0:24:c2:0f:91:9b:fc:34:b4: 45:8b:e3:7f:9d:8f:89:ef:cf:fe:10:92:70:88:f0:f7: 2d Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:01:48:00:6a:01:63:58:b1:71:d9: 57:33:d8:37:e2:f8:76:8a:64:d5:3d:70:ed:0a:c0:24: 47:7f:dc:39:67:b7:fd:81:4b:20:59:6f:c5:32:1b:ea: 09:99:3b:f1:f8:68:bf:e1:5f:72:08:6d:eb:ed:ea:fb: 4d:5a:84:cd:f5:a3:ef:02:42:01:ad:83:87:4c:00:86: 1f:7a:28:b6:81:ea:b9:fe:76:02:27:b1:3f:20:2e:8a: 9b:ec:71:ce:d6:ce:3c:16:f8:54:7e:8f:78:c9:b5:bd: cd:3a:0a:ea:e2:3c:7f:9b:69:fe:30:30:14:78:f3:d2: b2:f4:6e:c3:f7:34:59:ae:94:21:9f Fingerprint (SHA-256): 45:DE:19:C8:85:9A:20:B1:24:56:DE:AB:07:13:97:19:2C:6D:EE:D2:4A:28:D8:0B:F3:C3:61:A7:50:70:AF:AA Fingerprint (SHA1): 9C:40:6F:88:FC:D0:33:01:0B:EC:CB:ED:51:04:83:B2:C9:09:A3:9C Friendly Name: Alice-ec tools.sh: #2802: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2803: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 09:d1:91:2e:0e:ec:03:a1:70:60:9a:f9:7b:8c:7c:d9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2804: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2805: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2806: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 86:df:e8:0f:db:14:cf:f4:63:05:7b:bd:a1:c6:fa:35 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2807: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2808: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2809: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: e4:c3:6e:08:50:4a:1a:10:fd:dd:69:48:eb:64:12:1c Iteration Count: 2000 (0x7d0) tools.sh: #2810: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2811: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2812: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 2b:93:f5:73:ca:53:cc:9c:b3:b9:cb:71:29:8e:fb:6a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2813: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2814: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2815: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ae:6f:6f:c5:40:1e:51:d5:55:57:87:2f:6d:4f:20:b1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2816: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2817: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2818: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ea:b7:9d:ca:12:27:1e:44:16:48:f2:bf:e3:49:81:f2 Iteration Count: 2000 (0x7d0) tools.sh: #2819: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2820: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2821: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 13:89:df:61:72:ff:2e:03:1f:57:a9:d5:ef:0d:bf:bb Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:cc:e8:26:21:e5:ef:7b:a5:13:f6:a0:78:bd:68: ec:d9 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2822: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2823: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2824: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: cc:51:31:80:6d:61:f9:f5:01:c9:26:95:67:13:43:b1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:28:e1:c5:ed:89:87:67:ed:99:ec:ea:f1:48:48: 1c:32 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2825: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2826: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2827: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 33:2a:20:d4:98:1f:0f:f3:de:b0:d0:7d:d3:1f:88:44 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:63:70:6e:54:54:29:e5:de:7b:d7:09:6d:b3:25: 81:ba tools.sh: #2828: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2829: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2830: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 8a:2d:26:92:5e:8d:6f:5f:28:58:fa:fa:73:4d:2a:c0 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:44:2a:af:83:df:0c:0b:43:f7:9b:dc:07:f6:7c: 9d:dc Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2831: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2832: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2833: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 73:19:55:c3:b6:1b:b4:8b:ba:10:58:61:35:33:e7:bb Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:e0:33:cc:37:33:62:4a:37:29:d0:cd:e8:84:a8: 38:ac Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2834: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2835: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2836: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 00:a2:e8:ad:e9:76:51:eb:28:1e:46:43:3a:58:a6:d1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:50:37:2f:b1:76:bf:2d:e8:68:82:86:61:a9:54: 24:dc tools.sh: #2837: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2838: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2839: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c7:9f:23:d8:ff:52:95:4a:bd:10:81:dd:13:12:7f:30 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:0c:6d:b2:e3:57:0c:38:8d:c1:7a:2b:dc:4d:b8: 20:18 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2840: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2841: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2842: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 19:b5:20:9f:d9:6b:36:68:bd:3a:4d:60:4e:88:97:23 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:1f:28:91:3d:62:86:9b:91:2b:8f:4e:30:a1:c6: 66:5f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2843: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2844: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2845: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: e3:06:8a:5c:03:e5:1b:61:59:a5:9a:32:d3:ad:37:d9 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:82:91:75:04:04:14:5d:1f:29:26:6a:6f:d2:f3: bb:b4 tools.sh: #2846: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2847: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2848: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: f7:d8:73:b1:bc:81:0f:65:a0:fa:b9:ef:44:e4:08:44 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:3f:9a:43:f5:28:2a:f3:d3:db:07:9f:6c:16:ae: c0:94 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2849: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2850: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2851: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 04:4a:b1:f2:04:40:60:80:37:4b:de:db:48:1e:62:a4 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:80:5b:d3:22:50:99:bc:35:87:48:58:2e:e5:4a: d0:53 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2852: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2853: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2854: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: d9:39:77:6b:b4:88:ff:d3:72:0f:a7:fb:bd:34:4b:08 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:d9:eb:10:b7:35:e4:40:71:8d:17:51:2b:ab:8e: 0d:3a tools.sh: #2855: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2856: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2857: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 76:64:4f:c7:d2:f8:7d:c9:0c:75:40:12:bf:ae:d1:a2 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:32:e5:13:00:83:eb:a6:5a:5e:97:69:9d:04:88: ae:d4 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2858: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2859: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2860: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 85:db:24:d0:ab:c3:b4:f3:95:86:a4:f1:96:de:66:4e Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:59:5b:82:2a:95:7e:64:43:dc:0e:2b:77:f4:db: e2:52 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2861: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2862: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2863: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 28:48:61:88:cc:bf:f6:d5:02:65:e4:48:a2:dd:99:ea Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:53:e5:b9:b1:cd:43:25:00:33:12:3a:1a:07:1e: 25:62 tools.sh: #2864: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2865: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2866: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 76:c2:25:33:87:ab:9b:bd:e2:88:38:af:29:e8:18:92 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:bb:ce:77:c7:22:e0:3c:79:c7:93:4c:5e:e5:f7: eb:6d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2867: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2868: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2869: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 6d:a7:9d:0a:dc:90:64:d5:35:35:5d:04:52:61:73:7b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:9f:aa:68:bb:ed:67:c2:23:c6:63:78:ce:8d:2b: 10:53 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2870: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2871: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2872: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 32:93:58:40:32:ea:5b:f4:da:eb:75:6e:e1:e4:f2:e4 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:21:e2:01:43:3a:45:f7:b8:53:39:e4:79:3a:9d: f8:2b tools.sh: #2873: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2874: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2875: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 42:e9:9f:c1:71:4d:dc:be:1a:4e:38:35:f7:78:d7:8e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2876: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2877: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2878: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 52:d0:f9:7c:58:a5:51:4b:88:e2:b7:15:79:cf:00:e9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2879: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2880: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2881: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 4e:20:0f:98:00:58:97:ea:36:27:15:c6:1c:f5:0d:b1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2882: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2883: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2884: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: da:bb:d6:c4:a6:e4:e0:67:90:0f:d3:f0:a4:f4:5a:93 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2885: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2886: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2887: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 22:1a:6b:97:1e:90:89:a3:62:0b:f4:17:44:46:49:17 Iteration Count: 2000 (0x7d0) tools.sh: #2888: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2889: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2890: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: ab:b6:aa:c3:63:9d:b0:ae:6f:d6:79:d4:5b:3d:6e:fb Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2891: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2892: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2893: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 12:a4:42:52:70:37:52:1e:02:82:09:00:80:c5:70:c4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2894: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2895: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2896: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 2d:58:c3:54:39:86:b6:9f:e7:f4:e4:dd:2a:44:d3:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2897: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2898: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2899: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 66:33:82:34:3d:50:a1:f8:8f:9e:3f:cd:a6:97:a3:d0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2900: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2901: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2902: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 22:b6:ec:e8:58:18:f4:8e:62:61:33:00:3e:5b:7f:63 Iteration Count: 2000 (0x7d0) tools.sh: #2903: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2904: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2905: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: d1:90:25:77:38:db:0e:f8:9f:73:be:88:c0:94:5b:80 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2906: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2907: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2908: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 41:12:11:2e:92:34:8c:ba:f5:c4:48:67:fc:11:7a:9f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2909: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2910: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2911: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: e8:bb:75:7f:02:18:b4:fd:6e:a1:35:fc:04:76:73:6f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2912: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2913: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2914: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 14:a1:33:b5:18:96:e7:e4:32:d1:b3:a2:d8:7b:4c:2c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2915: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2916: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2917: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 91:1e:90:86:32:7a:b3:d1:c1:ce:96:f2:a1:37:1b:83 Iteration Count: 2000 (0x7d0) tools.sh: #2918: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2919: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2920: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: af:0b:95:89:02:c9:99:d2:14:95:6d:30:6a:59:73:12 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2921: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2922: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2923: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 48:54:bb:ee:1b:d7:77:9d:37:f3:25:30:86:9a:5d:1e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2924: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2925: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2926: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 48:0c:2a:a7:50:c1:fb:c9:3f:7b:1e:4d:92:aa:2f:97 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2927: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2928: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2929: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 5c:7b:96:b5:c2:7e:44:56:4c:bd:2c:a7:ef:04:62:9c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2930: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2931: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2932: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 38:08:31:b4:a6:a2:1a:7e:7b:fc:42:10:12:ce:da:b6 Iteration Count: 2000 (0x7d0) tools.sh: #2933: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2934: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2935: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3e:1d:03:af:83:e4:7c:22:ba:f0:04:71:1b:b1:2e:7f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2936: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2937: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2938: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 33:19:81:03:c1:2c:2a:b3:ed:73:0b:47:23:65:08:71 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2939: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2940: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2941: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: aa:e8:35:89:36:18:6b:a1:4c:3d:0e:60:a7:00:58:24 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2942: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2943: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2944: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: bb:a6:dc:0a:b5:d0:c4:37:ee:9d:db:0e:58:de:15:01 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2945: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2946: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2947: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: af:45:0e:5f:9a:70:3c:74:f4:6e:0e:75:fc:48:96:b8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2948: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2949: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2950: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ae:c8:5c:68:61:0f:6a:26:54:34:7b:b5:eb:0a:03:12 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2951: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2952: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2953: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d4:64:c8:17:ca:53:68:16:8f:8a:52:1b:f0:c2:d7:cd Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2954: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2955: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2956: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d7:f8:83:57:9f:12:89:ae:bf:68:f3:3f:69:40:df:8a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2957: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2958: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2959: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: da:b0:37:99:4e:2d:a2:60:92:fb:15:a3:c9:57:a3:43 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2960: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2961: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2962: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: dd:20:f7:af:60:ac:c8:70:1b:f5:02:09:38:57:4e:f9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:36:02 2015 Not After : Mon May 18 20:36:02 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:2c:3b:f3:73:f5:55:ec:72:ad:bc:11:96:af:25:25: 35:45:86:91:d8:bb:8c:1d:5f:b9:d2:04:e4:50:5b:18: 5d:d7:2e:e2:29:82:1f:a6:60:e6:b0:1a:75:4e:d5:cf: 32:29:33:32:30:2b:8f:28:3b:58:59:d0:64:df:a9:fc: ac:50:9c:e9:98:9a:57:4d:cf:e0:1c:4a:9b:d1:a6:e6: 26:11:b4:95:2a:cb:c9:f8:3b:cc:7e:cf:da:2e:b5:3d: c9:5b:33:12:72:6e:28:a7:b0:eb:9f:32:3f:a9:8d:e2: e0:2d:a6:2b:9c:22:cc:da:5c:ce:f4:af:29:0a:b4:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:6b:d0:9f:9b:cd:80:13:11:49:8b:8e:f4:5d:05:11: b4:5e:94:01:b8:97:58:1f:2a:67:a4:80:3f:ee:2b:d0: c1:83:0f:3b:58:df:03:e9:84:76:a2:e7:9c:db:49:f7: 2b:78:4c:b6:55:e4:c0:a6:e8:47:d4:a5:68:01:d6:b3: a8:65:23:7d:4e:5c:01:91:e4:42:40:cc:c6:a2:c7:80: 57:1b:0e:d0:2f:58:8f:b9:d5:b6:e9:9b:17:76:d2:04: 51:4e:d2:4b:24:84:58:83:ce:b4:1a:ce:ab:c5:f6:c4: 8b:6a:07:62:7a:f3:e2:1f:86:8c:cb:91:ee:b0:dd:d1 Fingerprint (SHA-256): 9B:4F:1D:B6:DE:DD:42:72:F7:70:8A:C7:D2:21:65:91:31:F5:91:0A:97:BE:EF:21:B8:DC:4B:F4:58:57:9F:90 Fingerprint (SHA1): B9:30:2F:46:08:83:8A:CF:89:F4:A4:C7:21:7A:CF:11:97:16:60:CF Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 20:37:17 2015 Not After : Mon May 18 20:37:17 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:8e:e9:4b:8b:27:ba:66:f5:b5:f7:ba:d8:40:f6:79: 27:51:0f:d0:45:f9:ec:4f:59:13:b8:d6:63:55:92:ac: fa:f6:02:ce:cd:ea:a2:e3:89:7f:d9:70:92:e4:57:c9: ae:46:5b:1c:1f:37:a3:1e:d5:76:49:ed:c5:b0:6e:93: 62:26:59:99:93:8c:ed:73:96:91:74:bb:43:87:70:ff: f5:c8:a4:05:c7:77:7c:8e:cd:80:58:1d:2a:54:d6:9e: 27:8e:e2:f1:1a:2e:fa:d9:27:13:7c:4b:3b:cd:46:59: 72:44:3a:ed:60:68:14:c3:6e:5c:d1:ea:d0:bd:99:47 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:0b:fc:58:62:62:22:b9:17:b4:a9:1b:da:0d:56:ba: 99:19:87:d2:33:26:3a:b4:ca:e1:01:1d:48:64:af:14: 70:d2:6e:a9:53:07:57:9a:7d:19:5a:cb:69:14:e8:44: 0e:6f:ac:e8:a0:e5:3f:0b:0e:3f:8e:b7:81:da:ce:d1: ce:e4:96:31:c3:9c:dc:0f:a9:e8:df:ef:fe:c5:58:b2: 6d:c7:5a:59:ee:3f:89:07:a1:63:22:c4:76:56:e0:9f: 88:b5:96:fd:c8:11:0e:6e:6f:c0:e0:b8:a8:8f:c0:f4: 0d:b2:dd:94:18:20:02:0d:45:62:9d:1d:6c:f4:6f:de Fingerprint (SHA-256): 15:C2:B9:47:22:F3:B7:FC:9F:5A:C4:98:60:4B:6E:33:59:BA:AE:85:CD:58:13:85:36:60:5B:87:9E:EA:AF:D6 Fingerprint (SHA1): D0:68:5C:F4:45:50:EF:1C:13:F8:5B:29:8D:AE:76:35:CC:41:88:8D Friendly Name: Alice tools.sh: #2963: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2964: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #2965: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2966: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #2967: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%) tree "../tools/html" signed successfully tools.sh: #2968: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2969: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2970: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 32%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #2971: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2972: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2973: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 16:42:34 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 16:42:34 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #2974: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2975: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 64e523f4b3160c6ca9d0ffdac486e65e95c058f6 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #2976: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #2977: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #2978: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #2979: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #2980: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2981: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #2982: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2983: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #2984: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2985: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2986: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 64e523f4b3160c6ca9d0ffdac486e65e95c058f6 FIPS_PUB_140_Test_Certificate fips.sh: #2987: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #2988: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2989: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2990: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2991: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 64e523f4b3160c6ca9d0ffdac486e65e95c058f6 FIPS_PUB_140_Test_Certificate fips.sh: #2992: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #2993: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #2994: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle dbtest -r -d ../fips fips.sh: #2995: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 16:43:30 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 16:43:30 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 16:43:30 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Mon May 18 16:43:30 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Mon May 18 16:43:30 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Mon May 18 16:43:30 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Mon May 18 16:43:30 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Mon May 18 16:43:30 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #2996: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164331 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2997: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #2998: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #2999: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #3000: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3001: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3002: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3003: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3004: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #3005: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3006: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3007: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3008: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3009: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #3010: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3011: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3012: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3013: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3014: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #3015: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3016: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3017: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3018: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #3019: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3020: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3021: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3022: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #3023: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3024: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3025: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3026: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #3027: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3028: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3029: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3030: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #3031: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3032: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3033: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3034: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #3035: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3036: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3037: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3038: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #3039: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3040: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3041: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3042: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #3043: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3044: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3045: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3046: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #3047: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3048: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3049: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3050: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #3051: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3052: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9568/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3053: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3054: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #3055: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3056: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9569 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3057: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3058: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518204417Z nextupdate=20160518204417Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 20:44:17 2015 Next Update: Wed May 18 20:44:17 2016 CRL Extensions: chains.sh: #3059: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518204418Z addcert 2 20150518204418Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 20:44:18 2015 Next Update: Wed May 18 20:44:17 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:18 2015 CRL Extensions: chains.sh: #3060: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518204419Z nextupdate=20160518204419Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:44:19 2015 Next Update: Wed May 18 20:44:19 2016 CRL Extensions: chains.sh: #3061: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518204420Z addcert 2 20150518204420Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:44:20 2015 Next Update: Wed May 18 20:44:19 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:20 2015 CRL Extensions: chains.sh: #3062: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518204421Z addcert 4 20150518204421Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 20:44:21 2015 Next Update: Wed May 18 20:44:19 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:20 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Mon May 18 20:44:21 2015 CRL Extensions: chains.sh: #3063: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518204422Z nextupdate=20160518204422Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:44:22 2015 Next Update: Wed May 18 20:44:22 2016 CRL Extensions: chains.sh: #3064: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518204423Z addcert 2 20150518204423Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:44:23 2015 Next Update: Wed May 18 20:44:22 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:23 2015 CRL Extensions: chains.sh: #3065: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518204424Z addcert 3 20150518204424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 20:44:24 2015 Next Update: Wed May 18 20:44:22 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:23 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 20:44:24 2015 CRL Extensions: chains.sh: #3066: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518204424Z nextupdate=20160518204424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:44:24 2015 Next Update: Wed May 18 20:44:24 2016 CRL Extensions: chains.sh: #3067: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518204425Z addcert 2 20150518204425Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:44:25 2015 Next Update: Wed May 18 20:44:24 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:25 2015 CRL Extensions: chains.sh: #3068: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518204426Z addcert 3 20150518204426Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 20:44:26 2015 Next Update: Wed May 18 20:44:24 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 20:44:25 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 20:44:26 2015 CRL Extensions: chains.sh: #3069: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #3070: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #3071: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #3072: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3073: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3074: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3075: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3076: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #3077: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #3078: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #3079: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #3080: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #3081: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #3082: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #3083: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #3084: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #3085: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #3086: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #3087: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #3088: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #3089: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #3090: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #3091: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #3092: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #3093: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Mon May 18 16:44:40 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:44:40 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:44:46 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3094: Waiting for Server - FAILED kill -0 27643 >/dev/null 2>/dev/null httpserv with PID 27643 found at Mon May 18 16:44:46 EDT 2015 httpserv with PID 27643 started at Mon May 18 16:44:46 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9568 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3095: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 27643 at Mon May 18 16:44:47 EDT 2015 kill -USR1 27643 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 27643 killed at Mon May 18 16:44:48 EDT 2015 httpserv starting at Mon May 18 16:44:48 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:44:48 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:44:53 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3096: Waiting for Server - FAILED kill -0 27728 >/dev/null 2>/dev/null httpserv with PID 27728 found at Mon May 18 16:44:54 EDT 2015 httpserv with PID 27728 started at Mon May 18 16:44:54 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9568 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3097: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 27728 at Mon May 18 16:44:55 EDT 2015 kill -USR1 27728 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 27728 killed at Mon May 18 16:44:56 EDT 2015 httpserv starting at Mon May 18 16:44:56 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:44:56 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:45:01 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3098: Waiting for Server - FAILED kill -0 27815 >/dev/null 2>/dev/null httpserv with PID 27815 found at Mon May 18 16:45:01 EDT 2015 httpserv with PID 27815 started at Mon May 18 16:45:02 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3099: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164332 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3100: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3101: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3102: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164333 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3103: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3104: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3105: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3106: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518164334 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3107: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3108: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518164335 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3109: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3110: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3111: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3112: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3113: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518164336 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3114: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3115: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3116: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3117: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3118: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164333 (0x1ee28f6d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:45:07 2015 Not After : Mon May 18 20:45:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:05:7a:54:32:3c:3d:5a:59:15:eb:33:60:58:ba:2e: 01:e7:65:f0:69:bd:85:6c:aa:fc:e6:37:cb:cd:f4:3c: cb:ce:31:f3:f5:2d:92:74:94:d5:6d:86:d2:72:5a:6a: 66:de:6f:47:8c:c3:cd:26:2b:84:b4:ac:62:f1:e8:55: 8b:35:fc:e1:41:b3:5e:8e:67:71:ae:4b:90:36:cc:52: dc:f8:d9:a6:f1:02:a1:24:77:21:3c:36:f5:d1:6c:e2: 5f:9a:08:df:d7:09:ee:82:54:63:53:c2:03:38:4a:02: ba:ed:78:b2:60:27:d1:28:4f:ac:bd:bc:19:3f:4e:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:b8:ef:52:e0:da:9b:be:93:c1:fd:6a:75:9f:f8:72: fc:f2:0a:f5:38:a0:e3:9a:1d:f4:94:32:fb:72:ba:0e: 60:2d:75:88:3a:cf:ca:81:4a:48:ea:59:c4:63:50:73: 64:86:e2:0d:27:21:6b:2d:19:1d:e4:29:be:82:06:3f: 3d:3e:ff:72:e8:44:da:b6:35:cc:7a:fe:87:10:9a:c4: aa:b3:0f:17:f0:04:40:bc:e8:b5:bd:2b:9e:0f:69:37: 78:25:b4:94:a2:82:fc:20:82:86:31:32:88:e5:ee:72: ee:9c:0a:19:ba:b1:65:a1:c1:93:bc:30:36:33:a7:2f Fingerprint (SHA-256): 98:D9:00:CA:C0:BE:AB:81:C9:33:D1:B8:80:FF:52:3F:36:24:04:A7:BF:2B:68:4E:DA:E1:DC:79:5C:09:7C:91 Fingerprint (SHA1): 10:49:72:2C:14:8F:40:5E:92:12:02:3B:8E:22:05:BE:E8:C0:AF:25 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3119: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164332 (0x1ee28f6c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:45:05 2015 Not After : Mon May 18 20:45:05 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:40:83:15:53:49:14:2d:59:cd:6b:ac:f6:53:58:f7: 89:bd:6c:72:e0:08:d1:f9:6c:d5:32:bd:32:7d:93:34: 41:9c:be:4e:41:15:59:f9:f8:39:bc:3a:39:72:57:e1: 3c:aa:d5:6c:95:2a:95:0e:07:5a:af:6f:28:6f:1b:66: 6e:c0:a7:db:e4:fc:a6:2a:c2:09:cd:1a:18:56:a8:07: c5:ee:1a:c6:66:c4:44:15:54:31:2f:81:b7:bd:24:b7: 41:3f:13:b2:a6:0f:38:6b:e8:bc:5e:4d:33:55:80:e4: f4:63:23:fc:6c:0c:dc:0d:b5:b3:ae:68:a2:40:6a:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:e4:98:69:60:11:0c:64:33:3c:e1:ba:ad:97:ef:60: 75:4d:64:b4:f5:bd:2c:72:24:bf:6f:72:0b:9f:ff:ff: 84:d4:53:c3:2f:32:dd:c6:91:9d:eb:a7:a0:00:f7:de: be:63:b7:23:14:a0:ee:42:f2:4f:45:cd:56:e5:52:1b: 04:07:3a:fc:97:86:9a:6f:a3:1e:bd:61:16:8f:80:6d: d0:5b:74:e5:40:ad:3b:1f:5c:6f:fe:56:86:c9:59:6f: cd:11:31:be:e8:9e:0a:b0:3e:11:13:74:18:6e:13:43: 45:c7:16:2d:09:91:82:1b:67:a3:d8:15:c2:83:01:54 Fingerprint (SHA-256): 1C:36:A6:24:59:DF:9B:87:19:87:79:93:0C:C3:38:C6:B6:89:FF:33:B7:E6:B7:29:C5:77:83:2D:4D:1E:EC:96 Fingerprint (SHA1): 80:09:3C:A5:53:03:9A:A3:15:EB:AA:97:A4:4C:4D:74:7F:08:83:50 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3120: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3121: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3122: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3123: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164332 (0x1ee28f6c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:45:05 2015 Not After : Mon May 18 20:45:05 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:40:83:15:53:49:14:2d:59:cd:6b:ac:f6:53:58:f7: 89:bd:6c:72:e0:08:d1:f9:6c:d5:32:bd:32:7d:93:34: 41:9c:be:4e:41:15:59:f9:f8:39:bc:3a:39:72:57:e1: 3c:aa:d5:6c:95:2a:95:0e:07:5a:af:6f:28:6f:1b:66: 6e:c0:a7:db:e4:fc:a6:2a:c2:09:cd:1a:18:56:a8:07: c5:ee:1a:c6:66:c4:44:15:54:31:2f:81:b7:bd:24:b7: 41:3f:13:b2:a6:0f:38:6b:e8:bc:5e:4d:33:55:80:e4: f4:63:23:fc:6c:0c:dc:0d:b5:b3:ae:68:a2:40:6a:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:e4:98:69:60:11:0c:64:33:3c:e1:ba:ad:97:ef:60: 75:4d:64:b4:f5:bd:2c:72:24:bf:6f:72:0b:9f:ff:ff: 84:d4:53:c3:2f:32:dd:c6:91:9d:eb:a7:a0:00:f7:de: be:63:b7:23:14:a0:ee:42:f2:4f:45:cd:56:e5:52:1b: 04:07:3a:fc:97:86:9a:6f:a3:1e:bd:61:16:8f:80:6d: d0:5b:74:e5:40:ad:3b:1f:5c:6f:fe:56:86:c9:59:6f: cd:11:31:be:e8:9e:0a:b0:3e:11:13:74:18:6e:13:43: 45:c7:16:2d:09:91:82:1b:67:a3:d8:15:c2:83:01:54 Fingerprint (SHA-256): 1C:36:A6:24:59:DF:9B:87:19:87:79:93:0C:C3:38:C6:B6:89:FF:33:B7:E6:B7:29:C5:77:83:2D:4D:1E:EC:96 Fingerprint (SHA1): 80:09:3C:A5:53:03:9A:A3:15:EB:AA:97:A4:4C:4D:74:7F:08:83:50 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3124: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164333 (0x1ee28f6d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:45:07 2015 Not After : Mon May 18 20:45:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:05:7a:54:32:3c:3d:5a:59:15:eb:33:60:58:ba:2e: 01:e7:65:f0:69:bd:85:6c:aa:fc:e6:37:cb:cd:f4:3c: cb:ce:31:f3:f5:2d:92:74:94:d5:6d:86:d2:72:5a:6a: 66:de:6f:47:8c:c3:cd:26:2b:84:b4:ac:62:f1:e8:55: 8b:35:fc:e1:41:b3:5e:8e:67:71:ae:4b:90:36:cc:52: dc:f8:d9:a6:f1:02:a1:24:77:21:3c:36:f5:d1:6c:e2: 5f:9a:08:df:d7:09:ee:82:54:63:53:c2:03:38:4a:02: ba:ed:78:b2:60:27:d1:28:4f:ac:bd:bc:19:3f:4e:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:b8:ef:52:e0:da:9b:be:93:c1:fd:6a:75:9f:f8:72: fc:f2:0a:f5:38:a0:e3:9a:1d:f4:94:32:fb:72:ba:0e: 60:2d:75:88:3a:cf:ca:81:4a:48:ea:59:c4:63:50:73: 64:86:e2:0d:27:21:6b:2d:19:1d:e4:29:be:82:06:3f: 3d:3e:ff:72:e8:44:da:b6:35:cc:7a:fe:87:10:9a:c4: aa:b3:0f:17:f0:04:40:bc:e8:b5:bd:2b:9e:0f:69:37: 78:25:b4:94:a2:82:fc:20:82:86:31:32:88:e5:ee:72: ee:9c:0a:19:ba:b1:65:a1:c1:93:bc:30:36:33:a7:2f Fingerprint (SHA-256): 98:D9:00:CA:C0:BE:AB:81:C9:33:D1:B8:80:FF:52:3F:36:24:04:A7:BF:2B:68:4E:DA:E1:DC:79:5C:09:7C:91 Fingerprint (SHA1): 10:49:72:2C:14:8F:40:5E:92:12:02:3B:8E:22:05:BE:E8:C0:AF:25 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3125: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3126: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3127: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3128: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3129: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3130: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164333 (0x1ee28f6d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:45:07 2015 Not After : Mon May 18 20:45:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:05:7a:54:32:3c:3d:5a:59:15:eb:33:60:58:ba:2e: 01:e7:65:f0:69:bd:85:6c:aa:fc:e6:37:cb:cd:f4:3c: cb:ce:31:f3:f5:2d:92:74:94:d5:6d:86:d2:72:5a:6a: 66:de:6f:47:8c:c3:cd:26:2b:84:b4:ac:62:f1:e8:55: 8b:35:fc:e1:41:b3:5e:8e:67:71:ae:4b:90:36:cc:52: dc:f8:d9:a6:f1:02:a1:24:77:21:3c:36:f5:d1:6c:e2: 5f:9a:08:df:d7:09:ee:82:54:63:53:c2:03:38:4a:02: ba:ed:78:b2:60:27:d1:28:4f:ac:bd:bc:19:3f:4e:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:b8:ef:52:e0:da:9b:be:93:c1:fd:6a:75:9f:f8:72: fc:f2:0a:f5:38:a0:e3:9a:1d:f4:94:32:fb:72:ba:0e: 60:2d:75:88:3a:cf:ca:81:4a:48:ea:59:c4:63:50:73: 64:86:e2:0d:27:21:6b:2d:19:1d:e4:29:be:82:06:3f: 3d:3e:ff:72:e8:44:da:b6:35:cc:7a:fe:87:10:9a:c4: aa:b3:0f:17:f0:04:40:bc:e8:b5:bd:2b:9e:0f:69:37: 78:25:b4:94:a2:82:fc:20:82:86:31:32:88:e5:ee:72: ee:9c:0a:19:ba:b1:65:a1:c1:93:bc:30:36:33:a7:2f Fingerprint (SHA-256): 98:D9:00:CA:C0:BE:AB:81:C9:33:D1:B8:80:FF:52:3F:36:24:04:A7:BF:2B:68:4E:DA:E1:DC:79:5C:09:7C:91 Fingerprint (SHA1): 10:49:72:2C:14:8F:40:5E:92:12:02:3B:8E:22:05:BE:E8:C0:AF:25 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3131: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164333 (0x1ee28f6d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:45:07 2015 Not After : Mon May 18 20:45:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:05:7a:54:32:3c:3d:5a:59:15:eb:33:60:58:ba:2e: 01:e7:65:f0:69:bd:85:6c:aa:fc:e6:37:cb:cd:f4:3c: cb:ce:31:f3:f5:2d:92:74:94:d5:6d:86:d2:72:5a:6a: 66:de:6f:47:8c:c3:cd:26:2b:84:b4:ac:62:f1:e8:55: 8b:35:fc:e1:41:b3:5e:8e:67:71:ae:4b:90:36:cc:52: dc:f8:d9:a6:f1:02:a1:24:77:21:3c:36:f5:d1:6c:e2: 5f:9a:08:df:d7:09:ee:82:54:63:53:c2:03:38:4a:02: ba:ed:78:b2:60:27:d1:28:4f:ac:bd:bc:19:3f:4e:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:b8:ef:52:e0:da:9b:be:93:c1:fd:6a:75:9f:f8:72: fc:f2:0a:f5:38:a0:e3:9a:1d:f4:94:32:fb:72:ba:0e: 60:2d:75:88:3a:cf:ca:81:4a:48:ea:59:c4:63:50:73: 64:86:e2:0d:27:21:6b:2d:19:1d:e4:29:be:82:06:3f: 3d:3e:ff:72:e8:44:da:b6:35:cc:7a:fe:87:10:9a:c4: aa:b3:0f:17:f0:04:40:bc:e8:b5:bd:2b:9e:0f:69:37: 78:25:b4:94:a2:82:fc:20:82:86:31:32:88:e5:ee:72: ee:9c:0a:19:ba:b1:65:a1:c1:93:bc:30:36:33:a7:2f Fingerprint (SHA-256): 98:D9:00:CA:C0:BE:AB:81:C9:33:D1:B8:80:FF:52:3F:36:24:04:A7:BF:2B:68:4E:DA:E1:DC:79:5C:09:7C:91 Fingerprint (SHA1): 10:49:72:2C:14:8F:40:5E:92:12:02:3B:8E:22:05:BE:E8:C0:AF:25 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3132: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3133: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3134: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3135: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3136: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3137: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164332 (0x1ee28f6c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:45:05 2015 Not After : Mon May 18 20:45:05 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:40:83:15:53:49:14:2d:59:cd:6b:ac:f6:53:58:f7: 89:bd:6c:72:e0:08:d1:f9:6c:d5:32:bd:32:7d:93:34: 41:9c:be:4e:41:15:59:f9:f8:39:bc:3a:39:72:57:e1: 3c:aa:d5:6c:95:2a:95:0e:07:5a:af:6f:28:6f:1b:66: 6e:c0:a7:db:e4:fc:a6:2a:c2:09:cd:1a:18:56:a8:07: c5:ee:1a:c6:66:c4:44:15:54:31:2f:81:b7:bd:24:b7: 41:3f:13:b2:a6:0f:38:6b:e8:bc:5e:4d:33:55:80:e4: f4:63:23:fc:6c:0c:dc:0d:b5:b3:ae:68:a2:40:6a:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:e4:98:69:60:11:0c:64:33:3c:e1:ba:ad:97:ef:60: 75:4d:64:b4:f5:bd:2c:72:24:bf:6f:72:0b:9f:ff:ff: 84:d4:53:c3:2f:32:dd:c6:91:9d:eb:a7:a0:00:f7:de: be:63:b7:23:14:a0:ee:42:f2:4f:45:cd:56:e5:52:1b: 04:07:3a:fc:97:86:9a:6f:a3:1e:bd:61:16:8f:80:6d: d0:5b:74:e5:40:ad:3b:1f:5c:6f:fe:56:86:c9:59:6f: cd:11:31:be:e8:9e:0a:b0:3e:11:13:74:18:6e:13:43: 45:c7:16:2d:09:91:82:1b:67:a3:d8:15:c2:83:01:54 Fingerprint (SHA-256): 1C:36:A6:24:59:DF:9B:87:19:87:79:93:0C:C3:38:C6:B6:89:FF:33:B7:E6:B7:29:C5:77:83:2D:4D:1E:EC:96 Fingerprint (SHA1): 80:09:3C:A5:53:03:9A:A3:15:EB:AA:97:A4:4C:4D:74:7F:08:83:50 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3138: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164332 (0x1ee28f6c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:45:05 2015 Not After : Mon May 18 20:45:05 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:40:83:15:53:49:14:2d:59:cd:6b:ac:f6:53:58:f7: 89:bd:6c:72:e0:08:d1:f9:6c:d5:32:bd:32:7d:93:34: 41:9c:be:4e:41:15:59:f9:f8:39:bc:3a:39:72:57:e1: 3c:aa:d5:6c:95:2a:95:0e:07:5a:af:6f:28:6f:1b:66: 6e:c0:a7:db:e4:fc:a6:2a:c2:09:cd:1a:18:56:a8:07: c5:ee:1a:c6:66:c4:44:15:54:31:2f:81:b7:bd:24:b7: 41:3f:13:b2:a6:0f:38:6b:e8:bc:5e:4d:33:55:80:e4: f4:63:23:fc:6c:0c:dc:0d:b5:b3:ae:68:a2:40:6a:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:e4:98:69:60:11:0c:64:33:3c:e1:ba:ad:97:ef:60: 75:4d:64:b4:f5:bd:2c:72:24:bf:6f:72:0b:9f:ff:ff: 84:d4:53:c3:2f:32:dd:c6:91:9d:eb:a7:a0:00:f7:de: be:63:b7:23:14:a0:ee:42:f2:4f:45:cd:56:e5:52:1b: 04:07:3a:fc:97:86:9a:6f:a3:1e:bd:61:16:8f:80:6d: d0:5b:74:e5:40:ad:3b:1f:5c:6f:fe:56:86:c9:59:6f: cd:11:31:be:e8:9e:0a:b0:3e:11:13:74:18:6e:13:43: 45:c7:16:2d:09:91:82:1b:67:a3:d8:15:c2:83:01:54 Fingerprint (SHA-256): 1C:36:A6:24:59:DF:9B:87:19:87:79:93:0C:C3:38:C6:B6:89:FF:33:B7:E6:B7:29:C5:77:83:2D:4D:1E:EC:96 Fingerprint (SHA1): 80:09:3C:A5:53:03:9A:A3:15:EB:AA:97:A4:4C:4D:74:7F:08:83:50 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3139: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3140: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164337 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3141: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3142: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3143: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164338 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3144: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3145: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3146: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164339 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3147: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3148: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3149: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164340 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3150: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3151: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3152: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164341 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3153: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3154: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3155: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164342 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3156: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3157: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3158: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164343 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3159: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3160: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3161: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164344 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3162: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3163: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3164: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164345 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3165: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3166: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3167: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3168: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518164346 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3169: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3170: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518164347 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3171: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3172: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518164348 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3173: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3174: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3175: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3176: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3177: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518164349 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3178: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3179: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518164350 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3180: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3181: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518164351 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3182: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3183: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3184: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3185: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3186: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518164352 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3187: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3188: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518164353 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3189: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3190: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518164354 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3191: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3192: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #3193: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #3194: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3195: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518164355 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3196: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3197: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518164356 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3198: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3199: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518164357 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3200: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3201: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #3202: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3203: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3204: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518164358 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3205: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3206: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3207: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3208: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164359 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3209: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3210: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164337 (0x1ee28f71) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 20:45:32 2015 Not After : Mon May 18 20:45:32 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:fb:ed:00:2b:5e:c2:06:cd:18:87:58:73:af:dd:e7: 03:b3:c8:e9:45:c7:09:ec:7e:52:24:d9:11:be:d6:4b: 80:8f:d6:23:9f:75:e4:9c:6e:73:46:b8:7e:5b:64:62: a1:37:8f:69:1d:14:db:31:eb:1b:3d:7c:b6:f5:3d:8a: d6:c3:91:61:3b:52:7f:b8:3c:4b:c9:9b:0c:69:01:c4: ef:43:c9:40:d6:9c:87:d9:32:12:8d:bd:04:1d:35:57: 6d:03:e8:a8:f7:ee:97:10:0b:0d:0b:fd:bb:fc:47:b7: 97:97:16:af:a0:92:f5:70:54:06:b6:db:f0:55:04:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:7b:60:fd:fc:21:0f:16:f1:32:c5:11:54:45:a1:8a: 45:6c:80:9e:63:0d:b8:48:11:34:8f:22:71:68:4b:47: 4a:aa:23:97:a8:5c:98:67:72:9d:a4:3d:36:67:0b:2a: c1:9e:59:69:f7:c4:c6:d1:a5:b5:39:48:a7:87:67:ad: 08:47:88:dd:ae:6d:f6:99:0d:86:bd:19:03:92:66:f5: fb:84:06:df:87:a2:d5:f5:b0:cf:31:e3:49:66:4d:4b: d6:48:00:0d:55:d9:56:a2:75:d4:62:53:ef:a9:fd:e4: a7:da:45:20:31:12:e5:73:7d:f4:ec:8e:61:b8:21:07 Fingerprint (SHA-256): 6F:61:0F:97:EA:AF:95:7E:D0:0A:5E:2A:CD:7E:E9:54:21:01:D1:99:B6:7C:0D:B7:0E:81:ED:9E:25:D6:DF:B4 Fingerprint (SHA1): E8:20:B1:09:F9:0E:B1:88:EF:AA:7F:08:28:C3:81:6E:43:D7:AE:71 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3211: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164338 (0x1ee28f72) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 20:45:35 2015 Not After : Mon May 18 20:45:35 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:aa:1a:41:62:2d:d1:76:e8:f8:b0:02:ea:e7:f0:49: aa:79:67:d2:11:cb:77:44:6c:71:2b:02:a3:a8:36:78: f9:d3:d1:b0:6e:12:14:1f:21:a3:89:0d:c8:e5:79:83: 86:92:2b:92:a2:a5:9b:c5:49:dc:9f:c8:28:d2:59:36: 6f:e0:01:ba:09:ec:e8:4d:f0:cd:5a:37:9b:d6:b5:3b: 54:a6:67:3b:18:83:2a:3f:80:2b:5c:c9:fa:a6:a4:ac: a8:c9:d7:d2:30:50:98:7b:64:3a:2b:66:84:42:c2:df: 1a:12:b7:53:e2:62:8a:2d:34:78:38:97:90:ff:33:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:b0:3f:a2:2f:1c:89:8d:c0:36:3b:94:2d:18:b7:6f: ca:94:43:e0:f1:ce:a1:b6:91:bf:e8:ad:16:ee:0f:42: 4a:f7:2e:22:97:04:79:ee:8d:0e:46:ef:2d:de:66:28: 53:34:a1:0a:df:d5:6c:eb:6b:83:8a:33:59:cb:8a:89: a4:fa:2b:e3:9d:02:67:ab:7e:57:2c:56:7c:e8:08:7f: 29:1b:96:25:68:73:ec:ef:b6:4f:90:04:bb:b7:c3:9c: 8c:46:5e:ad:04:2b:94:78:9c:30:7c:b7:c7:be:58:ca: ed:92:b7:53:87:46:76:a0:1f:00:dc:e0:6a:79:d0:67 Fingerprint (SHA-256): 27:13:B9:36:87:E9:57:69:18:03:14:5B:19:E6:EE:FC:4A:8F:36:2A:41:5C:FC:8D:2A:99:69:2C:EF:D4:46:2C Fingerprint (SHA1): 28:C1:6E:97:DC:BB:15:AC:35:4A:24:62:D5:CA:59:A8:A7:44:A3:18 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3212: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164339 (0x1ee28f73) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 20:45:37 2015 Not After : Mon May 18 20:45:37 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:8c:97:28:5f:07:2f:97:c1:1d:8e:d5:d0:c1:40:ce: 97:5f:bb:6a:5a:46:47:22:5e:84:3f:aa:54:63:a6:bf: 31:ce:95:89:32:5d:8e:60:28:05:98:9e:9a:1a:7f:75: 38:1c:d1:62:e0:f9:dd:e3:48:c3:5a:99:ec:7d:57:76: 5e:2e:67:e2:15:b9:81:fb:bf:8e:ad:83:a0:3e:5a:d4: da:f9:12:a5:e1:82:55:33:02:5e:17:51:7a:19:7d:6b: a0:97:0d:e3:2d:50:3f:33:88:52:e3:6b:ae:6b:4a:57: 62:60:05:15:bd:a0:9f:8f:49:ec:42:84:57:18:86:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:14:a0:b7:b5:1e:ac:1f:ad:8b:78:e1:83:25:86:d0: 6b:a6:c3:bc:21:90:bc:e4:e1:4a:12:d0:1c:4c:02:a4: a5:2c:ce:5a:c1:d0:58:a1:ad:58:6a:4c:84:20:c5:39: 3f:17:e0:b8:21:0e:ce:96:97:a2:a1:04:9e:7b:0c:f1: f9:67:a7:e4:52:00:ac:c5:d8:9a:7c:6e:d1:7d:53:4b: 26:a0:28:54:55:fb:82:4f:ab:c2:9a:23:74:1e:26:ae: 4a:c4:84:e8:26:0c:6e:8d:78:ba:43:08:dd:11:48:ab: cc:b0:a2:a3:47:fb:30:70:1e:c6:aa:89:a0:0b:c2:ff Fingerprint (SHA-256): C4:47:21:28:8C:00:45:53:89:72:0C:BA:05:53:31:18:23:75:F7:A0:C7:2E:EF:2C:19:6A:86:D4:D9:E7:38:D5 Fingerprint (SHA1): B5:99:EF:B2:02:1E:2B:35:24:D7:CC:C8:B3:33:A4:81:79:8E:F2:ED Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3213: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164340 (0x1ee28f74) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 20:45:39 2015 Not After : Mon May 18 20:45:39 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:44:d0:18:e3:44:5d:25:89:1a:7f:07:a2:06:ce:09: 89:fe:e1:ca:f8:f4:57:3b:c2:f2:0f:67:1b:e6:da:a4: 8e:14:32:c7:ef:0c:23:d3:4a:8a:a3:4c:49:6b:87:80: f9:40:d4:03:53:ac:c1:f7:b9:b6:d4:f6:82:6d:f1:06: 82:0f:0c:06:41:2c:f4:22:e0:30:32:14:3e:0b:5c:80: 73:2d:8a:41:e2:c9:33:1b:aa:18:d9:6b:b8:41:b7:9f: 38:8e:1a:be:14:ef:6a:97:7c:40:24:18:b9:08:01:95: 4c:b9:20:d8:42:e4:59:ad:90:7a:ef:56:13:67:6c:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8a:b9:09:66:1c:01:af:52:5f:13:31:a2:c4:2b:fd:2e: 90:42:b0:21:52:bf:63:8a:74:d6:25:28:21:c0:47:9b: 0d:99:7f:ba:f3:10:c0:e0:de:a7:fc:2b:54:5a:ea:32: 22:a7:4a:f1:ab:a2:a6:90:c8:0c:1f:55:63:de:f8:c9: 2a:0c:34:94:b7:bc:fe:46:76:de:60:01:d8:10:1b:d8: 8d:c5:ba:e1:e1:29:fc:f2:eb:aa:3c:84:42:e1:d4:ee: 30:26:bd:37:ce:e1:89:45:18:74:68:c8:d9:55:fc:71: a8:9e:90:4a:fe:5c:7d:ae:e0:e4:f2:e6:b7:55:4d:cd Fingerprint (SHA-256): 2D:FC:6C:C7:1E:05:B6:BE:F4:D0:E3:FB:49:8F:6F:DB:C7:E9:07:EB:F9:51:07:2A:67:C6:A5:9F:3C:30:21:A7 Fingerprint (SHA1): 81:A7:66:6C:7D:C5:55:3B:4C:C6:56:85:6D:5F:38:02:3F:CB:A1:EB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3214: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164341 (0x1ee28f75) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 20:45:42 2015 Not After : Mon May 18 20:45:42 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:ce:c5:dd:4e:58:a6:f0:35:64:af:3a:fe:36:e5:1f: b2:66:81:71:c9:31:b6:ac:d0:53:2c:3d:6d:7a:0b:32: 77:50:95:69:ae:5a:6a:42:c0:af:75:93:1a:2e:db:c1: cb:bb:45:54:af:e7:04:62:b7:ea:4e:ea:62:7c:b5:99: 0e:b0:c7:f8:45:fe:a5:70:47:f1:b7:ad:5a:9b:e0:22: 03:30:6b:ea:0b:8b:e3:ed:c5:a6:0b:ca:97:70:4a:9d: c1:0a:db:c9:9a:02:86:5c:62:73:9d:b2:b0:71:7a:ac: cc:6d:b2:ba:0b:87:08:d9:f4:04:d6:53:0b:c2:8c:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:16:bb:21:3c:e0:dc:60:ea:28:ad:5c:a7:52:5c:7d: 7e:fc:ab:16:b7:a1:66:eb:03:f8:f0:77:1e:a2:11:10: 42:f4:a1:0e:7e:5f:6c:24:d1:94:65:b1:82:71:b9:77: e3:2a:f1:11:0c:7a:62:34:82:bf:30:bd:23:83:4a:90: 65:59:98:5d:37:2c:a7:01:95:0a:f5:77:86:20:45:62: 2a:9d:48:b9:83:36:54:47:61:1d:c2:60:bd:1f:3e:56: 20:59:6c:46:73:3b:08:16:6c:cc:6f:93:b7:2b:24:8d: cb:d6:fe:9a:70:47:3e:53:5a:4b:90:7b:ca:27:7b:87 Fingerprint (SHA-256): CB:3A:DD:71:8C:B2:07:FE:3A:44:8A:57:35:19:B6:B0:A5:F5:81:C4:40:DF:43:AA:76:13:C9:AF:42:DB:45:FB Fingerprint (SHA1): AF:9A:AF:F6:71:B1:C2:3F:51:52:FF:CA:B2:C4:52:C7:3A:F6:C8:DA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3215: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164342 (0x1ee28f76) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 20:45:44 2015 Not After : Mon May 18 20:45:44 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:fa:52:1d:dd:52:6e:a0:d5:50:a8:43:37:e8:53:6e: 31:a1:16:7a:f9:3b:8c:bf:ec:e4:5f:7d:2f:0a:f8:8f: 23:fd:18:d3:32:c0:99:83:b9:bd:4a:9c:6e:a6:f8:e9: ca:7c:0c:0c:e2:7a:c8:13:01:97:f4:84:fd:7b:02:a3: 4e:a8:5f:2e:4b:f7:10:7c:1c:38:c4:c7:c2:66:cd:01: 26:50:2c:35:03:32:d7:44:6b:66:5a:3c:4e:76:32:c4: 7c:9e:f9:ba:28:57:0d:f5:f8:70:7a:64:b7:7d:ac:65: f4:f8:c7:84:26:c2:ae:f0:59:05:ba:92:1b:9c:96:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:6e:4e:7c:83:9c:65:42:32:03:5e:6f:fe:ec:e3:23: 08:55:bb:af:18:50:76:b2:35:07:bc:fa:7c:3b:a1:a8: 41:f9:36:18:63:da:7c:1a:34:df:11:ac:b0:d6:a9:26: 9a:14:a2:58:08:26:e1:0e:cc:e4:21:02:06:2e:0f:69: 9f:a8:92:dd:b3:a4:59:23:57:fd:55:a9:ee:cc:ca:35: 5e:24:86:06:0a:b6:1e:89:e2:0a:be:24:2b:59:cf:c7: 4e:2a:13:b4:f6:28:27:4f:04:e5:70:84:8c:44:f2:29: 43:2b:4b:9f:03:30:c1:bb:2b:2f:be:c6:c0:93:30:76 Fingerprint (SHA-256): 84:CD:A4:0A:EA:61:87:C8:93:44:16:9F:15:5E:44:14:E3:89:9B:6D:EA:98:2E:0A:79:4A:84:DA:FC:C3:63:BC Fingerprint (SHA1): 05:51:57:E8:7B:E9:61:42:E9:4F:FA:38:7E:17:20:CF:A2:CB:CD:9F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3216: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164343 (0x1ee28f77) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 20:45:48 2015 Not After : Mon May 18 20:45:48 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:80:a4:dc:72:98:58:f3:42:55:87:96:68:f0:17:c3: 68:17:65:55:3d:6d:73:3f:7e:3b:56:2e:a2:1c:5c:d4: 64:cf:bd:f1:43:05:cd:16:1e:5a:1b:37:c4:e1:4d:6d: 7d:05:6f:2f:0d:09:19:56:7a:60:c9:62:4b:f7:65:6f: e7:9a:d5:46:09:40:38:36:b4:05:a3:99:c3:0e:31:65: ea:90:90:80:f6:5c:77:0b:af:81:3c:83:46:c2:8f:7c: 8e:e2:ae:58:23:6f:a7:31:78:f1:cc:1d:1e:0b:81:0d: 54:72:61:4a:3e:55:40:c2:27:0c:a6:be:9c:b6:86:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8e:03:9d:60:e2:07:4a:84:54:c3:47:08:5b:28:47:55: 59:83:10:38:57:4c:1b:02:e2:03:71:77:7d:ab:18:ee: 1e:a7:b2:3b:5a:b7:18:9c:0f:64:b9:a0:19:88:e8:1b: 6f:29:d9:02:03:42:b1:ce:07:09:b7:4f:e9:11:98:ce: 32:de:88:fa:68:7c:f9:ad:49:93:60:8b:3f:e1:5a:17: c1:2a:9d:9d:c1:8b:55:bb:c5:ae:16:a9:3d:d7:ab:c6: 8c:e4:bf:36:ed:7a:c9:c9:14:e7:f9:b2:56:1e:c2:ca: 30:35:02:0d:a9:08:ed:7d:d9:a6:61:4f:3b:a2:ac:e7 Fingerprint (SHA-256): 38:F3:19:48:F3:04:C2:98:68:09:16:84:3D:E0:59:5F:58:D8:72:66:3C:5A:5E:66:50:70:EF:54:3D:DF:93:F1 Fingerprint (SHA1): 7C:26:CA:A7:34:C8:8E:AF:FA:22:03:29:9A:08:79:5E:63:AE:49:F9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3217: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164344 (0x1ee28f78) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 20:45:51 2015 Not After : Mon May 18 20:45:51 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:ba:be:80:e0:9d:72:07:cc:ca:3f:bb:3f:a7:c1:8a: fd:e0:95:43:85:4f:a7:8d:da:d1:70:70:6d:7d:bf:28: 1c:80:60:ef:b0:09:05:5c:54:24:65:c8:99:be:da:e4: 2d:0e:b0:92:9c:d8:7e:1f:21:cc:d0:eb:d7:f4:0e:c5: ab:32:ff:5c:e2:2e:8f:82:88:aa:0f:56:08:33:68:18: 28:4c:d8:92:8b:4e:b3:18:25:fc:e8:a3:c4:c9:6c:4b: 66:d6:54:61:17:46:26:55:b3:9d:96:9a:e7:22:3d:dd: 11:8b:9b:04:95:91:15:6e:20:68:62:2e:90:5a:a3:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:86:40:b5:46:b7:a4:90:4d:fb:54:9f:1e:49:a0:05: 0f:b2:c5:70:8d:d4:14:94:35:09:6c:f0:2f:3f:c6:36: 6e:34:d6:84:00:22:cd:a5:30:33:8f:53:7d:91:03:95: 70:e4:7f:97:11:ba:26:56:aa:80:ef:b1:e1:6f:84:07: 7d:52:5a:a5:77:22:50:85:28:90:08:fb:ee:a6:c2:55: 92:a6:3c:3a:eb:aa:d9:eb:df:92:7c:2a:93:2c:96:18: a2:56:49:3d:d1:0b:09:44:c0:c6:98:d6:57:96:ed:6f: bd:cd:67:cd:61:3c:5a:63:9b:25:a6:a8:d4:c6:86:0c Fingerprint (SHA-256): CB:31:8F:05:35:52:5E:1B:36:8C:19:B8:A5:A8:D3:A2:D1:FA:9A:BB:84:CD:4C:8E:5F:E1:59:38:78:11:3C:E2 Fingerprint (SHA1): 86:E9:74:73:89:2B:E9:90:5D:18:85:52:D5:1C:F1:D6:D7:9C:1B:B3 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3218: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164345 (0x1ee28f79) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 20:45:54 2015 Not After : Mon May 18 20:45:54 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:71:a1:9f:8e:70:32:cb:3e:84:39:3a:70:9e:92:21: a5:52:5d:09:b2:68:60:0e:ef:d2:4e:b5:11:ca:a3:4e: da:d2:7a:60:cc:b1:71:15:70:10:0c:68:d5:3b:86:af: c1:5c:21:34:89:05:a9:7f:6e:da:5d:8f:aa:c0:fa:e2: 84:81:82:19:b8:ae:5f:c6:a3:5f:db:44:f7:60:9b:b3: d2:83:4b:98:ea:28:6b:6f:07:20:9c:49:a8:e6:b7:da: dc:f9:64:b3:f1:84:88:21:9a:99:ec:a3:cb:bf:c0:e4: d2:b5:3a:f2:32:82:2e:9a:54:d5:71:2b:e4:29:73:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 60:5b:21:7a:48:9f:12:99:b8:13:7b:7a:a8:f9:b9:f8: 0f:c0:b9:7d:92:08:fa:6c:7c:25:d3:42:0a:1b:56:41: 3a:66:ab:f1:db:4f:28:f6:70:2f:f7:c0:c6:d2:d1:c6: da:e5:b1:1b:cd:61:4b:4e:e2:bf:c4:9a:9a:00:6f:82: b6:99:cd:97:2a:4c:17:bf:31:75:40:83:9b:f3:2b:10: f0:84:f4:f2:ce:59:83:c8:1b:d1:7d:97:6d:b1:ea:15: e1:f0:c0:94:36:dd:2f:b2:48:94:a1:1b:2c:12:0b:a5: b5:c2:60:40:aa:62:b7:26:5e:8e:6e:4e:0d:13:2b:f4 Fingerprint (SHA-256): C2:2D:07:2E:14:92:17:63:74:8E:04:C2:08:57:AD:6B:D2:54:69:1B:B5:2F:01:B2:F1:BB:F2:FE:25:80:14:2A Fingerprint (SHA1): 9D:69:F1:FC:2D:0A:6A:B1:34:D5:6D:EE:1F:84:71:69:48:AF:85:55 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3219: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3220: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164360 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3221: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3222: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3223: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3224: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164361 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3225: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3226: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3227: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3228: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164362 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3229: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3230: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3231: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3232: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518164363 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3233: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3234: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3235: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164360 (0x1ee28f88) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:30 2015 Not After : Mon May 18 20:46:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:35:c8:f4:c6:8a:8d:85:5f:7c:d6:9d:f6:15:3e:eb: a5:bd:0c:1f:c9:37:08:55:50:01:5a:9c:90:3c:e0:5a: 0a:d8:66:b5:0a:2c:fa:ed:0b:31:94:cc:55:b8:a4:de: c6:5a:cc:e6:0c:be:81:4a:78:c8:52:3e:8e:95:bd:23: 16:b2:32:c1:b7:3b:ef:3e:36:5c:73:1f:43:90:cc:c4: ea:aa:6d:c4:b8:8d:a8:38:d3:82:a9:b4:e9:e2:18:6a: 2d:ce:be:b1:64:12:00:82:e1:5e:e9:b2:5a:55:91:2d: 8b:c9:65:56:35:0a:4a:1d:5f:1f:80:c0:af:a0:79:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 60:e9:02:7d:ec:ce:17:6c:b0:ce:5e:19:34:b6:42:d2: 10:14:aa:2e:35:5e:90:11:d7:dd:80:9f:2e:2d:d5:bc: 81:ec:c3:46:11:4a:13:da:18:28:99:29:99:04:32:7a: a5:a6:34:94:43:38:03:91:97:7a:e6:b6:72:90:dd:27: c9:54:23:36:f6:ed:e0:a8:56:58:1c:44:6b:9d:e6:22: 33:5c:be:cd:89:6d:bc:fe:ea:0a:7d:9e:85:fe:4e:b1: 30:4e:81:5c:0d:31:e2:6e:68:7f:e4:f3:ae:34:71:d0: b8:35:20:9d:e1:b1:aa:8f:d1:90:1a:f2:54:cd:2f:34 Fingerprint (SHA-256): E6:14:ED:85:3A:B9:5D:84:1C:5C:82:9F:B2:F5:A8:89:89:D3:FD:37:F0:BE:73:F3:2B:CF:0C:47:33:17:F1:14 Fingerprint (SHA1): B6:95:7F:7A:81:CD:21:28:5B:FC:56:89:0E:19:76:51:DC:C8:F4:67 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3236: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3237: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164361 (0x1ee28f89) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:33 2015 Not After : Mon May 18 20:46:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:ef:9f:0d:d8:0e:fb:64:ae:a2:d7:40:3f:20:e5:58: 53:ad:42:ff:3d:ae:5c:df:a4:70:3e:97:6f:ec:36:78: f3:bc:33:98:f9:c4:f6:d4:09:a7:15:c8:16:46:6f:00: 2e:96:5a:88:ee:26:47:78:27:20:f1:0e:8d:d9:0b:04: 24:7f:66:76:ee:12:5c:1c:e4:71:03:2a:80:aa:2e:cb: 6a:e2:ce:95:69:fa:93:ed:6c:f1:ba:cc:06:9c:fa:19: 9d:00:d7:22:d7:e1:4c:17:bf:23:f5:f8:e4:69:79:91: dc:31:1e:06:be:80:e5:30:11:92:40:5c:ac:a2:59:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:02:8e:cb:43:f2:b9:ee:66:80:c7:f2:15:cd:39:b0: ca:2b:ec:93:56:06:d8:fe:e2:3b:80:29:61:ed:b5:de: 58:68:62:e0:99:ec:41:28:02:ab:e0:65:f7:f4:d6:16: 85:4f:13:ab:63:30:74:92:42:71:8c:a5:e8:39:2d:e9: 9f:34:52:59:81:ef:3a:ed:bf:cd:71:2e:d9:b3:e8:76: ae:08:3f:3d:ca:fb:5b:07:20:d6:be:56:1f:43:0c:6d: 19:e9:a2:a9:96:d1:28:56:5e:59:d1:06:f6:e9:a5:26: 2a:7c:89:10:38:e9:8e:4b:1f:38:01:8f:11:76:f3:77 Fingerprint (SHA-256): AC:B3:1A:D9:78:AF:D0:A9:43:5C:61:C0:B3:A9:76:07:A2:6F:38:44:E4:8A:A3:76:E5:95:7B:01:3E:E3:E0:A4 Fingerprint (SHA1): E0:F5:39:F5:2C:94:49:F5:CA:8F:6A:09:08:BE:92:72:1F:EB:AD:56 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3238: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3239: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164362 (0x1ee28f8a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:36 2015 Not After : Mon May 18 20:46:36 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:6c:33:59:e3:c4:d0:5d:57:87:06:fa:b0:0e:27:e3: 34:00:df:b2:61:2b:29:f8:3f:d5:33:04:7b:3a:05:be: d4:16:18:21:8a:2b:bc:46:74:01:63:04:b2:59:a9:99: 4d:17:04:12:aa:53:f9:72:ae:eb:e6:4a:3b:0a:d0:02: 9e:4c:33:98:bc:fc:78:c7:33:5a:11:75:2c:20:1f:65: 73:97:90:51:32:83:51:cc:ff:b5:d3:59:00:a5:59:95: ca:8f:f4:a5:63:5b:20:0a:93:80:73:5c:06:79:e0:f3: 3e:5b:d7:6c:01:71:27:20:8c:a9:14:d0:81:e1:aa:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:bb:71:5d:61:9a:ff:59:5d:31:5f:eb:34:a7:07:ac: 19:0e:e7:6e:35:63:06:6c:8c:a5:e8:6a:c4:ba:8b:44: 22:4b:08:7c:8e:c9:cc:d4:f4:c3:24:9a:0d:18:d8:b2: 0e:74:cf:63:6e:cd:12:12:67:3c:b6:58:26:97:26:f8: 09:8b:95:a4:e0:82:51:25:75:93:26:ac:41:b8:de:16: 83:b0:79:79:db:14:7a:05:c4:3d:60:56:f4:6d:23:43: ac:4f:ec:b0:1b:5a:ab:72:9f:23:1e:ff:e9:74:60:0c: 42:47:a8:bb:05:d2:30:3f:11:4d:0c:ef:15:23:18:41 Fingerprint (SHA-256): B5:94:C0:26:8D:26:76:2A:8A:5A:DC:AA:CD:E3:4D:08:C8:B4:06:9A:C1:E7:FC:55:B1:63:D6:BA:49:01:5E:4D Fingerprint (SHA1): 3E:05:91:F7:1D:93:F8:08:C2:83:19:E3:B6:0C:37:E9:4E:20:E8:D6 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3240: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3241: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3242: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3243: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3244: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164360 (0x1ee28f88) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:30 2015 Not After : Mon May 18 20:46:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:35:c8:f4:c6:8a:8d:85:5f:7c:d6:9d:f6:15:3e:eb: a5:bd:0c:1f:c9:37:08:55:50:01:5a:9c:90:3c:e0:5a: 0a:d8:66:b5:0a:2c:fa:ed:0b:31:94:cc:55:b8:a4:de: c6:5a:cc:e6:0c:be:81:4a:78:c8:52:3e:8e:95:bd:23: 16:b2:32:c1:b7:3b:ef:3e:36:5c:73:1f:43:90:cc:c4: ea:aa:6d:c4:b8:8d:a8:38:d3:82:a9:b4:e9:e2:18:6a: 2d:ce:be:b1:64:12:00:82:e1:5e:e9:b2:5a:55:91:2d: 8b:c9:65:56:35:0a:4a:1d:5f:1f:80:c0:af:a0:79:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 60:e9:02:7d:ec:ce:17:6c:b0:ce:5e:19:34:b6:42:d2: 10:14:aa:2e:35:5e:90:11:d7:dd:80:9f:2e:2d:d5:bc: 81:ec:c3:46:11:4a:13:da:18:28:99:29:99:04:32:7a: a5:a6:34:94:43:38:03:91:97:7a:e6:b6:72:90:dd:27: c9:54:23:36:f6:ed:e0:a8:56:58:1c:44:6b:9d:e6:22: 33:5c:be:cd:89:6d:bc:fe:ea:0a:7d:9e:85:fe:4e:b1: 30:4e:81:5c:0d:31:e2:6e:68:7f:e4:f3:ae:34:71:d0: b8:35:20:9d:e1:b1:aa:8f:d1:90:1a:f2:54:cd:2f:34 Fingerprint (SHA-256): E6:14:ED:85:3A:B9:5D:84:1C:5C:82:9F:B2:F5:A8:89:89:D3:FD:37:F0:BE:73:F3:2B:CF:0C:47:33:17:F1:14 Fingerprint (SHA1): B6:95:7F:7A:81:CD:21:28:5B:FC:56:89:0E:19:76:51:DC:C8:F4:67 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3245: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3246: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164361 (0x1ee28f89) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:33 2015 Not After : Mon May 18 20:46:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:ef:9f:0d:d8:0e:fb:64:ae:a2:d7:40:3f:20:e5:58: 53:ad:42:ff:3d:ae:5c:df:a4:70:3e:97:6f:ec:36:78: f3:bc:33:98:f9:c4:f6:d4:09:a7:15:c8:16:46:6f:00: 2e:96:5a:88:ee:26:47:78:27:20:f1:0e:8d:d9:0b:04: 24:7f:66:76:ee:12:5c:1c:e4:71:03:2a:80:aa:2e:cb: 6a:e2:ce:95:69:fa:93:ed:6c:f1:ba:cc:06:9c:fa:19: 9d:00:d7:22:d7:e1:4c:17:bf:23:f5:f8:e4:69:79:91: dc:31:1e:06:be:80:e5:30:11:92:40:5c:ac:a2:59:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:02:8e:cb:43:f2:b9:ee:66:80:c7:f2:15:cd:39:b0: ca:2b:ec:93:56:06:d8:fe:e2:3b:80:29:61:ed:b5:de: 58:68:62:e0:99:ec:41:28:02:ab:e0:65:f7:f4:d6:16: 85:4f:13:ab:63:30:74:92:42:71:8c:a5:e8:39:2d:e9: 9f:34:52:59:81:ef:3a:ed:bf:cd:71:2e:d9:b3:e8:76: ae:08:3f:3d:ca:fb:5b:07:20:d6:be:56:1f:43:0c:6d: 19:e9:a2:a9:96:d1:28:56:5e:59:d1:06:f6:e9:a5:26: 2a:7c:89:10:38:e9:8e:4b:1f:38:01:8f:11:76:f3:77 Fingerprint (SHA-256): AC:B3:1A:D9:78:AF:D0:A9:43:5C:61:C0:B3:A9:76:07:A2:6F:38:44:E4:8A:A3:76:E5:95:7B:01:3E:E3:E0:A4 Fingerprint (SHA1): E0:F5:39:F5:2C:94:49:F5:CA:8F:6A:09:08:BE:92:72:1F:EB:AD:56 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3247: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3248: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164362 (0x1ee28f8a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:36 2015 Not After : Mon May 18 20:46:36 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:6c:33:59:e3:c4:d0:5d:57:87:06:fa:b0:0e:27:e3: 34:00:df:b2:61:2b:29:f8:3f:d5:33:04:7b:3a:05:be: d4:16:18:21:8a:2b:bc:46:74:01:63:04:b2:59:a9:99: 4d:17:04:12:aa:53:f9:72:ae:eb:e6:4a:3b:0a:d0:02: 9e:4c:33:98:bc:fc:78:c7:33:5a:11:75:2c:20:1f:65: 73:97:90:51:32:83:51:cc:ff:b5:d3:59:00:a5:59:95: ca:8f:f4:a5:63:5b:20:0a:93:80:73:5c:06:79:e0:f3: 3e:5b:d7:6c:01:71:27:20:8c:a9:14:d0:81:e1:aa:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:bb:71:5d:61:9a:ff:59:5d:31:5f:eb:34:a7:07:ac: 19:0e:e7:6e:35:63:06:6c:8c:a5:e8:6a:c4:ba:8b:44: 22:4b:08:7c:8e:c9:cc:d4:f4:c3:24:9a:0d:18:d8:b2: 0e:74:cf:63:6e:cd:12:12:67:3c:b6:58:26:97:26:f8: 09:8b:95:a4:e0:82:51:25:75:93:26:ac:41:b8:de:16: 83:b0:79:79:db:14:7a:05:c4:3d:60:56:f4:6d:23:43: ac:4f:ec:b0:1b:5a:ab:72:9f:23:1e:ff:e9:74:60:0c: 42:47:a8:bb:05:d2:30:3f:11:4d:0c:ef:15:23:18:41 Fingerprint (SHA-256): B5:94:C0:26:8D:26:76:2A:8A:5A:DC:AA:CD:E3:4D:08:C8:B4:06:9A:C1:E7:FC:55:B1:63:D6:BA:49:01:5E:4D Fingerprint (SHA1): 3E:05:91:F7:1D:93:F8:08:C2:83:19:E3:B6:0C:37:E9:4E:20:E8:D6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3249: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3250: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3251: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164364 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3252: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3253: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3254: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3255: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164365 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3256: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3257: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3258: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3259: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164366 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3260: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3261: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3262: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3263: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518164367 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3264: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3265: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3266: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3267: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518164368 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3268: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3269: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3270: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164364 (0x1ee28f8c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:51 2015 Not After : Mon May 18 20:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:58:65:ce:61:ee:dd:40:8d:03:76:09:bb:2b:cb:1b: 41:c8:82:18:dd:e8:c2:85:95:dd:3f:5f:77:29:3e:8b: da:32:78:95:d6:3f:40:94:14:0c:87:dd:ce:e5:c1:74: 45:50:7e:de:42:e9:50:80:3f:cf:19:76:dc:0c:18:51: 28:67:f1:b6:40:1d:ed:15:e2:6a:88:88:d0:dc:ef:f3: 5a:53:a4:00:06:49:39:8c:95:05:a9:b6:49:f4:37:9b: 51:f4:7d:89:c8:ac:8d:0a:87:92:5e:ba:07:83:de:3d: 00:40:8c:b1:db:74:8c:5f:af:30:3f:aa:d2:8d:8d:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:e2:64:21:d6:c5:79:23:45:08:13:7c:49:db:8e:4d: da:60:cb:00:62:af:03:e4:20:d0:af:fb:4f:20:5c:c4: 1c:b1:ac:42:41:6a:4e:44:58:a0:6c:73:45:9a:98:b2: d9:6d:0e:64:16:bc:ef:31:ec:a4:1e:23:d7:cf:60:6e: 9c:08:80:74:a0:f8:cd:14:67:f0:ba:9f:64:7f:61:77: 18:8c:d0:10:d6:f0:dc:17:7b:7a:ed:c2:9d:d9:39:8b: d0:c8:ce:f8:0f:2a:a5:56:f4:84:0d:af:e2:90:93:69: db:e0:d3:e4:e0:1e:da:49:ea:38:8f:12:99:83:13:c7 Fingerprint (SHA-256): FF:08:F0:21:9A:E0:81:81:6C:5E:A7:6F:59:73:CD:C4:A8:8D:AB:31:29:B5:90:B8:0B:B6:C5:43:B5:F0:36:1B Fingerprint (SHA1): DF:43:BB:90:4D:7D:7A:F7:03:E7:8C:2A:6E:90:75:21:F1:37:2B:65 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3271: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3272: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164365 (0x1ee28f8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:55 2015 Not After : Mon May 18 20:46:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:ac:ec:59:18:98:24:15:77:eb:02:5a:50:a5:6e:a4: d1:50:13:48:cb:c3:a2:91:24:1b:03:fc:6a:83:14:f1: 52:c3:2f:9d:0d:e2:41:3a:1e:dd:5b:62:15:54:7d:db: c2:94:27:89:bd:b9:3d:1f:a7:ee:dc:7b:b4:1a:6a:0e: 54:56:2c:1e:88:f7:22:51:14:03:29:e2:fb:a3:0e:3c: 9e:5d:64:3a:61:eb:e2:f5:e1:70:a7:5e:15:14:1f:b7: 9f:16:ea:17:8c:54:74:55:45:c4:c7:49:9b:dd:74:a8: f6:80:73:46:4e:76:76:83:77:36:1b:e6:ec:d4:dc:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:4e:4e:5a:32:a5:50:af:09:8d:62:a0:c7:0d:12:fd: da:7d:9f:b6:d9:6d:91:db:5f:b6:36:24:84:36:d2:6a: 79:c5:d2:dd:9d:e5:c3:cd:af:b6:20:ed:56:bd:73:cc: 7e:35:71:e7:d2:7d:82:1d:b2:d8:94:ed:94:a5:6f:92: f6:cf:86:11:96:1a:e1:4b:a2:d9:66:2a:14:04:31:cb: 16:58:39:90:0d:34:3b:86:a5:b2:23:22:ff:33:17:27: 06:56:6f:d8:3c:c6:2b:8c:c3:6e:fa:65:03:fc:e1:fb: 9d:c0:d0:59:dd:d9:d8:69:db:05:36:96:7d:00:71:42 Fingerprint (SHA-256): 1A:8F:41:6B:8E:AE:10:F9:CE:A7:F3:07:23:C7:BA:29:01:66:54:0E:02:70:6C:E0:10:19:B1:33:B8:C0:15:A7 Fingerprint (SHA1): FC:56:A5:DC:83:9D:C4:FE:49:2F:16:84:F4:3C:81:C4:4F:36:7D:5F Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3273: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3274: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164366 (0x1ee28f8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:58 2015 Not After : Mon May 18 20:46:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:4e:4c:69:58:3b:b1:2f:e1:e8:97:fa:9d:e8:0a:c3: 9b:cd:8d:57:a2:d8:60:58:70:52:d8:76:2a:e6:a0:99: 95:29:03:a0:d0:a0:70:96:fe:46:de:c7:e5:90:62:4b: b9:1d:62:4e:29:e1:1c:ca:90:f1:cf:18:7c:19:71:ee: 08:0a:71:a8:60:9a:4f:c8:86:30:6c:8c:c0:3b:57:60: 2b:93:05:c5:3d:53:8a:47:ad:e1:65:ea:ff:66:4c:9c: b3:9c:85:8e:6e:98:dd:bf:e1:45:f7:7e:b6:5a:1d:c6: 86:7e:38:ba:1b:7b:5c:25:c0:ab:53:58:65:1b:7a:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:71:51:af:49:8d:07:f8:8b:7a:4d:94:f3:ca:aa:0f: f6:7f:46:50:54:1b:43:72:ef:9e:3d:17:fa:1a:ce:9e: aa:18:2c:b4:d8:22:92:7e:62:7a:0b:e1:cb:de:a5:51: 98:d9:1c:99:01:4f:e3:fe:9a:18:12:2b:2c:45:d5:e7: 9d:cd:1c:62:39:40:6f:18:21:76:4d:d6:dd:7c:0b:2e: 76:11:ce:d3:40:38:37:3f:7d:21:33:b9:58:0a:e3:96: 04:ad:a2:5e:65:c6:0d:51:a2:d9:64:27:8a:38:e1:bf: 24:09:87:21:c1:fe:45:ae:b2:f8:87:5e:6c:b2:6d:7b Fingerprint (SHA-256): 69:BA:D8:A1:8E:FB:9D:0D:F4:7B:6C:51:C6:90:32:33:12:18:7A:FD:7F:3A:41:15:72:F3:D2:1F:70:79:7D:D4 Fingerprint (SHA1): 61:FE:21:66:CB:5F:50:4B:94:BB:A2:44:47:02:99:50:A4:98:A0:0D Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3275: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3276: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3277: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3278: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3279: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164364 (0x1ee28f8c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:51 2015 Not After : Mon May 18 20:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:58:65:ce:61:ee:dd:40:8d:03:76:09:bb:2b:cb:1b: 41:c8:82:18:dd:e8:c2:85:95:dd:3f:5f:77:29:3e:8b: da:32:78:95:d6:3f:40:94:14:0c:87:dd:ce:e5:c1:74: 45:50:7e:de:42:e9:50:80:3f:cf:19:76:dc:0c:18:51: 28:67:f1:b6:40:1d:ed:15:e2:6a:88:88:d0:dc:ef:f3: 5a:53:a4:00:06:49:39:8c:95:05:a9:b6:49:f4:37:9b: 51:f4:7d:89:c8:ac:8d:0a:87:92:5e:ba:07:83:de:3d: 00:40:8c:b1:db:74:8c:5f:af:30:3f:aa:d2:8d:8d:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:e2:64:21:d6:c5:79:23:45:08:13:7c:49:db:8e:4d: da:60:cb:00:62:af:03:e4:20:d0:af:fb:4f:20:5c:c4: 1c:b1:ac:42:41:6a:4e:44:58:a0:6c:73:45:9a:98:b2: d9:6d:0e:64:16:bc:ef:31:ec:a4:1e:23:d7:cf:60:6e: 9c:08:80:74:a0:f8:cd:14:67:f0:ba:9f:64:7f:61:77: 18:8c:d0:10:d6:f0:dc:17:7b:7a:ed:c2:9d:d9:39:8b: d0:c8:ce:f8:0f:2a:a5:56:f4:84:0d:af:e2:90:93:69: db:e0:d3:e4:e0:1e:da:49:ea:38:8f:12:99:83:13:c7 Fingerprint (SHA-256): FF:08:F0:21:9A:E0:81:81:6C:5E:A7:6F:59:73:CD:C4:A8:8D:AB:31:29:B5:90:B8:0B:B6:C5:43:B5:F0:36:1B Fingerprint (SHA1): DF:43:BB:90:4D:7D:7A:F7:03:E7:8C:2A:6E:90:75:21:F1:37:2B:65 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3280: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3281: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164365 (0x1ee28f8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:55 2015 Not After : Mon May 18 20:46:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:ac:ec:59:18:98:24:15:77:eb:02:5a:50:a5:6e:a4: d1:50:13:48:cb:c3:a2:91:24:1b:03:fc:6a:83:14:f1: 52:c3:2f:9d:0d:e2:41:3a:1e:dd:5b:62:15:54:7d:db: c2:94:27:89:bd:b9:3d:1f:a7:ee:dc:7b:b4:1a:6a:0e: 54:56:2c:1e:88:f7:22:51:14:03:29:e2:fb:a3:0e:3c: 9e:5d:64:3a:61:eb:e2:f5:e1:70:a7:5e:15:14:1f:b7: 9f:16:ea:17:8c:54:74:55:45:c4:c7:49:9b:dd:74:a8: f6:80:73:46:4e:76:76:83:77:36:1b:e6:ec:d4:dc:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:4e:4e:5a:32:a5:50:af:09:8d:62:a0:c7:0d:12:fd: da:7d:9f:b6:d9:6d:91:db:5f:b6:36:24:84:36:d2:6a: 79:c5:d2:dd:9d:e5:c3:cd:af:b6:20:ed:56:bd:73:cc: 7e:35:71:e7:d2:7d:82:1d:b2:d8:94:ed:94:a5:6f:92: f6:cf:86:11:96:1a:e1:4b:a2:d9:66:2a:14:04:31:cb: 16:58:39:90:0d:34:3b:86:a5:b2:23:22:ff:33:17:27: 06:56:6f:d8:3c:c6:2b:8c:c3:6e:fa:65:03:fc:e1:fb: 9d:c0:d0:59:dd:d9:d8:69:db:05:36:96:7d:00:71:42 Fingerprint (SHA-256): 1A:8F:41:6B:8E:AE:10:F9:CE:A7:F3:07:23:C7:BA:29:01:66:54:0E:02:70:6C:E0:10:19:B1:33:B8:C0:15:A7 Fingerprint (SHA1): FC:56:A5:DC:83:9D:C4:FE:49:2F:16:84:F4:3C:81:C4:4F:36:7D:5F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3282: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3283: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164366 (0x1ee28f8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:58 2015 Not After : Mon May 18 20:46:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:4e:4c:69:58:3b:b1:2f:e1:e8:97:fa:9d:e8:0a:c3: 9b:cd:8d:57:a2:d8:60:58:70:52:d8:76:2a:e6:a0:99: 95:29:03:a0:d0:a0:70:96:fe:46:de:c7:e5:90:62:4b: b9:1d:62:4e:29:e1:1c:ca:90:f1:cf:18:7c:19:71:ee: 08:0a:71:a8:60:9a:4f:c8:86:30:6c:8c:c0:3b:57:60: 2b:93:05:c5:3d:53:8a:47:ad:e1:65:ea:ff:66:4c:9c: b3:9c:85:8e:6e:98:dd:bf:e1:45:f7:7e:b6:5a:1d:c6: 86:7e:38:ba:1b:7b:5c:25:c0:ab:53:58:65:1b:7a:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:71:51:af:49:8d:07:f8:8b:7a:4d:94:f3:ca:aa:0f: f6:7f:46:50:54:1b:43:72:ef:9e:3d:17:fa:1a:ce:9e: aa:18:2c:b4:d8:22:92:7e:62:7a:0b:e1:cb:de:a5:51: 98:d9:1c:99:01:4f:e3:fe:9a:18:12:2b:2c:45:d5:e7: 9d:cd:1c:62:39:40:6f:18:21:76:4d:d6:dd:7c:0b:2e: 76:11:ce:d3:40:38:37:3f:7d:21:33:b9:58:0a:e3:96: 04:ad:a2:5e:65:c6:0d:51:a2:d9:64:27:8a:38:e1:bf: 24:09:87:21:c1:fe:45:ae:b2:f8:87:5e:6c:b2:6d:7b Fingerprint (SHA-256): 69:BA:D8:A1:8E:FB:9D:0D:F4:7B:6C:51:C6:90:32:33:12:18:7A:FD:7F:3A:41:15:72:F3:D2:1F:70:79:7D:D4 Fingerprint (SHA1): 61:FE:21:66:CB:5F:50:4B:94:BB:A2:44:47:02:99:50:A4:98:A0:0D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3284: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3285: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164364 (0x1ee28f8c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:51 2015 Not After : Mon May 18 20:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:58:65:ce:61:ee:dd:40:8d:03:76:09:bb:2b:cb:1b: 41:c8:82:18:dd:e8:c2:85:95:dd:3f:5f:77:29:3e:8b: da:32:78:95:d6:3f:40:94:14:0c:87:dd:ce:e5:c1:74: 45:50:7e:de:42:e9:50:80:3f:cf:19:76:dc:0c:18:51: 28:67:f1:b6:40:1d:ed:15:e2:6a:88:88:d0:dc:ef:f3: 5a:53:a4:00:06:49:39:8c:95:05:a9:b6:49:f4:37:9b: 51:f4:7d:89:c8:ac:8d:0a:87:92:5e:ba:07:83:de:3d: 00:40:8c:b1:db:74:8c:5f:af:30:3f:aa:d2:8d:8d:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:e2:64:21:d6:c5:79:23:45:08:13:7c:49:db:8e:4d: da:60:cb:00:62:af:03:e4:20:d0:af:fb:4f:20:5c:c4: 1c:b1:ac:42:41:6a:4e:44:58:a0:6c:73:45:9a:98:b2: d9:6d:0e:64:16:bc:ef:31:ec:a4:1e:23:d7:cf:60:6e: 9c:08:80:74:a0:f8:cd:14:67:f0:ba:9f:64:7f:61:77: 18:8c:d0:10:d6:f0:dc:17:7b:7a:ed:c2:9d:d9:39:8b: d0:c8:ce:f8:0f:2a:a5:56:f4:84:0d:af:e2:90:93:69: db:e0:d3:e4:e0:1e:da:49:ea:38:8f:12:99:83:13:c7 Fingerprint (SHA-256): FF:08:F0:21:9A:E0:81:81:6C:5E:A7:6F:59:73:CD:C4:A8:8D:AB:31:29:B5:90:B8:0B:B6:C5:43:B5:F0:36:1B Fingerprint (SHA1): DF:43:BB:90:4D:7D:7A:F7:03:E7:8C:2A:6E:90:75:21:F1:37:2B:65 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3286: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164364 (0x1ee28f8c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:51 2015 Not After : Mon May 18 20:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:58:65:ce:61:ee:dd:40:8d:03:76:09:bb:2b:cb:1b: 41:c8:82:18:dd:e8:c2:85:95:dd:3f:5f:77:29:3e:8b: da:32:78:95:d6:3f:40:94:14:0c:87:dd:ce:e5:c1:74: 45:50:7e:de:42:e9:50:80:3f:cf:19:76:dc:0c:18:51: 28:67:f1:b6:40:1d:ed:15:e2:6a:88:88:d0:dc:ef:f3: 5a:53:a4:00:06:49:39:8c:95:05:a9:b6:49:f4:37:9b: 51:f4:7d:89:c8:ac:8d:0a:87:92:5e:ba:07:83:de:3d: 00:40:8c:b1:db:74:8c:5f:af:30:3f:aa:d2:8d:8d:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:e2:64:21:d6:c5:79:23:45:08:13:7c:49:db:8e:4d: da:60:cb:00:62:af:03:e4:20:d0:af:fb:4f:20:5c:c4: 1c:b1:ac:42:41:6a:4e:44:58:a0:6c:73:45:9a:98:b2: d9:6d:0e:64:16:bc:ef:31:ec:a4:1e:23:d7:cf:60:6e: 9c:08:80:74:a0:f8:cd:14:67:f0:ba:9f:64:7f:61:77: 18:8c:d0:10:d6:f0:dc:17:7b:7a:ed:c2:9d:d9:39:8b: d0:c8:ce:f8:0f:2a:a5:56:f4:84:0d:af:e2:90:93:69: db:e0:d3:e4:e0:1e:da:49:ea:38:8f:12:99:83:13:c7 Fingerprint (SHA-256): FF:08:F0:21:9A:E0:81:81:6C:5E:A7:6F:59:73:CD:C4:A8:8D:AB:31:29:B5:90:B8:0B:B6:C5:43:B5:F0:36:1B Fingerprint (SHA1): DF:43:BB:90:4D:7D:7A:F7:03:E7:8C:2A:6E:90:75:21:F1:37:2B:65 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3287: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164365 (0x1ee28f8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:55 2015 Not After : Mon May 18 20:46:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:ac:ec:59:18:98:24:15:77:eb:02:5a:50:a5:6e:a4: d1:50:13:48:cb:c3:a2:91:24:1b:03:fc:6a:83:14:f1: 52:c3:2f:9d:0d:e2:41:3a:1e:dd:5b:62:15:54:7d:db: c2:94:27:89:bd:b9:3d:1f:a7:ee:dc:7b:b4:1a:6a:0e: 54:56:2c:1e:88:f7:22:51:14:03:29:e2:fb:a3:0e:3c: 9e:5d:64:3a:61:eb:e2:f5:e1:70:a7:5e:15:14:1f:b7: 9f:16:ea:17:8c:54:74:55:45:c4:c7:49:9b:dd:74:a8: f6:80:73:46:4e:76:76:83:77:36:1b:e6:ec:d4:dc:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:4e:4e:5a:32:a5:50:af:09:8d:62:a0:c7:0d:12:fd: da:7d:9f:b6:d9:6d:91:db:5f:b6:36:24:84:36:d2:6a: 79:c5:d2:dd:9d:e5:c3:cd:af:b6:20:ed:56:bd:73:cc: 7e:35:71:e7:d2:7d:82:1d:b2:d8:94:ed:94:a5:6f:92: f6:cf:86:11:96:1a:e1:4b:a2:d9:66:2a:14:04:31:cb: 16:58:39:90:0d:34:3b:86:a5:b2:23:22:ff:33:17:27: 06:56:6f:d8:3c:c6:2b:8c:c3:6e:fa:65:03:fc:e1:fb: 9d:c0:d0:59:dd:d9:d8:69:db:05:36:96:7d:00:71:42 Fingerprint (SHA-256): 1A:8F:41:6B:8E:AE:10:F9:CE:A7:F3:07:23:C7:BA:29:01:66:54:0E:02:70:6C:E0:10:19:B1:33:B8:C0:15:A7 Fingerprint (SHA1): FC:56:A5:DC:83:9D:C4:FE:49:2F:16:84:F4:3C:81:C4:4F:36:7D:5F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3288: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164365 (0x1ee28f8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:46:55 2015 Not After : Mon May 18 20:46:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:ac:ec:59:18:98:24:15:77:eb:02:5a:50:a5:6e:a4: d1:50:13:48:cb:c3:a2:91:24:1b:03:fc:6a:83:14:f1: 52:c3:2f:9d:0d:e2:41:3a:1e:dd:5b:62:15:54:7d:db: c2:94:27:89:bd:b9:3d:1f:a7:ee:dc:7b:b4:1a:6a:0e: 54:56:2c:1e:88:f7:22:51:14:03:29:e2:fb:a3:0e:3c: 9e:5d:64:3a:61:eb:e2:f5:e1:70:a7:5e:15:14:1f:b7: 9f:16:ea:17:8c:54:74:55:45:c4:c7:49:9b:dd:74:a8: f6:80:73:46:4e:76:76:83:77:36:1b:e6:ec:d4:dc:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:4e:4e:5a:32:a5:50:af:09:8d:62:a0:c7:0d:12:fd: da:7d:9f:b6:d9:6d:91:db:5f:b6:36:24:84:36:d2:6a: 79:c5:d2:dd:9d:e5:c3:cd:af:b6:20:ed:56:bd:73:cc: 7e:35:71:e7:d2:7d:82:1d:b2:d8:94:ed:94:a5:6f:92: f6:cf:86:11:96:1a:e1:4b:a2:d9:66:2a:14:04:31:cb: 16:58:39:90:0d:34:3b:86:a5:b2:23:22:ff:33:17:27: 06:56:6f:d8:3c:c6:2b:8c:c3:6e:fa:65:03:fc:e1:fb: 9d:c0:d0:59:dd:d9:d8:69:db:05:36:96:7d:00:71:42 Fingerprint (SHA-256): 1A:8F:41:6B:8E:AE:10:F9:CE:A7:F3:07:23:C7:BA:29:01:66:54:0E:02:70:6C:E0:10:19:B1:33:B8:C0:15:A7 Fingerprint (SHA1): FC:56:A5:DC:83:9D:C4:FE:49:2F:16:84:F4:3C:81:C4:4F:36:7D:5F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3289: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164366 (0x1ee28f8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:58 2015 Not After : Mon May 18 20:46:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:4e:4c:69:58:3b:b1:2f:e1:e8:97:fa:9d:e8:0a:c3: 9b:cd:8d:57:a2:d8:60:58:70:52:d8:76:2a:e6:a0:99: 95:29:03:a0:d0:a0:70:96:fe:46:de:c7:e5:90:62:4b: b9:1d:62:4e:29:e1:1c:ca:90:f1:cf:18:7c:19:71:ee: 08:0a:71:a8:60:9a:4f:c8:86:30:6c:8c:c0:3b:57:60: 2b:93:05:c5:3d:53:8a:47:ad:e1:65:ea:ff:66:4c:9c: b3:9c:85:8e:6e:98:dd:bf:e1:45:f7:7e:b6:5a:1d:c6: 86:7e:38:ba:1b:7b:5c:25:c0:ab:53:58:65:1b:7a:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:71:51:af:49:8d:07:f8:8b:7a:4d:94:f3:ca:aa:0f: f6:7f:46:50:54:1b:43:72:ef:9e:3d:17:fa:1a:ce:9e: aa:18:2c:b4:d8:22:92:7e:62:7a:0b:e1:cb:de:a5:51: 98:d9:1c:99:01:4f:e3:fe:9a:18:12:2b:2c:45:d5:e7: 9d:cd:1c:62:39:40:6f:18:21:76:4d:d6:dd:7c:0b:2e: 76:11:ce:d3:40:38:37:3f:7d:21:33:b9:58:0a:e3:96: 04:ad:a2:5e:65:c6:0d:51:a2:d9:64:27:8a:38:e1:bf: 24:09:87:21:c1:fe:45:ae:b2:f8:87:5e:6c:b2:6d:7b Fingerprint (SHA-256): 69:BA:D8:A1:8E:FB:9D:0D:F4:7B:6C:51:C6:90:32:33:12:18:7A:FD:7F:3A:41:15:72:F3:D2:1F:70:79:7D:D4 Fingerprint (SHA1): 61:FE:21:66:CB:5F:50:4B:94:BB:A2:44:47:02:99:50:A4:98:A0:0D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3290: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164366 (0x1ee28f8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:46:58 2015 Not After : Mon May 18 20:46:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:4e:4c:69:58:3b:b1:2f:e1:e8:97:fa:9d:e8:0a:c3: 9b:cd:8d:57:a2:d8:60:58:70:52:d8:76:2a:e6:a0:99: 95:29:03:a0:d0:a0:70:96:fe:46:de:c7:e5:90:62:4b: b9:1d:62:4e:29:e1:1c:ca:90:f1:cf:18:7c:19:71:ee: 08:0a:71:a8:60:9a:4f:c8:86:30:6c:8c:c0:3b:57:60: 2b:93:05:c5:3d:53:8a:47:ad:e1:65:ea:ff:66:4c:9c: b3:9c:85:8e:6e:98:dd:bf:e1:45:f7:7e:b6:5a:1d:c6: 86:7e:38:ba:1b:7b:5c:25:c0:ab:53:58:65:1b:7a:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:71:51:af:49:8d:07:f8:8b:7a:4d:94:f3:ca:aa:0f: f6:7f:46:50:54:1b:43:72:ef:9e:3d:17:fa:1a:ce:9e: aa:18:2c:b4:d8:22:92:7e:62:7a:0b:e1:cb:de:a5:51: 98:d9:1c:99:01:4f:e3:fe:9a:18:12:2b:2c:45:d5:e7: 9d:cd:1c:62:39:40:6f:18:21:76:4d:d6:dd:7c:0b:2e: 76:11:ce:d3:40:38:37:3f:7d:21:33:b9:58:0a:e3:96: 04:ad:a2:5e:65:c6:0d:51:a2:d9:64:27:8a:38:e1:bf: 24:09:87:21:c1:fe:45:ae:b2:f8:87:5e:6c:b2:6d:7b Fingerprint (SHA-256): 69:BA:D8:A1:8E:FB:9D:0D:F4:7B:6C:51:C6:90:32:33:12:18:7A:FD:7F:3A:41:15:72:F3:D2:1F:70:79:7D:D4 Fingerprint (SHA1): 61:FE:21:66:CB:5F:50:4B:94:BB:A2:44:47:02:99:50:A4:98:A0:0D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3291: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3292: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164369 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3293: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3294: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3295: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3296: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518164370 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3297: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3298: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3299: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3300: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164371 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3301: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3302: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3303: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3304: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518164372 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3305: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3306: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3307: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3308: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518164373 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3309: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3310: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3311: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3312: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518164374 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3313: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3314: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #3315: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3316: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518164375 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3317: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3318: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3319: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #3320: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #3321: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3322: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #3323: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164369 (0x1ee28f91) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:19 2015 Not After : Mon May 18 20:47:19 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:62:b5:d2:f1:3b:4d:e5:2a:3f:f3:84:c0:78:8f:76: c2:a8:cc:ad:29:ee:5b:ce:1e:0e:b7:0d:52:09:30:d5: 2f:c0:77:3b:6f:2c:62:2c:61:92:f8:84:c8:cb:de:05: 1e:1a:da:d5:a3:c8:0b:1b:8c:ac:e7:b3:d0:04:1c:63: 58:3c:1b:d2:d4:6f:b2:70:8b:d3:32:44:1c:ff:2f:1f: e4:ca:9e:4a:fb:02:b1:82:80:0d:48:3e:48:d8:b3:39: 71:3f:56:ba:fc:e0:f4:b1:4c:63:8c:80:db:d9:f1:ff: f1:fc:0c:ab:8f:63:3e:a0:ec:ba:79:0e:81:dd:82:0b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:09:ab:7a:8f:e3:5d:38:31:6d:ff:3e:d0:59:82:f9: d8:41:92:10:70:d6:c9:93:84:07:15:9a:66:8e:a0:3e: c4:91:bf:00:fa:4b:ef:ea:e5:9b:fe:49:ed:a6:32:ac: 70:c7:c5:f4:a5:1d:13:5d:84:da:65:ce:7b:64:36:d6: dc:d3:43:a6:c9:a2:85:19:ad:23:bd:78:8c:82:ea:8a: 8f:56:17:eb:54:5f:08:0b:2a:8e:30:c1:64:ff:2a:6c: 43:8d:2e:0a:13:18:3a:8c:be:7e:4a:91:e4:b8:ac:41: b8:24:6c:89:be:70:4e:97:72:db:39:1b:49:7a:7c:0c Fingerprint (SHA-256): 9E:AF:F0:EA:3E:5D:97:AF:31:81:A2:2E:A6:87:67:A7:80:59:E5:F8:34:51:F6:F8:C4:54:9D:82:3C:4C:D6:5C Fingerprint (SHA1): 2A:E7:45:04:90:D7:39:CB:48:45:EC:0E:B8:AD:C9:02:00:C2:5F:F7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3324: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3325: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3326: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3327: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164369 (0x1ee28f91) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:19 2015 Not After : Mon May 18 20:47:19 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:62:b5:d2:f1:3b:4d:e5:2a:3f:f3:84:c0:78:8f:76: c2:a8:cc:ad:29:ee:5b:ce:1e:0e:b7:0d:52:09:30:d5: 2f:c0:77:3b:6f:2c:62:2c:61:92:f8:84:c8:cb:de:05: 1e:1a:da:d5:a3:c8:0b:1b:8c:ac:e7:b3:d0:04:1c:63: 58:3c:1b:d2:d4:6f:b2:70:8b:d3:32:44:1c:ff:2f:1f: e4:ca:9e:4a:fb:02:b1:82:80:0d:48:3e:48:d8:b3:39: 71:3f:56:ba:fc:e0:f4:b1:4c:63:8c:80:db:d9:f1:ff: f1:fc:0c:ab:8f:63:3e:a0:ec:ba:79:0e:81:dd:82:0b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:09:ab:7a:8f:e3:5d:38:31:6d:ff:3e:d0:59:82:f9: d8:41:92:10:70:d6:c9:93:84:07:15:9a:66:8e:a0:3e: c4:91:bf:00:fa:4b:ef:ea:e5:9b:fe:49:ed:a6:32:ac: 70:c7:c5:f4:a5:1d:13:5d:84:da:65:ce:7b:64:36:d6: dc:d3:43:a6:c9:a2:85:19:ad:23:bd:78:8c:82:ea:8a: 8f:56:17:eb:54:5f:08:0b:2a:8e:30:c1:64:ff:2a:6c: 43:8d:2e:0a:13:18:3a:8c:be:7e:4a:91:e4:b8:ac:41: b8:24:6c:89:be:70:4e:97:72:db:39:1b:49:7a:7c:0c Fingerprint (SHA-256): 9E:AF:F0:EA:3E:5D:97:AF:31:81:A2:2E:A6:87:67:A7:80:59:E5:F8:34:51:F6:F8:C4:54:9D:82:3C:4C:D6:5C Fingerprint (SHA1): 2A:E7:45:04:90:D7:39:CB:48:45:EC:0E:B8:AD:C9:02:00:C2:5F:F7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3328: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3329: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3330: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164376 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3331: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3332: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3333: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3334: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518164377 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3335: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3336: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #3337: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3338: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518164378 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3339: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3340: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #3341: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3342: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518164379 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3343: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3344: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3345: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3346: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518164380 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3347: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3348: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #3349: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3350: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518164381 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3351: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3352: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #3353: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3354: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518164382 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3355: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3356: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3357: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3358: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518164383 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3359: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3360: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #3361: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3362: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518164384 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3363: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3364: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #3365: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3366: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518164385 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3367: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3368: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3369: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3370: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518164386 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3371: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3372: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #3373: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3374: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518164387 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3375: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3376: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #3377: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3378: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518164388 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3379: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3380: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3381: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3382: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518164389 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3383: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3384: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #3385: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3386: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518164390 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3387: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3388: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #3389: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3390: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518164391 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3391: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3392: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #3393: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3394: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518164392 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3395: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3396: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #3397: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3398: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518164393 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3399: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3400: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #3401: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3402: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518164394 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3403: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3404: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #3405: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3406: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518164395 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3407: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3408: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #3409: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3410: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518164396 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3411: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3412: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #3413: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3414: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518164397 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3415: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3416: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #3417: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3418: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518164398 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3419: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3420: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #3421: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3422: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518164399 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3423: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3424: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #3425: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3426: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518164400 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3427: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3428: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #3429: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3430: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518164401 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3431: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3432: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #3433: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3434: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518164402 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3435: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3436: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #3437: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3438: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518164403 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3439: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3440: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #3441: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3442: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518164404 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3443: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3444: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #3445: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3446: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518164405 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3447: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3448: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3449: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3450: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3451: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3452: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3453: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3454: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3455: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3456: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3457: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3458: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3459: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3460: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3461: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3462: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3463: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3464: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3465: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3466: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3467: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3468: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3469: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3470: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3471: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164376 (0x1ee28f98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:47:48 2015 Not After : Mon May 18 20:47:48 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c4:01:a1:29:21:3d:cd:06:99:77:1f:af:47:cd:a9: 53:9c:39:f4:57:bf:8d:e2:17:cb:b8:96:ab:99:c8:7e: 64:1f:54:37:38:f2:29:f4:43:42:14:bc:58:59:e6:7b: 6a:40:23:e2:de:63:6e:d6:ae:9a:dd:47:77:27:68:42: 3e:e3:ef:9f:a0:ce:11:7e:b7:94:26:3b:61:2d:30:9d: 24:fa:a2:ff:68:2d:97:fc:24:f2:a3:f1:7a:52:09:20: 46:a8:be:fd:25:af:4e:df:4b:2c:6b:a6:56:ba:c2:eb: e2:4c:7c:7d:b2:7f:54:bf:fe:ef:1f:b0:4d:2f:fb:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:05:2f:57:1f:6e:99:14:18:c4:a8:81:d1:c0:7e:86: 05:3b:f7:b6:fe:48:5b:24:74:4c:e7:b8:96:ea:8f:87: ed:23:95:9f:91:74:df:0f:68:37:e0:32:56:31:43:b8: 50:3d:7c:26:7f:b9:d0:9d:02:5b:89:7a:5c:aa:a4:e5: 09:c4:c1:1d:fd:d1:17:6a:88:15:2e:b9:f0:b2:ae:7f: 63:cc:13:9e:06:d9:40:c3:b0:d0:6f:ce:3e:7f:dd:6c: 39:8e:cf:1a:06:35:86:4a:5f:65:39:7a:09:b0:f5:bf: 90:2c:2d:6d:ee:2a:9c:91:9a:df:16:f4:f6:8e:53:94 Fingerprint (SHA-256): 33:53:37:58:8C:E6:43:44:6D:1E:D8:74:1F:8A:5F:3E:8E:8F:51:28:E0:06:C5:8B:BA:C5:BC:C2:A8:3E:30:22 Fingerprint (SHA1): 83:33:C4:18:6C:B0:0F:13:A3:59:E8:9B:13:0B:5E:6D:9A:42:92:3F Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3472: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3473: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3474: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164406 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3475: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3476: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #3477: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3478: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518164407 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3479: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3480: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #3481: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3482: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518164408 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3483: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3484: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #3485: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3486: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518164409 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3487: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3488: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #3489: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3490: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518164410 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3491: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3492: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #3493: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3494: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518164411 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3495: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3496: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #3497: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3498: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518164412 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3499: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3500: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3501: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164406 (0x1ee28fb6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:49:39 2015 Not After : Mon May 18 20:49:39 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:d2:ce:a5:27:a4:cd:4b:64:cc:37:0f:35:00:30:e8: 3e:03:8b:c8:64:8b:c8:de:3f:ee:1c:be:21:78:d7:19: 57:22:4b:01:e9:f0:10:57:da:62:63:55:50:9d:a0:e9: db:f8:c4:b3:94:02:03:68:b5:14:08:2a:3e:03:f7:a9: be:70:5d:3a:e3:21:74:34:a5:07:25:32:91:70:b6:4a: c3:4c:53:59:3d:5d:7c:61:09:3a:7c:05:68:78:92:95: bc:3d:25:fb:43:69:47:73:f0:b3:e4:d8:5e:cd:77:a7: f1:c2:ac:3e:e5:8e:e0:d9:f7:31:15:fb:a9:5f:ed:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 07:d8:d9:87:21:08:af:af:7a:a1:f6:66:d0:15:db:91: 9d:68:7d:f8:cb:45:de:9b:93:33:83:28:43:1c:db:56: 37:a8:4f:e6:ba:9e:e3:7c:2b:c1:72:3a:0d:37:4e:28: af:66:d3:d0:10:6f:ca:76:88:b2:18:0d:bf:00:42:63: 7e:b4:45:b9:80:68:c9:9c:40:1e:eb:1b:ee:c8:51:a8: 64:f7:26:60:8b:40:b9:f9:66:ca:fa:57:a4:bd:f7:0d: 69:27:81:12:d2:3e:1a:7d:02:1e:42:7d:3a:40:4b:36: 67:69:39:09:5e:57:54:57:84:8e:5c:c4:38:da:78:4c Fingerprint (SHA-256): 88:A5:95:37:9D:D8:8E:85:A1:F1:E7:81:C9:5E:C2:47:5D:A6:56:DD:4F:D8:B2:9B:47:C9:29:53:DD:20:71:AC Fingerprint (SHA1): 03:43:A2:13:F3:1F:F7:7D:63:5B:90:27:24:E7:E7:FE:60:F2:0C:51 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3502: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3503: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3504: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3505: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164406 (0x1ee28fb6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:49:39 2015 Not After : Mon May 18 20:49:39 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:d2:ce:a5:27:a4:cd:4b:64:cc:37:0f:35:00:30:e8: 3e:03:8b:c8:64:8b:c8:de:3f:ee:1c:be:21:78:d7:19: 57:22:4b:01:e9:f0:10:57:da:62:63:55:50:9d:a0:e9: db:f8:c4:b3:94:02:03:68:b5:14:08:2a:3e:03:f7:a9: be:70:5d:3a:e3:21:74:34:a5:07:25:32:91:70:b6:4a: c3:4c:53:59:3d:5d:7c:61:09:3a:7c:05:68:78:92:95: bc:3d:25:fb:43:69:47:73:f0:b3:e4:d8:5e:cd:77:a7: f1:c2:ac:3e:e5:8e:e0:d9:f7:31:15:fb:a9:5f:ed:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 07:d8:d9:87:21:08:af:af:7a:a1:f6:66:d0:15:db:91: 9d:68:7d:f8:cb:45:de:9b:93:33:83:28:43:1c:db:56: 37:a8:4f:e6:ba:9e:e3:7c:2b:c1:72:3a:0d:37:4e:28: af:66:d3:d0:10:6f:ca:76:88:b2:18:0d:bf:00:42:63: 7e:b4:45:b9:80:68:c9:9c:40:1e:eb:1b:ee:c8:51:a8: 64:f7:26:60:8b:40:b9:f9:66:ca:fa:57:a4:bd:f7:0d: 69:27:81:12:d2:3e:1a:7d:02:1e:42:7d:3a:40:4b:36: 67:69:39:09:5e:57:54:57:84:8e:5c:c4:38:da:78:4c Fingerprint (SHA-256): 88:A5:95:37:9D:D8:8E:85:A1:F1:E7:81:C9:5E:C2:47:5D:A6:56:DD:4F:D8:B2:9B:47:C9:29:53:DD:20:71:AC Fingerprint (SHA1): 03:43:A2:13:F3:1F:F7:7D:63:5B:90:27:24:E7:E7:FE:60:F2:0C:51 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3506: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3507: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3508: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3509: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164413 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3510: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3511: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3512: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3513: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164414 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3514: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3515: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3516: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3517: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164415 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3518: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3519: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3520: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3521: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518164416 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3522: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3523: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3524: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3525: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3526: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3527: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164413 (0x1ee28fbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:50:08 2015 Not After : Mon May 18 20:50:08 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:cc:ba:49:a6:0f:4b:9e:15:2b:c1:ae:7a:62:55:e9: 29:4e:8c:58:63:16:f2:8e:8c:c2:47:e7:4a:29:d7:d6: 8a:07:79:6f:96:da:c9:9d:69:0a:a2:d3:bf:40:bb:b4: 76:69:ee:90:4a:86:05:39:93:65:a1:c1:8c:61:ba:00: 30:a3:27:dd:9c:a9:29:d3:28:e8:2a:e4:d6:e4:43:f3: 25:97:cf:10:2a:f9:9a:7c:b6:64:f3:8f:1e:01:a2:ec: 68:8a:b0:f5:12:13:d1:b3:f8:f1:21:45:71:19:9c:37: a4:e6:f3:26:9d:cc:9f:2b:d8:2c:b2:15:02:87:28:bb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:d1:b9:59:f3:2d:7c:a6:3c:78:dc:28:fb:11:4f:13: 96:3d:9d:04:9e:9b:48:c3:4a:ab:2d:7e:7f:ad:0e:f6: 9f:58:17:8c:14:d8:8e:d6:0a:fb:4a:98:29:84:77:be: c1:e4:63:e6:67:62:fc:cd:8d:74:84:4d:75:bd:0d:6e: db:0b:41:20:7c:cb:50:2b:33:82:a1:48:e2:d4:af:10: 05:75:62:01:f7:51:41:2c:a1:d7:1d:a6:61:ca:74:e2: b8:7f:8b:22:26:22:1c:dd:c8:cd:30:94:02:1b:9f:8c: ed:0e:e5:32:9f:e6:16:6a:f4:a0:2d:b5:2e:10:89:4d Fingerprint (SHA-256): 42:9F:5C:89:F0:D6:86:7F:61:C7:87:B3:F1:52:59:BD:61:8B:52:15:48:7E:72:85:15:7F:6C:19:A8:09:DF:0D Fingerprint (SHA1): 25:84:A0:9C:1B:DC:46:F5:E2:87:44:B3:C6:67:DF:48:77:3F:8A:65 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3528: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3529: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3530: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164414 (0x1ee28fbe) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:50:11 2015 Not After : Mon May 18 20:50:11 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:c6:7a:54:9b:f5:78:90:d4:d5:f4:ee:d8:72:f1:7e: da:40:b9:75:e0:e4:7b:54:36:29:78:2b:fd:da:99:86: cc:93:ce:86:99:89:08:00:cc:43:ae:2f:0d:c8:ad:fd: c0:de:47:b1:8b:1f:af:b3:c2:12:4d:08:28:2b:fa:8a: 85:bb:ec:6d:60:78:57:94:0c:02:e4:d9:40:c1:1e:8e: d0:ad:c9:56:2a:60:f7:92:f7:40:65:5c:ba:fd:91:27: 36:df:bc:57:01:36:96:61:44:fd:2a:bd:01:19:00:0f: 35:fb:9a:a9:fd:57:03:2b:c2:5c:28:b6:38:59:2e:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:23:2e:b1:76:8b:e4:cf:2c:d6:9d:d2:cb:82:a0:85: ad:f5:9e:bc:4a:95:62:1d:e1:60:51:4e:40:84:8e:8a: 54:12:5e:f4:61:0f:a1:0d:5c:a5:e3:e3:4a:c5:e4:52: 8e:13:f1:58:7c:bd:e5:a4:22:23:88:38:0f:e7:9a:0a: bf:53:c8:0d:2f:44:ae:62:c8:57:90:0f:f0:0e:09:3b: 69:7c:6f:c1:ea:39:00:b8:87:aa:30:1c:14:bd:59:93: f4:eb:c7:fd:ba:2c:06:31:28:3f:6d:8d:ea:22:7d:f1: 18:9a:ae:21:30:53:0b:d4:11:13:68:60:b3:51:cc:88 Fingerprint (SHA-256): FD:0A:13:69:84:EF:1E:CC:C7:0B:3C:B4:40:84:CD:5C:B9:77:3E:75:42:48:08:44:95:BB:AC:BD:CC:8E:6C:2E Fingerprint (SHA1): 6F:AB:F5:D6:D8:CA:AE:87:01:49:40:A5:0E:77:F4:00:35:09:26:8C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3531: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3532: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164415 (0x1ee28fbf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:50:14 2015 Not After : Mon May 18 20:50:14 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:29:63:b6:6e:02:cc:20:86:84:d8:eb:c6:4d:09:62: 7e:98:52:ae:a4:76:d3:e1:e2:93:8b:24:3b:35:fa:e2: 61:7f:2f:8b:00:8a:89:3a:48:32:fe:d2:a1:82:6e:b8: a8:d3:df:e3:c3:3e:34:0e:af:71:dd:89:0b:bd:87:29: c6:02:4d:be:a8:15:fd:c9:31:13:dd:ed:0f:19:b7:14: 15:75:24:ad:a6:af:ea:32:e6:27:d1:0b:d7:64:92:6e: f5:dd:8c:f3:19:12:86:c6:4f:cd:fd:5a:ce:a0:1f:93: 73:b6:4d:42:4a:db:dc:47:96:1b:19:fe:99:17:08:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:12:b4:a2:ea:b7:81:49:cf:ba:3d:4d:8f:88:e9:b2: 45:4b:e1:16:9c:2c:25:f6:40:fe:98:77:dc:ce:ba:e7: bf:64:a1:13:9f:a5:1d:58:72:b0:df:18:88:9b:be:63: 78:69:68:30:2d:53:12:33:b0:33:e9:12:97:42:9d:b2: c0:c3:33:2a:2f:74:41:c2:f6:65:1b:e2:c3:dc:94:70: 69:be:8e:29:21:2a:7c:79:46:cd:d0:ca:3d:15:43:c2: 30:6b:75:9c:23:5b:dc:9e:05:c3:a9:da:5b:56:ee:4e: 87:ee:48:6e:82:7b:2d:ba:4b:b8:7b:3f:b5:67:fe:b3 Fingerprint (SHA-256): B9:D5:D0:FA:42:D7:EC:23:23:0F:33:E8:6D:D8:3E:B8:BD:1C:A2:F7:38:5A:19:3C:A9:E8:13:88:4B:D3:5B:8A Fingerprint (SHA1): 46:C6:47:8A:D5:FD:8C:50:82:E0:80:D6:FB:9A:75:1A:04:AC:83:3A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3533: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3534: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164417 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3535: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3536: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3537: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3538: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164418 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3539: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3540: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3541: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3542: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164419 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3543: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3544: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3545: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3546: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518164420 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3547: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3548: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3549: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3550: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518164421 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3551: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3552: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3553: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3554: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3555: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3556: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #3557: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164417 (0x1ee28fc1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:50:24 2015 Not After : Mon May 18 20:50:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:54:75:c5:8f:45:7c:94:07:b8:a8:b6:3a:c7:f7:9c: 2b:96:59:5e:2c:52:7e:c0:e6:83:f5:a2:94:c1:6d:9d: 39:5f:42:6d:2e:eb:59:11:8a:59:08:63:67:6f:45:77: 24:fb:f4:aa:bb:45:c2:b1:09:97:a0:65:37:12:66:89: f9:f1:72:ae:bd:7b:52:96:00:ea:6a:b8:04:dc:f8:35: 08:54:08:54:a8:37:48:35:26:55:28:3b:5b:74:1c:e9: 18:22:8b:5f:76:9d:d0:71:ed:13:e1:c7:56:dd:36:40: 9e:30:c5:37:46:81:d7:1e:d6:ef:04:ae:96:18:46:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:eb:6a:8a:93:41:0b:9e:31:dc:08:e5:7a:4c:b3:05: af:cd:a7:f7:2d:7c:fe:9d:94:a5:c2:62:e2:e5:20:e0: 3e:61:a4:54:81:67:57:49:f1:40:14:24:65:8d:c5:62: 36:f9:4e:47:3c:ea:32:07:8d:30:24:9b:57:1c:a6:13: 5f:f3:d4:af:44:03:ef:7c:82:31:3b:55:69:c3:15:4a: 84:b3:fc:f2:57:97:13:b1:f4:7a:fe:ef:29:53:c1:a7: 47:51:f8:9c:f4:61:35:23:dd:ab:10:54:7a:5e:c4:97: 5b:2c:41:ca:00:70:b2:43:26:06:b1:0e:ab:33:d8:22 Fingerprint (SHA-256): 70:13:2E:1B:66:6E:00:88:A3:B6:5F:46:7C:76:3C:F8:D1:76:29:AB:18:E2:EE:26:F7:77:F9:D6:0E:89:C5:45 Fingerprint (SHA1): 07:4B:04:1C:55:CA:23:2D:24:AE:73:51:10:C8:B5:AC:7D:6C:57:75 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3558: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3559: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164418 (0x1ee28fc2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:50:28 2015 Not After : Mon May 18 20:50:28 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 91:0c:ce:2b:c8:e8:b4:9d:da:81:4b:f0:76:8a:d1:65: 55:81:30:8d:a1:3b:9a:9b:58:47:00:87:24:8f:d2:6f: e3:19:66:6b:f7:e4:ff:a1:9d:a0:26:5b:2d:49:e1:28: d6:54:af:44:9a:d7:b4:97:88:a9:db:1c:25:72:71:5a: f2:d7:e7:cd:1c:32:22:be:36:35:64:62:36:99:2d:b1: dd:a5:d8:11:2d:1f:4e:d3:f2:a5:f6:9e:3e:f0:bd:59: d8:1e:71:e2:ce:5c:41:fe:50:04:17:c1:e7:4a:e2:23: be:ae:0a:f3:fa:3b:94:f3:5e:09:bd:32:54:b3:c0:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:2a:dd:ca:37:e7:e3:a3:9e:0c:c7:aa:24:26:97:02: 32:2f:25:66:fb:b8:2b:3c:59:aa:fb:8f:4e:dc:75:2f: b8:02:95:9b:15:38:c9:3e:f5:3e:ff:59:1c:a0:66:14: 14:0d:aa:72:42:81:ed:4f:f4:95:6e:78:9b:72:5b:4c: 9a:38:36:d7:eb:b8:72:16:88:a7:af:7b:87:9e:1b:6a: 64:51:da:0a:e6:46:21:99:e8:df:16:35:a2:12:33:fb: d2:be:33:f5:7b:7c:bd:47:ab:8c:00:05:7b:a4:2d:20: b3:7b:7e:2f:45:0b:b1:1b:11:ce:c1:be:d4:d9:5a:b2 Fingerprint (SHA-256): 72:06:F2:8C:CC:33:09:A4:14:6E:1A:C9:66:71:FC:30:ED:45:CE:58:5B:37:2A:6F:8A:E6:A0:7A:8F:C2:3C:F7 Fingerprint (SHA1): 68:CB:E2:51:7B:CD:95:83:80:D0:BF:6F:6E:9F:A2:BE:99:1B:AC:04 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3560: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3561: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3562: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164419 (0x1ee28fc3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:50:31 2015 Not After : Mon May 18 20:50:31 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:f7:ee:93:93:fa:54:cf:dc:05:23:aa:29:ae:b5:a6: d9:31:02:fb:ad:78:c7:ac:b0:33:6a:fa:a5:6d:d3:ec: 0a:92:06:5e:62:51:91:f2:86:18:4b:ad:52:4d:58:87: 17:8d:1f:28:01:55:16:99:b4:32:c6:79:0f:e7:cd:7d: fd:d8:59:ee:75:0f:2f:37:be:c8:72:a9:ba:ac:a1:7c: ca:26:6b:a1:37:60:e5:e6:7e:74:2f:65:3e:4d:a9:b9: 4f:94:31:8e:84:cf:2e:46:a8:52:28:dd:28:b2:92:d4: 02:82:31:bb:1d:14:e2:de:46:67:7d:fb:69:06:50:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 60:ae:c3:36:22:58:29:cc:e8:77:a3:ce:33:ba:5d:ee: da:11:ea:05:70:e1:c7:b1:a8:b1:22:eb:4a:65:7d:22: 97:66:b0:2f:6d:0c:e0:ae:6f:41:1f:1f:7b:41:91:fb: bf:d0:78:b9:1a:3e:2b:f6:8c:6c:fd:5b:38:36:c0:4c: 67:10:f5:a4:c9:25:20:a1:1f:fc:9e:1d:09:40:b1:5e: ff:6a:1b:5d:9a:c2:96:5a:3f:af:26:97:a1:00:e8:3f: eb:f1:0f:c9:10:9e:c6:f4:ce:73:de:62:78:d2:b6:b6: fc:70:ad:3c:9f:ec:52:01:e1:20:cb:d7:c8:7e:5b:5f Fingerprint (SHA-256): B8:62:ED:42:F7:23:25:2C:E3:AC:02:EE:E2:C3:96:FC:B4:CE:4A:5A:26:DB:61:82:17:04:47:E9:7B:26:C5:A6 Fingerprint (SHA1): BC:84:4C:A3:C9:31:A6:73:7C:2F:51:40:AB:74:8A:60:E5:3E:EF:27 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3563: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3564: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164422 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3565: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3566: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3567: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3568: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164423 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3569: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3570: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3571: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3572: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164424 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA1Root-518164331.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3573: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3574: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3575: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3576: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518164425 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3577: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3578: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #3579: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164422 (0x1ee28fc6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:50:49 2015 Not After : Mon May 18 20:50:49 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:93:2c:45:05:ec:0c:05:5d:64:c6:95:10:0a:d8:95: 00:4e:b1:f1:c2:ca:f9:1c:04:2c:b8:13:26:5f:8b:47: 6f:b3:00:b3:f5:6e:2a:67:e6:92:cd:f4:8d:a6:7f:15: 6f:71:ba:a8:da:26:f5:7c:70:17:c0:4b:ab:bc:18:38: ac:01:5f:11:6f:93:f7:29:a2:f6:2d:7b:8c:4e:16:0e: 54:78:03:3b:ff:b0:36:ab:89:c5:66:b6:49:e1:a3:8c: 92:fe:83:bb:78:5c:1a:2a:d6:e5:df:1e:c6:98:1a:f7: c0:da:4c:e4:5f:ae:a5:7b:b0:dd:95:fb:ac:a8:0e:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:ed:e7:2f:af:02:4f:31:aa:3a:86:ae:dc:43:fa:c4: 4a:5b:74:36:b1:46:ce:57:8a:7f:67:f1:19:27:69:f0: b6:65:f3:9a:90:07:2e:8d:43:7d:33:1e:b1:99:f3:31: 19:61:91:cf:17:07:84:6c:c6:4e:e2:37:a6:6e:54:a7: 63:22:6c:68:99:08:a9:1f:f2:89:18:4a:50:0e:49:95: 2e:4a:1b:b5:8f:21:ff:60:62:42:72:03:ce:46:b5:f9: a6:3d:7e:05:99:06:d8:9b:5a:10:3e:3c:c7:cc:57:e5: 97:78:ac:19:9f:ce:f0:24:09:33:04:71:61:8e:a2:2b Fingerprint (SHA-256): 0D:56:36:A3:69:B4:81:70:C9:8E:72:61:A2:CD:9A:6B:5C:53:E4:D9:E4:DA:3A:95:75:88:05:D5:17:B4:B5:F6 Fingerprint (SHA1): E7:6B:D1:58:37:97:42:A4:72:50:57:9B:B6:C8:92:FA:54:8D:2F:CC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3580: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3581: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164426 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3582: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3583: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3584: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164427 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3585: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3586: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3587: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3588: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518164428 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3589: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3590: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518164429 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3591: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3592: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3593: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3594: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3595: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518164430 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518164332.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3596: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3597: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3598: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3599: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164431 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3600: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3601: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3602: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3603: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164427 (0x1ee28fcb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:06 2015 Not After : Mon May 18 20:51:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:14:fc:b3:68:3a:c3:d6:3f:27:e9:8f:8e:e1:05:2a: 79:02:8a:c1:5b:db:67:34:0f:0f:68:4e:b5:a6:9e:2d: 7d:13:2a:d5:7d:d9:37:b2:71:ee:5b:10:24:c1:9b:e3: b2:1f:db:fd:2b:9b:86:09:77:fc:6e:20:2f:9a:28:d3: aa:e6:2a:00:25:08:e0:68:70:9f:a7:a0:b7:c3:ab:29: 0f:15:12:9f:fe:83:e3:63:70:cb:84:ac:5b:7b:6c:53: af:d9:6b:30:ab:88:ab:aa:b9:af:b0:2c:61:70:8d:88: 22:4c:e7:d8:e6:4d:48:20:a2:d3:f4:8c:56:b8:bc:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c8:da:69:34:df:9d:d2:28:97:17:3f:65:27:b7:79:38: f9:0c:aa:22:5f:df:d6:61:c0:c2:78:78:8c:99:b0:88: 7c:1c:99:7d:a4:5c:83:f6:44:73:bc:2d:b2:af:67:ad: fe:ed:63:55:1c:87:69:4f:8d:e4:3c:ce:4f:15:3f:3b: ea:be:13:17:90:0f:c2:36:6e:bc:83:21:a4:3e:22:2f: 6c:b9:26:ee:0e:e2:b9:c2:12:67:dc:ef:f4:24:a2:5d: b1:68:2b:5c:a8:b5:ee:6b:c2:b2:85:88:23:3a:9f:a2: 56:1a:c5:f3:93:09:9e:64:c9:e4:12:32:a8:2c:7d:b4 Fingerprint (SHA-256): 26:D0:59:EE:E5:BA:40:34:3F:14:6C:50:94:29:F8:A0:C2:8E:A9:72:1F:F2:8B:1F:4A:15:CF:E0:93:A8:E7:D9 Fingerprint (SHA1): 70:FB:FA:37:A3:D6:82:4C:BD:74:31:B4:9C:C0:92:2C:91:42:AA:16 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3604: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164427 (0x1ee28fcb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:06 2015 Not After : Mon May 18 20:51:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:14:fc:b3:68:3a:c3:d6:3f:27:e9:8f:8e:e1:05:2a: 79:02:8a:c1:5b:db:67:34:0f:0f:68:4e:b5:a6:9e:2d: 7d:13:2a:d5:7d:d9:37:b2:71:ee:5b:10:24:c1:9b:e3: b2:1f:db:fd:2b:9b:86:09:77:fc:6e:20:2f:9a:28:d3: aa:e6:2a:00:25:08:e0:68:70:9f:a7:a0:b7:c3:ab:29: 0f:15:12:9f:fe:83:e3:63:70:cb:84:ac:5b:7b:6c:53: af:d9:6b:30:ab:88:ab:aa:b9:af:b0:2c:61:70:8d:88: 22:4c:e7:d8:e6:4d:48:20:a2:d3:f4:8c:56:b8:bc:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c8:da:69:34:df:9d:d2:28:97:17:3f:65:27:b7:79:38: f9:0c:aa:22:5f:df:d6:61:c0:c2:78:78:8c:99:b0:88: 7c:1c:99:7d:a4:5c:83:f6:44:73:bc:2d:b2:af:67:ad: fe:ed:63:55:1c:87:69:4f:8d:e4:3c:ce:4f:15:3f:3b: ea:be:13:17:90:0f:c2:36:6e:bc:83:21:a4:3e:22:2f: 6c:b9:26:ee:0e:e2:b9:c2:12:67:dc:ef:f4:24:a2:5d: b1:68:2b:5c:a8:b5:ee:6b:c2:b2:85:88:23:3a:9f:a2: 56:1a:c5:f3:93:09:9e:64:c9:e4:12:32:a8:2c:7d:b4 Fingerprint (SHA-256): 26:D0:59:EE:E5:BA:40:34:3F:14:6C:50:94:29:F8:A0:C2:8E:A9:72:1F:F2:8B:1F:4A:15:CF:E0:93:A8:E7:D9 Fingerprint (SHA1): 70:FB:FA:37:A3:D6:82:4C:BD:74:31:B4:9C:C0:92:2C:91:42:AA:16 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3605: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3606: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164432 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3607: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3608: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3609: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164433 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3610: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3611: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3612: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3613: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518164434 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3614: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3615: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518164435 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3616: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3617: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3618: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3619: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3620: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518164436 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-Bridge-518164333.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3621: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3622: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3623: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3624: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164437 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3625: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3626: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3627: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3628: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518164438 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-BridgeNavy-518164334.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3629: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3630: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3631: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3632: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518164439 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3633: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3634: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3635: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3636: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164433 (0x1ee28fd1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:25 2015 Not After : Mon May 18 20:51:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:0d:8a:17:e0:d2:0e:27:2d:79:d9:72:66:cd:37:b8: 6f:a3:42:29:d7:44:4a:69:46:a1:63:43:cc:32:c0:e8: 07:d7:b5:77:e0:ab:c4:88:33:f2:28:60:1e:d0:6d:f2: 40:ee:e9:6c:10:0d:9e:78:db:2e:09:1b:67:52:46:43: 65:c3:02:31:c3:b3:6e:fe:47:b6:bc:4b:70:e0:c4:fb: e9:ef:38:67:75:82:de:9b:87:b5:59:80:02:19:ec:d1: e0:4a:51:15:f2:cb:6a:ee:42:7d:d5:a1:73:b6:21:df: 8c:fb:42:b8:36:a0:30:71:53:12:eb:d5:8e:ba:a1:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:46:76:02:27:da:a9:d7:67:1c:24:29:6c:49:b9:47: 01:d1:b6:29:33:c6:a7:d9:02:bd:ac:99:a4:47:2a:a8: e2:a9:78:94:9f:b7:95:c4:1d:fc:76:0f:da:6f:76:8c: a2:ab:7d:81:b3:50:67:ad:6f:25:8c:77:1c:22:15:ce: f1:62:65:df:67:38:9d:26:a9:55:ec:ab:81:63:8d:87: c8:92:5b:fe:42:71:85:12:e2:5a:03:45:ff:bb:14:2c: b5:ef:b4:ac:81:e1:44:5b:94:29:6c:cf:0b:e7:53:f9: a5:62:44:ad:e5:98:db:c8:ac:be:fa:17:ec:f6:c3:66 Fingerprint (SHA-256): 0A:2A:6B:79:21:31:67:1B:CE:AB:15:D4:6E:9A:11:11:46:89:21:37:4D:2A:32:D7:8D:8C:C1:67:9B:37:74:8C Fingerprint (SHA1): 53:26:AC:65:F6:40:35:1C:27:BD:8F:82:3C:C4:E9:4F:F7:73:DE:F0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3637: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164433 (0x1ee28fd1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:25 2015 Not After : Mon May 18 20:51:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:0d:8a:17:e0:d2:0e:27:2d:79:d9:72:66:cd:37:b8: 6f:a3:42:29:d7:44:4a:69:46:a1:63:43:cc:32:c0:e8: 07:d7:b5:77:e0:ab:c4:88:33:f2:28:60:1e:d0:6d:f2: 40:ee:e9:6c:10:0d:9e:78:db:2e:09:1b:67:52:46:43: 65:c3:02:31:c3:b3:6e:fe:47:b6:bc:4b:70:e0:c4:fb: e9:ef:38:67:75:82:de:9b:87:b5:59:80:02:19:ec:d1: e0:4a:51:15:f2:cb:6a:ee:42:7d:d5:a1:73:b6:21:df: 8c:fb:42:b8:36:a0:30:71:53:12:eb:d5:8e:ba:a1:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:46:76:02:27:da:a9:d7:67:1c:24:29:6c:49:b9:47: 01:d1:b6:29:33:c6:a7:d9:02:bd:ac:99:a4:47:2a:a8: e2:a9:78:94:9f:b7:95:c4:1d:fc:76:0f:da:6f:76:8c: a2:ab:7d:81:b3:50:67:ad:6f:25:8c:77:1c:22:15:ce: f1:62:65:df:67:38:9d:26:a9:55:ec:ab:81:63:8d:87: c8:92:5b:fe:42:71:85:12:e2:5a:03:45:ff:bb:14:2c: b5:ef:b4:ac:81:e1:44:5b:94:29:6c:cf:0b:e7:53:f9: a5:62:44:ad:e5:98:db:c8:ac:be:fa:17:ec:f6:c3:66 Fingerprint (SHA-256): 0A:2A:6B:79:21:31:67:1B:CE:AB:15:D4:6E:9A:11:11:46:89:21:37:4D:2A:32:D7:8D:8C:C1:67:9B:37:74:8C Fingerprint (SHA1): 53:26:AC:65:F6:40:35:1C:27:BD:8F:82:3C:C4:E9:4F:F7:73:DE:F0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3638: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #3639: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164432 (0x1ee28fd0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:51:22 2015 Not After : Mon May 18 20:51:22 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:6d:86:8d:1c:2e:3b:2a:05:d7:3b:ab:ca:a3:c0:56: 9a:b1:65:20:09:1a:42:c8:15:fb:b9:37:c1:e9:95:5d: b9:dc:ec:dc:0e:f8:af:a9:bf:98:9a:5f:4d:22:06:7b: 32:44:fa:72:53:7e:5c:21:a1:33:f8:aa:24:d8:4d:38: 5e:f5:e1:e1:fb:8a:95:77:69:f0:ca:9e:1a:62:5c:45: e5:8a:1f:ed:1a:a6:d0:15:7a:ac:09:2c:91:e8:56:86: be:f0:be:25:c9:e1:6b:91:34:76:98:b9:f3:3d:72:7c: de:09:60:ff:ad:35:20:09:bb:f0:e6:3a:16:f0:ac:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:f4:3b:c6:be:e3:09:50:c2:86:39:46:1d:7b:17:0f: 3c:70:d3:86:9b:27:c9:f1:e8:34:01:33:70:94:f5:a7: 06:bc:3d:cb:83:64:95:f5:4c:b2:e3:50:e6:82:3e:3f: b6:1d:c4:e3:fa:c0:43:fa:bd:c3:87:c8:0d:00:cc:7e: fd:f3:cf:b0:33:0b:da:f6:0c:62:08:a0:a0:e7:4f:49: 2b:b7:72:80:d2:4d:49:cf:28:fd:56:aa:f8:a2:0b:39: 75:39:63:9d:12:75:0b:d5:7b:3e:8a:e1:12:c0:33:97: 1f:0d:55:c3:2a:2a:cd:49:c0:a2:cc:3f:db:c9:4c:b6 Fingerprint (SHA-256): EF:5E:2D:40:39:8E:F4:50:8A:8E:44:07:E4:4D:84:81:77:D3:D8:EE:33:85:1F:92:BF:8F:82:9F:AF:9B:87:8F Fingerprint (SHA1): 09:46:84:B9:FD:A2:A0:E4:40:51:A4:E8:17:88:45:8D:9F:8D:65:DF Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3640: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164433 (0x1ee28fd1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:25 2015 Not After : Mon May 18 20:51:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:0d:8a:17:e0:d2:0e:27:2d:79:d9:72:66:cd:37:b8: 6f:a3:42:29:d7:44:4a:69:46:a1:63:43:cc:32:c0:e8: 07:d7:b5:77:e0:ab:c4:88:33:f2:28:60:1e:d0:6d:f2: 40:ee:e9:6c:10:0d:9e:78:db:2e:09:1b:67:52:46:43: 65:c3:02:31:c3:b3:6e:fe:47:b6:bc:4b:70:e0:c4:fb: e9:ef:38:67:75:82:de:9b:87:b5:59:80:02:19:ec:d1: e0:4a:51:15:f2:cb:6a:ee:42:7d:d5:a1:73:b6:21:df: 8c:fb:42:b8:36:a0:30:71:53:12:eb:d5:8e:ba:a1:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:46:76:02:27:da:a9:d7:67:1c:24:29:6c:49:b9:47: 01:d1:b6:29:33:c6:a7:d9:02:bd:ac:99:a4:47:2a:a8: e2:a9:78:94:9f:b7:95:c4:1d:fc:76:0f:da:6f:76:8c: a2:ab:7d:81:b3:50:67:ad:6f:25:8c:77:1c:22:15:ce: f1:62:65:df:67:38:9d:26:a9:55:ec:ab:81:63:8d:87: c8:92:5b:fe:42:71:85:12:e2:5a:03:45:ff:bb:14:2c: b5:ef:b4:ac:81:e1:44:5b:94:29:6c:cf:0b:e7:53:f9: a5:62:44:ad:e5:98:db:c8:ac:be:fa:17:ec:f6:c3:66 Fingerprint (SHA-256): 0A:2A:6B:79:21:31:67:1B:CE:AB:15:D4:6E:9A:11:11:46:89:21:37:4D:2A:32:D7:8D:8C:C1:67:9B:37:74:8C Fingerprint (SHA1): 53:26:AC:65:F6:40:35:1C:27:BD:8F:82:3C:C4:E9:4F:F7:73:DE:F0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3641: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164433 (0x1ee28fd1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:25 2015 Not After : Mon May 18 20:51:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:0d:8a:17:e0:d2:0e:27:2d:79:d9:72:66:cd:37:b8: 6f:a3:42:29:d7:44:4a:69:46:a1:63:43:cc:32:c0:e8: 07:d7:b5:77:e0:ab:c4:88:33:f2:28:60:1e:d0:6d:f2: 40:ee:e9:6c:10:0d:9e:78:db:2e:09:1b:67:52:46:43: 65:c3:02:31:c3:b3:6e:fe:47:b6:bc:4b:70:e0:c4:fb: e9:ef:38:67:75:82:de:9b:87:b5:59:80:02:19:ec:d1: e0:4a:51:15:f2:cb:6a:ee:42:7d:d5:a1:73:b6:21:df: 8c:fb:42:b8:36:a0:30:71:53:12:eb:d5:8e:ba:a1:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:46:76:02:27:da:a9:d7:67:1c:24:29:6c:49:b9:47: 01:d1:b6:29:33:c6:a7:d9:02:bd:ac:99:a4:47:2a:a8: e2:a9:78:94:9f:b7:95:c4:1d:fc:76:0f:da:6f:76:8c: a2:ab:7d:81:b3:50:67:ad:6f:25:8c:77:1c:22:15:ce: f1:62:65:df:67:38:9d:26:a9:55:ec:ab:81:63:8d:87: c8:92:5b:fe:42:71:85:12:e2:5a:03:45:ff:bb:14:2c: b5:ef:b4:ac:81:e1:44:5b:94:29:6c:cf:0b:e7:53:f9: a5:62:44:ad:e5:98:db:c8:ac:be:fa:17:ec:f6:c3:66 Fingerprint (SHA-256): 0A:2A:6B:79:21:31:67:1B:CE:AB:15:D4:6E:9A:11:11:46:89:21:37:4D:2A:32:D7:8D:8C:C1:67:9B:37:74:8C Fingerprint (SHA1): 53:26:AC:65:F6:40:35:1C:27:BD:8F:82:3C:C4:E9:4F:F7:73:DE:F0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3642: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3643: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164440 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3644: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3645: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3646: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164441 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3647: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3648: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #3649: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3650: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518164442 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3651: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3652: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #3653: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3654: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518164443 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3655: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3656: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3657: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3658: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518164444 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3659: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3660: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518164445 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3661: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3662: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #3663: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3664: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3665: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518164446 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3666: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3667: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3668: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3669: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518164447 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3670: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3671: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3672: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3673: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164448 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3674: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3675: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3676: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3677: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518164449 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3678: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3679: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3680: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164440 (0x1ee28fd8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:51:49 2015 Not After : Mon May 18 20:51:49 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:fe:4a:c0:6f:15:0a:5c:57:c4:7c:e9:f4:5f:64:2c: 0a:fe:1d:1a:a0:43:38:c7:93:43:2b:c4:a9:2c:c6:9b: b3:1d:95:c8:0d:f7:2a:41:0b:be:5b:f5:d1:75:76:9c: 8c:c8:a6:c7:85:7c:ce:12:92:b4:85:1f:de:a0:90:08: ac:fd:61:b7:37:14:cb:f0:54:8f:a9:fe:c5:95:80:48: 06:76:18:45:52:37:54:da:07:e9:9d:44:ce:46:c7:3b: a3:3f:ed:cd:c6:3b:ae:9a:0a:96:11:e3:76:93:2f:f0: 38:09:13:3f:73:74:12:8c:63:3d:5b:94:79:f6:87:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c3:52:84:7b:c2:72:66:90:e4:ce:b2:ec:ef:25:c8:74: cd:ec:9c:f3:d5:4c:ff:17:67:63:2c:fe:21:42:7d:10: 5e:c4:4b:d1:52:52:8b:8c:ac:c5:e0:12:d7:d1:dd:c9: ed:48:f7:34:cd:e0:6b:d0:ff:5d:b8:0c:36:59:f1:62: 1f:cd:10:cc:8d:60:be:b8:0a:bf:88:2f:5a:08:33:c3: ba:73:52:8c:a7:69:28:30:e9:cd:84:61:08:30:05:da: 4c:fe:92:8e:70:17:c8:52:02:03:63:3e:ab:45:e5:34: 4c:c4:a7:3a:06:7b:86:35:d0:87:ac:51:62:ae:5c:42 Fingerprint (SHA-256): 71:F5:4E:5B:93:00:C3:BA:D1:2F:52:CB:05:6D:24:A3:C9:63:70:8D:C2:7B:CB:83:DC:3F:3A:F0:FF:AC:CD:5D Fingerprint (SHA1): 0D:FA:C0:29:48:0F:19:75:64:50:29:2F:B9:59:36:89:37:2E:E0:66 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #3681: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3682: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3683: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3684: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3685: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3686: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3687: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3688: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3689: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164441 (0x1ee28fd9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:51:51 2015 Not After : Mon May 18 20:51:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:0e:e7:b8:28:19:db:42:df:0b:b2:12:d9:53:13:9a: b0:b5:95:b1:ce:e6:a8:18:8b:2c:f9:c6:19:4c:b6:0e: 9f:90:32:d9:27:99:21:d4:14:5d:ea:0a:88:f0:0f:94: 5e:36:79:77:5e:a2:3a:7a:cf:e0:8c:04:9b:4a:13:87: 89:9c:9c:52:6d:08:58:8e:cc:0d:c4:60:7b:e9:5a:8f: a6:69:68:21:bf:67:15:21:4c:f9:ea:55:7f:48:d9:8b: 74:0d:af:71:d4:49:87:38:44:05:99:4e:2f:d0:a8:f0: 02:b2:c8:d6:91:44:1b:7f:7b:cc:bf:3d:1a:c7:ca:b1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 18:24:38:b1:9a:b2:95:c4:db:3d:9c:fe:f5:32:03:79: a5:d8:96:f2:b8:79:9d:76:fd:32:38:9d:86:67:34:40: 21:9f:f9:1a:55:54:38:56:9d:f7:c0:da:56:33:6a:3b: f1:5c:c4:b7:d3:75:66:a9:b1:ba:2e:e5:8f:08:22:81: c8:36:19:05:e5:56:a2:07:e9:d6:5b:ce:27:ec:9b:7b: 04:e3:44:29:d5:4a:cb:f6:3a:43:3b:2c:21:aa:1b:24: 5b:ab:63:04:40:1a:98:ec:a4:a9:26:09:ab:41:34:80: 20:87:09:c7:44:84:8f:73:39:50:f9:fc:68:f5:47:86 Fingerprint (SHA-256): C3:EF:79:6E:08:FE:7A:4A:B3:F5:37:9B:47:5F:80:9A:5B:E6:87:9A:B9:50:3E:87:08:C3:2E:28:5E:E6:D7:A8 Fingerprint (SHA1): CC:77:9A:E1:38:DB:4B:4F:4C:98:EA:45:B3:5D:CB:FA:C1:74:DE:DD Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #3690: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3691: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3692: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3693: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3694: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3695: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3696: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #3697: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #3698: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #3699: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #3700: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #3701: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #3702: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #3703: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3704: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3705: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3706: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3707: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3708: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164450 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3709: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3710: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3711: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3712: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164451 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3713: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3714: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3715: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3716: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164452 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3717: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3718: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3719: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3720: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518164453 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3721: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3722: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3723: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3724: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518164454 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3725: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3726: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3727: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3728: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518164455 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3729: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3730: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3731: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3732: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518164456 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3733: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3734: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #3735: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3736: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518164457 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3737: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3738: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3739: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3740: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518164458 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3741: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3742: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3743: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164450 (0x1ee28fe2) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:52:35 2015 Not After : Mon May 18 20:52:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:ff:4d:26:75:d1:1f:0c:d1:fc:70:41:7f:6d:68:49: a1:b6:6a:b8:64:fb:a9:6f:e8:3f:5d:c8:32:a8:0b:8c: 5b:23:93:23:5f:06:32:80:85:8b:83:b3:a2:32:89:34: 4b:db:9e:d5:21:92:90:f2:7c:b7:27:70:81:71:ac:3f: fc:e4:91:42:08:67:9d:31:2e:48:18:34:e1:bd:19:5b: e6:e5:b4:99:83:07:ec:5e:4e:c9:b8:3f:6e:0a:ef:b5: a4:a5:49:39:61:45:9b:c0:e3:af:30:83:ab:e3:21:2e: 2c:e5:c2:1f:60:31:0b:04:99:25:16:67:1b:96:e1:d3 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:a0:70:95:c3:62:9b:8d:28:b6:a7:ad: d0:b2:13:26:4a:ab:85:7f:9e:02:15:00:ad:bd:4b:52: 00:77:f0:db:10:38:7e:73:f6:1c:c2:3f:13:00:34:a4 Fingerprint (SHA-256): C4:15:BA:13:9A:16:B9:50:2D:E1:DB:30:6C:32:19:DF:D1:86:DD:7B:C1:C4:48:07:A3:2D:30:8E:7B:D0:C5:14 Fingerprint (SHA1): CA:FE:4D:00:6C:7B:5B:65:BE:24:EA:59:16:D2:EF:AF:75:52:C6:6A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3744: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164450 (0x1ee28fe2) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:52:35 2015 Not After : Mon May 18 20:52:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:ff:4d:26:75:d1:1f:0c:d1:fc:70:41:7f:6d:68:49: a1:b6:6a:b8:64:fb:a9:6f:e8:3f:5d:c8:32:a8:0b:8c: 5b:23:93:23:5f:06:32:80:85:8b:83:b3:a2:32:89:34: 4b:db:9e:d5:21:92:90:f2:7c:b7:27:70:81:71:ac:3f: fc:e4:91:42:08:67:9d:31:2e:48:18:34:e1:bd:19:5b: e6:e5:b4:99:83:07:ec:5e:4e:c9:b8:3f:6e:0a:ef:b5: a4:a5:49:39:61:45:9b:c0:e3:af:30:83:ab:e3:21:2e: 2c:e5:c2:1f:60:31:0b:04:99:25:16:67:1b:96:e1:d3 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:a0:70:95:c3:62:9b:8d:28:b6:a7:ad: d0:b2:13:26:4a:ab:85:7f:9e:02:15:00:ad:bd:4b:52: 00:77:f0:db:10:38:7e:73:f6:1c:c2:3f:13:00:34:a4 Fingerprint (SHA-256): C4:15:BA:13:9A:16:B9:50:2D:E1:DB:30:6C:32:19:DF:D1:86:DD:7B:C1:C4:48:07:A3:2D:30:8E:7B:D0:C5:14 Fingerprint (SHA1): CA:FE:4D:00:6C:7B:5B:65:BE:24:EA:59:16:D2:EF:AF:75:52:C6:6A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3745: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164450 (0x1ee28fe2) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:52:35 2015 Not After : Mon May 18 20:52:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:ff:4d:26:75:d1:1f:0c:d1:fc:70:41:7f:6d:68:49: a1:b6:6a:b8:64:fb:a9:6f:e8:3f:5d:c8:32:a8:0b:8c: 5b:23:93:23:5f:06:32:80:85:8b:83:b3:a2:32:89:34: 4b:db:9e:d5:21:92:90:f2:7c:b7:27:70:81:71:ac:3f: fc:e4:91:42:08:67:9d:31:2e:48:18:34:e1:bd:19:5b: e6:e5:b4:99:83:07:ec:5e:4e:c9:b8:3f:6e:0a:ef:b5: a4:a5:49:39:61:45:9b:c0:e3:af:30:83:ab:e3:21:2e: 2c:e5:c2:1f:60:31:0b:04:99:25:16:67:1b:96:e1:d3 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:a0:70:95:c3:62:9b:8d:28:b6:a7:ad: d0:b2:13:26:4a:ab:85:7f:9e:02:15:00:ad:bd:4b:52: 00:77:f0:db:10:38:7e:73:f6:1c:c2:3f:13:00:34:a4 Fingerprint (SHA-256): C4:15:BA:13:9A:16:B9:50:2D:E1:DB:30:6C:32:19:DF:D1:86:DD:7B:C1:C4:48:07:A3:2D:30:8E:7B:D0:C5:14 Fingerprint (SHA1): CA:FE:4D:00:6C:7B:5B:65:BE:24:EA:59:16:D2:EF:AF:75:52:C6:6A Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3746: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164450 (0x1ee28fe2) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:52:35 2015 Not After : Mon May 18 20:52:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:ff:4d:26:75:d1:1f:0c:d1:fc:70:41:7f:6d:68:49: a1:b6:6a:b8:64:fb:a9:6f:e8:3f:5d:c8:32:a8:0b:8c: 5b:23:93:23:5f:06:32:80:85:8b:83:b3:a2:32:89:34: 4b:db:9e:d5:21:92:90:f2:7c:b7:27:70:81:71:ac:3f: fc:e4:91:42:08:67:9d:31:2e:48:18:34:e1:bd:19:5b: e6:e5:b4:99:83:07:ec:5e:4e:c9:b8:3f:6e:0a:ef:b5: a4:a5:49:39:61:45:9b:c0:e3:af:30:83:ab:e3:21:2e: 2c:e5:c2:1f:60:31:0b:04:99:25:16:67:1b:96:e1:d3 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:a0:70:95:c3:62:9b:8d:28:b6:a7:ad: d0:b2:13:26:4a:ab:85:7f:9e:02:15:00:ad:bd:4b:52: 00:77:f0:db:10:38:7e:73:f6:1c:c2:3f:13:00:34:a4 Fingerprint (SHA-256): C4:15:BA:13:9A:16:B9:50:2D:E1:DB:30:6C:32:19:DF:D1:86:DD:7B:C1:C4:48:07:A3:2D:30:8E:7B:D0:C5:14 Fingerprint (SHA1): CA:FE:4D:00:6C:7B:5B:65:BE:24:EA:59:16:D2:EF:AF:75:52:C6:6A Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #3747: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3748: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3749: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3750: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3751: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3752: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3753: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3754: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3755: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3756: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3757: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3758: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3759: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3760: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3761: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3762: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #3763: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3764: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3765: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3766: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3767: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3768: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3769: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3770: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3771: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3772: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3773: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3774: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518205324Z nextupdate=20160518205324Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:53:24 2015 Next Update: Wed May 18 20:53:24 2016 CRL Extensions: chains.sh: #3775: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518205325Z nextupdate=20160518205325Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:53:25 2015 Next Update: Wed May 18 20:53:25 2016 CRL Extensions: chains.sh: #3776: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518205325Z nextupdate=20160518205325Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:53:25 2015 Next Update: Wed May 18 20:53:25 2016 CRL Extensions: chains.sh: #3777: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518205326Z nextupdate=20160518205326Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:53:26 2015 Next Update: Wed May 18 20:53:26 2016 CRL Extensions: chains.sh: #3778: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518205327Z addcert 14 20150518205327Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:53:27 2015 Next Update: Wed May 18 20:53:25 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 20:53:27 2015 CRL Extensions: chains.sh: #3779: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518205328Z addcert 15 20150518205328Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:53:28 2015 Next Update: Wed May 18 20:53:25 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 20:53:28 2015 CRL Extensions: chains.sh: #3780: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3781: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3782: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3783: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #3784: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #3785: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #3786: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #3787: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #3788: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #3789: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:53:03 2015 Not After : Mon May 18 20:53:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:bd:67:c4:2c:02:be:3e:58:b5:fc:44:7a:2f:5e:b1: 76:6e:43:db:ce:e5:e2:00:7c:df:0b:99:f8:01:89:53: a2:1d:d9:cd:35:17:7f:d2:f3:80:17:4f:26:81:93:6d: 21:30:2e:4c:11:97:e9:4c:46:3f:e7:7e:a8:da:5a:43: a1:13:00:2b:97:b7:ac:39:6f:b4:37:24:78:0f:f4:e9: 31:32:cb:d5:ae:9c:e1:1d:36:82:b7:b4:44:de:99:28: 80:b3:37:46:11:e2:50:2b:2a:50:e9:01:7c:c1:06:11: 2b:ff:44:ee:34:8d:7b:ef:57:59:52:f9:f4:c7:f9:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:6c:c2:d5:8d:bd:d5:39:d7:82:96:07:e9:06:dd:1b: 8c:ce:bb:a1:e1:b0:d8:e8:e8:69:72:18:70:fa:9c:22: f0:58:8f:fc:22:11:23:d8:4f:51:63:42:a5:e7:8e:39: 30:e4:67:57:bf:1e:b8:8b:65:bc:b3:b4:75:d9:ac:5d: 20:5d:d7:2d:1e:92:0e:5f:15:6a:00:8f:e4:09:4c:20: 84:26:c8:de:2a:a6:a6:91:f6:12:38:86:ec:44:11:d7: a4:97:67:a6:44:a4:a6:fa:eb:4a:4d:cf:a0:30:cd:3b: 02:2c:38:54:92:73:69:ec:8e:cc:68:09:a6:9d:5a:4f Fingerprint (SHA-256): C0:DF:96:3E:77:09:5B:C8:E6:CA:29:24:54:AB:C6:DF:26:CA:A4:F4:17:87:E4:8F:D7:DB:14:7D:7E:7D:B9:9B Fingerprint (SHA1): B8:B4:BA:3F:4F:12:E6:D5:F0:80:EF:15:92:1D:24:99:08:CF:07:0B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3790: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3791: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:53:03 2015 Not After : Mon May 18 20:53:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:bd:67:c4:2c:02:be:3e:58:b5:fc:44:7a:2f:5e:b1: 76:6e:43:db:ce:e5:e2:00:7c:df:0b:99:f8:01:89:53: a2:1d:d9:cd:35:17:7f:d2:f3:80:17:4f:26:81:93:6d: 21:30:2e:4c:11:97:e9:4c:46:3f:e7:7e:a8:da:5a:43: a1:13:00:2b:97:b7:ac:39:6f:b4:37:24:78:0f:f4:e9: 31:32:cb:d5:ae:9c:e1:1d:36:82:b7:b4:44:de:99:28: 80:b3:37:46:11:e2:50:2b:2a:50:e9:01:7c:c1:06:11: 2b:ff:44:ee:34:8d:7b:ef:57:59:52:f9:f4:c7:f9:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:6c:c2:d5:8d:bd:d5:39:d7:82:96:07:e9:06:dd:1b: 8c:ce:bb:a1:e1:b0:d8:e8:e8:69:72:18:70:fa:9c:22: f0:58:8f:fc:22:11:23:d8:4f:51:63:42:a5:e7:8e:39: 30:e4:67:57:bf:1e:b8:8b:65:bc:b3:b4:75:d9:ac:5d: 20:5d:d7:2d:1e:92:0e:5f:15:6a:00:8f:e4:09:4c:20: 84:26:c8:de:2a:a6:a6:91:f6:12:38:86:ec:44:11:d7: a4:97:67:a6:44:a4:a6:fa:eb:4a:4d:cf:a0:30:cd:3b: 02:2c:38:54:92:73:69:ec:8e:cc:68:09:a6:9d:5a:4f Fingerprint (SHA-256): C0:DF:96:3E:77:09:5B:C8:E6:CA:29:24:54:AB:C6:DF:26:CA:A4:F4:17:87:E4:8F:D7:DB:14:7D:7E:7D:B9:9B Fingerprint (SHA1): B8:B4:BA:3F:4F:12:E6:D5:F0:80:EF:15:92:1D:24:99:08:CF:07:0B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3792: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3793: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3794: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164459 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3795: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3796: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3797: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3798: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518164460 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3799: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3800: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3801: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518164350.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3802: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518164335.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3803: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3804: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3805: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518164350.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3806: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518164461 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3807: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3808: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3809: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518164350.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3810: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518164336.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3811: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3812: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3813: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3814: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518164462 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3815: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3816: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3817: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518164350.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3818: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518164337.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3819: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3820: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3821: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0-518164350.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3822: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9568/localhost-10397-CA0Root-518164338.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3823: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3824: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518205402Z nextupdate=20160518205402Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 20:54:02 2015 Next Update: Wed May 18 20:54:02 2016 CRL Extensions: chains.sh: #3825: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518205402Z nextupdate=20160518205402Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:54:02 2015 Next Update: Wed May 18 20:54:02 2016 CRL Extensions: chains.sh: #3826: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518205403Z nextupdate=20160518205403Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 20:54:03 2015 Next Update: Wed May 18 20:54:03 2016 CRL Extensions: chains.sh: #3827: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518205403Z nextupdate=20160518205403Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 20:54:03 2015 Next Update: Wed May 18 20:54:03 2016 CRL Extensions: chains.sh: #3828: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518205404Z addcert 20 20150518205404Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:54:04 2015 Next Update: Wed May 18 20:54:02 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:54:04 2015 CRL Extensions: chains.sh: #3829: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518205405Z addcert 40 20150518205405Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 20:54:05 2015 Next Update: Wed May 18 20:54:02 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 20:54:04 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 20:54:05 2015 CRL Extensions: chains.sh: #3830: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3831: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3832: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3833: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164459 (0x1ee28feb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:53:38 2015 Not After : Mon May 18 20:53:38 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:6a:a7:86:f9:41:cb:d3:b0:44:17:5a:92:50:11:77: b4:29:76:81:bb:02:eb:cf:7a:99:c3:fe:fc:2c:48:59: e9:53:af:38:be:b2:02:81:c6:8d:58:4e:92:e8:31:d3: 41:a2:8a:7c:ad:3c:ce:15:2b:f7:64:6e:d2:d7:8c:d9: 09:d4:c9:7e:be:a8:19:92:fb:d1:fe:44:b2:76:e9:5b: 36:d1:b7:c8:b1:e8:3e:d0:96:1d:ce:ed:4f:90:1d:25: 90:f0:3d:6c:dd:4f:3a:47:5b:bf:48:d7:40:e1:a2:ff: 6f:a2:86:34:57:88:a1:b0:78:5c:66:44:16:e3:df:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:83:4c:f6:aa:51:af:f3:4b:1d:6c:10:0a:55:2e:6d: c8:94:fa:3d:c4:33:23:7a:18:9e:d1:d8:95:ba:13:08: 82:9a:f3:a2:e3:a6:72:d1:27:a7:9b:b9:d2:dc:f7:b3: 40:95:f3:ab:4c:86:8c:2e:42:90:0f:0d:91:2c:ba:54: 9b:44:c8:9a:a9:64:8c:a4:55:71:6f:b3:27:ca:e7:b0: 81:21:c6:5b:0a:41:9c:28:83:1e:f8:a0:eb:0e:2f:e6: 9e:c7:40:90:7c:5f:6e:a2:61:f0:d5:30:bc:dc:b5:89: 23:57:fa:56:3f:65:e8:25:f8:5d:fa:6d:bf:e1:7d:10 Fingerprint (SHA-256): B1:10:B3:6C:52:E3:DA:17:55:2D:C1:25:3D:BA:5F:E0:DD:0E:D1:A0:29:73:3B:C4:C8:7D:C9:67:39:85:FA:D7 Fingerprint (SHA1): 87:09:63:26:C7:5D:94:06:42:74:0F:45:E3:79:48:E8:DF:48:9C:1E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3834: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3835: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164459 (0x1ee28feb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:53:38 2015 Not After : Mon May 18 20:53:38 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:6a:a7:86:f9:41:cb:d3:b0:44:17:5a:92:50:11:77: b4:29:76:81:bb:02:eb:cf:7a:99:c3:fe:fc:2c:48:59: e9:53:af:38:be:b2:02:81:c6:8d:58:4e:92:e8:31:d3: 41:a2:8a:7c:ad:3c:ce:15:2b:f7:64:6e:d2:d7:8c:d9: 09:d4:c9:7e:be:a8:19:92:fb:d1:fe:44:b2:76:e9:5b: 36:d1:b7:c8:b1:e8:3e:d0:96:1d:ce:ed:4f:90:1d:25: 90:f0:3d:6c:dd:4f:3a:47:5b:bf:48:d7:40:e1:a2:ff: 6f:a2:86:34:57:88:a1:b0:78:5c:66:44:16:e3:df:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:83:4c:f6:aa:51:af:f3:4b:1d:6c:10:0a:55:2e:6d: c8:94:fa:3d:c4:33:23:7a:18:9e:d1:d8:95:ba:13:08: 82:9a:f3:a2:e3:a6:72:d1:27:a7:9b:b9:d2:dc:f7:b3: 40:95:f3:ab:4c:86:8c:2e:42:90:0f:0d:91:2c:ba:54: 9b:44:c8:9a:a9:64:8c:a4:55:71:6f:b3:27:ca:e7:b0: 81:21:c6:5b:0a:41:9c:28:83:1e:f8:a0:eb:0e:2f:e6: 9e:c7:40:90:7c:5f:6e:a2:61:f0:d5:30:bc:dc:b5:89: 23:57:fa:56:3f:65:e8:25:f8:5d:fa:6d:bf:e1:7d:10 Fingerprint (SHA-256): B1:10:B3:6C:52:E3:DA:17:55:2D:C1:25:3D:BA:5F:E0:DD:0E:D1:A0:29:73:3B:C4:C8:7D:C9:67:39:85:FA:D7 Fingerprint (SHA1): 87:09:63:26:C7:5D:94:06:42:74:0F:45:E3:79:48:E8:DF:48:9C:1E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3836: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3837: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3838: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164463 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3839: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3840: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3841: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3842: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518164464 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3843: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3844: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3845: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3846: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164465 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3847: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3848: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3849: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3850: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518164466 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3851: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3852: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #3853: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164467 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3854: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #3855: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #3856: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3857: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518164468 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3858: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3859: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3860: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3861: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518164469 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3862: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3863: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #3864: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #3865: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #3866: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164463 (0x1ee28fef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:54:13 2015 Not After : Mon May 18 20:54:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:f8:fe:ae:24:bf:f0:a0:c1:b2:43:7a:cc:ef:7f:76: 6a:d5:2a:b6:17:ab:3a:ec:a9:2a:06:3d:69:3d:fc:84: 3f:43:d7:21:c3:a3:9f:bd:8b:7b:24:c4:1f:46:09:f5: e6:9e:0f:c8:a7:ca:f0:79:15:2e:82:7d:50:2e:4a:76: b3:ec:d2:eb:ba:29:a9:91:2b:c6:16:28:4f:65:8c:8e: 71:a8:be:4c:5e:b5:8d:b1:e4:8a:31:e5:a6:92:da:02: b0:f1:e5:4d:16:9a:a5:e6:9f:5d:3d:9f:3c:44:29:58: e4:bf:2f:75:89:52:db:59:e9:fe:4f:4f:c5:db:66:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:5b:59:97:87:ec:c7:17:83:97:d7:66:95:96:f3:18: 9c:2c:1d:ce:40:3e:aa:d3:57:c1:f8:fb:8a:87:2a:ca: c7:c4:c4:d5:64:6a:56:f6:d7:f9:f7:3d:a6:95:68:80: 56:4f:34:31:12:c9:fb:66:06:96:c9:c9:81:3c:e2:db: 19:2c:28:a5:6e:5e:cb:59:8d:12:87:7f:64:3e:80:c4: a6:9c:fa:75:1a:28:42:80:54:ca:03:a7:d0:14:db:a2: 71:6b:61:6b:99:31:99:ae:fb:71:25:75:ad:69:67:3a: 05:91:8d:bd:10:e5:d2:4e:76:71:d7:5f:b4:31:c5:db Fingerprint (SHA-256): 64:86:92:31:83:BC:76:88:5C:C0:28:69:DB:22:FB:45:BC:12:1F:C3:13:A8:9B:DF:38:DD:E7:07:0A:BE:D8:72 Fingerprint (SHA1): 2F:29:F4:FE:06:AD:EE:DA:DE:80:FC:2D:94:E4:F3:DA:0D:3A:9E:6D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3867: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164465 (0x1ee28ff1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:54:20 2015 Not After : Mon May 18 20:54:20 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:fc:b9:eb:3f:c0:57:84:2a:bd:29:fb:93:ac:39:28: 6c:ba:ac:c7:0a:95:d1:61:f3:a7:f9:bd:d1:66:be:cb: 3a:cc:7d:75:da:41:15:c2:1f:46:cc:c8:65:67:4d:78: 51:0c:4b:d6:4e:50:11:7f:67:8b:11:73:24:d2:02:7f: 1c:c4:85:26:0d:15:85:12:a0:c3:f8:76:ef:96:02:e6: f8:9c:fa:1a:50:68:af:2d:91:36:a0:c1:ec:e4:85:d6: 09:0b:05:cc:3a:c7:39:26:2a:8f:27:a7:4f:57:33:a3: bd:d9:b7:de:b2:c7:b0:d2:e3:b5:39:8c:8c:37:89:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0a:86:59:ef:6a:4f:05:e8:f3:2e:ba:e0:76:2e:e7:ae: 88:e5:06:b5:b0:e6:62:e3:d7:28:4d:32:d2:64:a5:18: 79:72:75:e6:d2:f2:e0:ec:3c:d4:73:79:31:6d:e2:67: e6:bc:25:e8:2c:ce:07:de:8b:01:db:26:d1:0a:8d:bf: 6a:b3:87:44:5e:9c:c6:92:b3:6f:8e:66:05:94:31:28: 67:99:1e:a9:98:f1:d9:4b:5c:ec:eb:3a:4b:2e:f8:e5: bd:52:49:99:fc:a4:30:a5:ef:b7:56:17:4d:48:bb:50: 0c:56:b3:b3:47:29:92:57:87:e4:cc:72:e9:bf:3f:52 Fingerprint (SHA-256): 11:56:D1:08:A7:06:15:99:41:7E:A4:78:00:1F:6A:E5:C4:E0:96:36:58:1D:72:05:B7:F0:E7:24:6A:27:19:27 Fingerprint (SHA1): 04:18:76:73:D9:49:DD:05:99:42:05:33:61:52:D9:5E:F4:1C:53:88 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3868: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164463 (0x1ee28fef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:54:13 2015 Not After : Mon May 18 20:54:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:f8:fe:ae:24:bf:f0:a0:c1:b2:43:7a:cc:ef:7f:76: 6a:d5:2a:b6:17:ab:3a:ec:a9:2a:06:3d:69:3d:fc:84: 3f:43:d7:21:c3:a3:9f:bd:8b:7b:24:c4:1f:46:09:f5: e6:9e:0f:c8:a7:ca:f0:79:15:2e:82:7d:50:2e:4a:76: b3:ec:d2:eb:ba:29:a9:91:2b:c6:16:28:4f:65:8c:8e: 71:a8:be:4c:5e:b5:8d:b1:e4:8a:31:e5:a6:92:da:02: b0:f1:e5:4d:16:9a:a5:e6:9f:5d:3d:9f:3c:44:29:58: e4:bf:2f:75:89:52:db:59:e9:fe:4f:4f:c5:db:66:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:5b:59:97:87:ec:c7:17:83:97:d7:66:95:96:f3:18: 9c:2c:1d:ce:40:3e:aa:d3:57:c1:f8:fb:8a:87:2a:ca: c7:c4:c4:d5:64:6a:56:f6:d7:f9:f7:3d:a6:95:68:80: 56:4f:34:31:12:c9:fb:66:06:96:c9:c9:81:3c:e2:db: 19:2c:28:a5:6e:5e:cb:59:8d:12:87:7f:64:3e:80:c4: a6:9c:fa:75:1a:28:42:80:54:ca:03:a7:d0:14:db:a2: 71:6b:61:6b:99:31:99:ae:fb:71:25:75:ad:69:67:3a: 05:91:8d:bd:10:e5:d2:4e:76:71:d7:5f:b4:31:c5:db Fingerprint (SHA-256): 64:86:92:31:83:BC:76:88:5C:C0:28:69:DB:22:FB:45:BC:12:1F:C3:13:A8:9B:DF:38:DD:E7:07:0A:BE:D8:72 Fingerprint (SHA1): 2F:29:F4:FE:06:AD:EE:DA:DE:80:FC:2D:94:E4:F3:DA:0D:3A:9E:6D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3869: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #3870: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164463 (0x1ee28fef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:54:13 2015 Not After : Mon May 18 20:54:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:f8:fe:ae:24:bf:f0:a0:c1:b2:43:7a:cc:ef:7f:76: 6a:d5:2a:b6:17:ab:3a:ec:a9:2a:06:3d:69:3d:fc:84: 3f:43:d7:21:c3:a3:9f:bd:8b:7b:24:c4:1f:46:09:f5: e6:9e:0f:c8:a7:ca:f0:79:15:2e:82:7d:50:2e:4a:76: b3:ec:d2:eb:ba:29:a9:91:2b:c6:16:28:4f:65:8c:8e: 71:a8:be:4c:5e:b5:8d:b1:e4:8a:31:e5:a6:92:da:02: b0:f1:e5:4d:16:9a:a5:e6:9f:5d:3d:9f:3c:44:29:58: e4:bf:2f:75:89:52:db:59:e9:fe:4f:4f:c5:db:66:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:5b:59:97:87:ec:c7:17:83:97:d7:66:95:96:f3:18: 9c:2c:1d:ce:40:3e:aa:d3:57:c1:f8:fb:8a:87:2a:ca: c7:c4:c4:d5:64:6a:56:f6:d7:f9:f7:3d:a6:95:68:80: 56:4f:34:31:12:c9:fb:66:06:96:c9:c9:81:3c:e2:db: 19:2c:28:a5:6e:5e:cb:59:8d:12:87:7f:64:3e:80:c4: a6:9c:fa:75:1a:28:42:80:54:ca:03:a7:d0:14:db:a2: 71:6b:61:6b:99:31:99:ae:fb:71:25:75:ad:69:67:3a: 05:91:8d:bd:10:e5:d2:4e:76:71:d7:5f:b4:31:c5:db Fingerprint (SHA-256): 64:86:92:31:83:BC:76:88:5C:C0:28:69:DB:22:FB:45:BC:12:1F:C3:13:A8:9B:DF:38:DD:E7:07:0A:BE:D8:72 Fingerprint (SHA1): 2F:29:F4:FE:06:AD:EE:DA:DE:80:FC:2D:94:E4:F3:DA:0D:3A:9E:6D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3871: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164465 (0x1ee28ff1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:54:20 2015 Not After : Mon May 18 20:54:20 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:fc:b9:eb:3f:c0:57:84:2a:bd:29:fb:93:ac:39:28: 6c:ba:ac:c7:0a:95:d1:61:f3:a7:f9:bd:d1:66:be:cb: 3a:cc:7d:75:da:41:15:c2:1f:46:cc:c8:65:67:4d:78: 51:0c:4b:d6:4e:50:11:7f:67:8b:11:73:24:d2:02:7f: 1c:c4:85:26:0d:15:85:12:a0:c3:f8:76:ef:96:02:e6: f8:9c:fa:1a:50:68:af:2d:91:36:a0:c1:ec:e4:85:d6: 09:0b:05:cc:3a:c7:39:26:2a:8f:27:a7:4f:57:33:a3: bd:d9:b7:de:b2:c7:b0:d2:e3:b5:39:8c:8c:37:89:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0a:86:59:ef:6a:4f:05:e8:f3:2e:ba:e0:76:2e:e7:ae: 88:e5:06:b5:b0:e6:62:e3:d7:28:4d:32:d2:64:a5:18: 79:72:75:e6:d2:f2:e0:ec:3c:d4:73:79:31:6d:e2:67: e6:bc:25:e8:2c:ce:07:de:8b:01:db:26:d1:0a:8d:bf: 6a:b3:87:44:5e:9c:c6:92:b3:6f:8e:66:05:94:31:28: 67:99:1e:a9:98:f1:d9:4b:5c:ec:eb:3a:4b:2e:f8:e5: bd:52:49:99:fc:a4:30:a5:ef:b7:56:17:4d:48:bb:50: 0c:56:b3:b3:47:29:92:57:87:e4:cc:72:e9:bf:3f:52 Fingerprint (SHA-256): 11:56:D1:08:A7:06:15:99:41:7E:A4:78:00:1F:6A:E5:C4:E0:96:36:58:1D:72:05:B7:F0:E7:24:6A:27:19:27 Fingerprint (SHA1): 04:18:76:73:D9:49:DD:05:99:42:05:33:61:52:D9:5E:F4:1C:53:88 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3872: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #3873: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #3874: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #3875: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164463 (0x1ee28fef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:54:13 2015 Not After : Mon May 18 20:54:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:f8:fe:ae:24:bf:f0:a0:c1:b2:43:7a:cc:ef:7f:76: 6a:d5:2a:b6:17:ab:3a:ec:a9:2a:06:3d:69:3d:fc:84: 3f:43:d7:21:c3:a3:9f:bd:8b:7b:24:c4:1f:46:09:f5: e6:9e:0f:c8:a7:ca:f0:79:15:2e:82:7d:50:2e:4a:76: b3:ec:d2:eb:ba:29:a9:91:2b:c6:16:28:4f:65:8c:8e: 71:a8:be:4c:5e:b5:8d:b1:e4:8a:31:e5:a6:92:da:02: b0:f1:e5:4d:16:9a:a5:e6:9f:5d:3d:9f:3c:44:29:58: e4:bf:2f:75:89:52:db:59:e9:fe:4f:4f:c5:db:66:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:5b:59:97:87:ec:c7:17:83:97:d7:66:95:96:f3:18: 9c:2c:1d:ce:40:3e:aa:d3:57:c1:f8:fb:8a:87:2a:ca: c7:c4:c4:d5:64:6a:56:f6:d7:f9:f7:3d:a6:95:68:80: 56:4f:34:31:12:c9:fb:66:06:96:c9:c9:81:3c:e2:db: 19:2c:28:a5:6e:5e:cb:59:8d:12:87:7f:64:3e:80:c4: a6:9c:fa:75:1a:28:42:80:54:ca:03:a7:d0:14:db:a2: 71:6b:61:6b:99:31:99:ae:fb:71:25:75:ad:69:67:3a: 05:91:8d:bd:10:e5:d2:4e:76:71:d7:5f:b4:31:c5:db Fingerprint (SHA-256): 64:86:92:31:83:BC:76:88:5C:C0:28:69:DB:22:FB:45:BC:12:1F:C3:13:A8:9B:DF:38:DD:E7:07:0A:BE:D8:72 Fingerprint (SHA1): 2F:29:F4:FE:06:AD:EE:DA:DE:80:FC:2D:94:E4:F3:DA:0D:3A:9E:6D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3876: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164467 (0x1ee28ff3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:54:27 2015 Not After : Mon May 18 20:54:27 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:b4:2c:52:74:47:0d:50:b4:bb:61:2a:50:4a:e4:ae: 17:82:1d:99:24:4a:51:56:8f:7e:79:05:e5:4c:d4:ae: d0:b0:0a:37:1b:71:aa:96:0e:b3:bd:1d:7c:89:0e:f3: 19:6f:96:96:b5:c2:e9:d3:0a:5d:90:80:75:c1:1b:59: 6b:f2:3b:38:6f:39:95:35:9d:bb:de:fd:3e:1a:de:7f: 0a:05:8d:44:4c:08:b1:52:1f:3e:fd:c6:3c:b6:f5:63: f4:9a:b1:db:cc:c7:ea:a4:8e:b3:2f:6d:18:e9:51:be: d2:09:f7:10:88:26:ec:b1:1d:2d:81:58:de:8d:94:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c1:a1:f9:92:15:1d:60:e8:5f:6e:53:61:4f:cd:4e:21: 59:6c:dd:08:2d:10:ef:af:81:00:e0:0d:77:df:c8:0f: 64:53:70:47:35:84:b7:59:d2:ed:11:ac:0c:af:50:38: 20:26:e0:21:dd:5c:3e:60:cb:08:2e:79:99:49:aa:84: e1:51:f5:fd:94:b3:fa:3b:3d:f7:fb:9b:4e:d5:47:57: ce:74:1a:57:ba:3c:ee:3c:bc:57:ea:1c:03:f4:97:0f: be:32:bf:8e:7d:df:a4:2d:b5:45:7d:b2:42:41:2d:5d: 8a:1b:0b:71:0c:bf:62:0c:d6:cb:23:bb:82:50:0b:b2 Fingerprint (SHA-256): E7:B2:F7:45:18:18:64:18:E4:3E:C4:B9:21:66:7C:76:DE:46:46:C0:E1:1E:28:70:34:7F:8B:41:82:74:E4:7A Fingerprint (SHA1): 66:48:9B:22:D0:2D:05:07:C4:9A:58:55:81:44:5C:90:B4:36:CC:9B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #3877: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164463 (0x1ee28fef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:54:13 2015 Not After : Mon May 18 20:54:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:f8:fe:ae:24:bf:f0:a0:c1:b2:43:7a:cc:ef:7f:76: 6a:d5:2a:b6:17:ab:3a:ec:a9:2a:06:3d:69:3d:fc:84: 3f:43:d7:21:c3:a3:9f:bd:8b:7b:24:c4:1f:46:09:f5: e6:9e:0f:c8:a7:ca:f0:79:15:2e:82:7d:50:2e:4a:76: b3:ec:d2:eb:ba:29:a9:91:2b:c6:16:28:4f:65:8c:8e: 71:a8:be:4c:5e:b5:8d:b1:e4:8a:31:e5:a6:92:da:02: b0:f1:e5:4d:16:9a:a5:e6:9f:5d:3d:9f:3c:44:29:58: e4:bf:2f:75:89:52:db:59:e9:fe:4f:4f:c5:db:66:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:5b:59:97:87:ec:c7:17:83:97:d7:66:95:96:f3:18: 9c:2c:1d:ce:40:3e:aa:d3:57:c1:f8:fb:8a:87:2a:ca: c7:c4:c4:d5:64:6a:56:f6:d7:f9:f7:3d:a6:95:68:80: 56:4f:34:31:12:c9:fb:66:06:96:c9:c9:81:3c:e2:db: 19:2c:28:a5:6e:5e:cb:59:8d:12:87:7f:64:3e:80:c4: a6:9c:fa:75:1a:28:42:80:54:ca:03:a7:d0:14:db:a2: 71:6b:61:6b:99:31:99:ae:fb:71:25:75:ad:69:67:3a: 05:91:8d:bd:10:e5:d2:4e:76:71:d7:5f:b4:31:c5:db Fingerprint (SHA-256): 64:86:92:31:83:BC:76:88:5C:C0:28:69:DB:22:FB:45:BC:12:1F:C3:13:A8:9B:DF:38:DD:E7:07:0A:BE:D8:72 Fingerprint (SHA1): 2F:29:F4:FE:06:AD:EE:DA:DE:80:FC:2D:94:E4:F3:DA:0D:3A:9E:6D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3878: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #3879: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #3880: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #3881: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #3882: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #3883: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164468 (0x1ee28ff4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 20:54:30 2015 Not After : Mon May 18 20:54:30 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 93:bc:34:6f:dc:b4:25:b5:f5:31:00:aa:9b:ed:96:8a: 17:a7:7d:64:ed:af:83:d8:c7:6c:59:f6:37:b9:3a:a1: e5:c5:59:8c:31:c8:d6:8f:f0:21:d8:17:bd:cd:42:9c: c7:b8:d8:4c:d9:aa:e6:ca:f8:16:96:cd:c6:32:f4:e7: f3:84:38:ee:f4:59:bf:b3:73:5d:e3:be:7d:1c:82:d7: 82:2e:b6:ef:80:fa:f6:3e:ad:44:23:cb:8e:07:07:42: c9:e6:46:a4:51:37:38:0b:c6:41:0d:73:b1:6c:4d:3f: c1:d7:94:a2:8a:42:e7:26:cc:b2:d1:98:a9:dc:40:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: de:08:63:99:0e:98:79:fa:33:d0:87:f8:41:d7:c8:50: 27:93:ba:7f:f1:ce:3d:e7:fc:69:74:80:92:10:4b:ff: 30:77:cf:08:aa:41:4b:4e:d5:41:11:87:92:68:31:c1: a1:d4:fc:33:a8:9c:4a:98:c7:df:ab:17:84:f6:24:ec: 06:f7:19:83:7e:6b:05:13:af:2a:0b:86:f3:d9:7a:ca: 5b:db:66:72:ab:a8:57:10:ef:2e:65:4e:39:4e:8c:b0: 32:08:9d:7d:90:3f:66:31:c3:24:f1:06:40:cd:3c:d9: af:44:db:8d:43:c6:8c:3f:8f:56:e9:4c:93:8a:17:2a Fingerprint (SHA-256): 4E:88:EA:58:4E:ED:81:0E:53:BB:60:0C:4D:BA:25:35:77:4A:9F:DB:58:55:94:BB:F5:A3:9B:90:E5:5C:6B:96 Fingerprint (SHA1): 6C:A6:68:2C:D5:26:8F:E8:47:FA:F0:62:A0:FF:B5:33:55:A7:65:27 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #3884: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #3885: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #3886: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #3887: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #3888: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3889: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3890: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3891: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3892: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3893: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3894: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3895: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3896: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3897: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3898: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3899: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3900: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3901: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3902: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #3903: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3904: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3905: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3906: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3907: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 27815 at Mon May 18 16:55:03 EDT 2015 kill -USR1 27815 httpserv: normal termination httpserv -b -p 9568 2>/dev/null; httpserv with PID 27815 killed at Mon May 18 16:55:03 EDT 2015 httpserv starting at Mon May 18 16:55:03 EDT 2015 httpserv -D -p 9568 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.10397 & trying to connect to httpserv at Mon May 18 16:55:03 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 16:55:09 EDT 2015 tstclnt -p 9568 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3908: Waiting for Server - FAILED kill -0 11243 >/dev/null 2>/dev/null httpserv with PID 11243 found at Mon May 18 16:55:09 EDT 2015 httpserv with PID 11243 started at Mon May 18 16:55:09 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3909: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164470 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3910: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3911: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3912: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164471 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3913: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3914: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3915: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3916: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518164472 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3917: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3918: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518164473 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3919: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3920: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3921: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3922: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3923: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518164474 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3924: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3925: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3926: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3927: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3928: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164471 (0x1ee28ff7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:55:15 2015 Not After : Mon May 18 20:55:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:cb:c0:1f:3a:24:e2:31:65:0d:21:b4:41:da:51:61: 73:61:47:e4:63:f0:b2:37:93:81:d2:9e:ab:52:bc:f2: 5e:f3:68:4f:94:ce:8f:5a:6c:5a:f1:c7:4c:fe:3f:2c: 53:aa:ad:e6:f3:cf:06:37:03:79:0a:d3:55:a0:b3:d3: f6:f4:6e:30:5b:c2:07:7f:a2:c7:c1:cf:ee:b9:e0:ba: 77:15:1d:ac:78:2f:55:be:df:55:54:8f:ed:7e:43:b7: 4a:b3:d1:bd:24:f5:41:1c:eb:cd:3f:54:5c:c6:42:45: bd:e6:c6:c5:52:ce:82:6e:5c:97:27:87:79:1c:72:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:8b:04:d3:02:61:e6:79:4f:db:86:f7:86:61:66:9e: ed:13:00:99:f3:6e:11:23:39:73:42:40:51:e7:4a:be: 21:e8:eb:16:dc:dd:04:64:0c:28:58:89:0e:80:fa:f9: f7:6e:aa:92:bf:60:a0:b6:02:71:b1:5b:73:18:0f:cb: 65:28:62:42:09:6f:ac:fc:0f:a3:2c:51:f2:4a:77:f5: 27:88:28:51:4a:9b:0a:53:9a:60:6f:b7:10:d8:d6:a3: b0:7d:4c:16:a6:72:aa:92:ac:58:9c:bd:82:50:8c:47: 9d:31:c8:e2:fe:d1:23:56:cb:45:b7:16:f2:bc:a4:23 Fingerprint (SHA-256): 7D:8E:0B:0C:51:69:34:57:67:39:B4:3D:93:C4:A2:9D:F6:F5:DE:69:71:4B:54:79:38:97:B6:CF:BD:54:F6:43 Fingerprint (SHA1): 1E:6E:A5:7F:F8:DC:EC:7C:FE:40:26:D4:02:A6:2D:CE:5C:BA:E6:D1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3929: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164470 (0x1ee28ff6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:55:12 2015 Not After : Mon May 18 20:55:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:71:ac:3e:18:48:fe:b7:ff:aa:a6:d0:6c:cb:08:ca: fe:c7:8e:0e:ba:f3:5a:3d:37:3a:a7:a7:1b:41:3e:7c: 86:e6:66:88:79:76:43:0a:89:a6:1f:95:e2:6c:ec:bc: cb:85:55:f7:6b:3c:c5:b5:97:17:6b:2e:35:82:cb:af: a4:61:18:95:23:51:77:de:d4:7e:e9:32:1f:c3:c5:81: fe:ea:28:6f:51:98:57:67:58:26:c5:96:84:c3:e5:80: 8c:0c:cc:b8:69:1f:22:15:a6:7c:2a:3c:24:27:9b:3a: 28:35:b4:0a:cf:f1:59:f7:39:8a:7f:a2:14:a4:dd:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:55:79:09:a2:c5:82:b4:9b:c8:b8:6f:64:1a:7d:89: df:b8:3b:67:23:01:6b:1f:47:56:1a:0b:2e:35:49:65: 66:d0:ea:95:6d:55:9c:4d:49:2a:d5:6c:ef:66:59:e2: 2e:a6:04:c4:b6:67:f7:98:29:b3:a3:7c:b7:d4:7e:b8: 05:af:e6:92:8c:0a:1d:76:fe:09:3a:e2:d3:ec:0a:58: 1e:21:96:4e:f2:0d:03:c6:e7:15:75:30:0d:5f:d4:b6: 3c:7e:b7:3d:23:4c:8b:e7:1b:cc:df:d4:10:d9:19:64: 8b:ee:58:7b:f3:e1:6b:96:bf:ff:f3:87:60:77:5c:00 Fingerprint (SHA-256): 7C:9A:DC:D2:A4:0C:4C:E2:8B:C0:BA:D5:37:38:8C:39:13:19:CA:7E:27:B4:67:DA:C5:16:72:6A:67:36:19:99 Fingerprint (SHA1): 22:74:CC:52:82:0A:87:7D:34:34:25:A1:E3:E3:FD:CC:A6:71:95:7B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3930: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3931: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3932: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3933: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164470 (0x1ee28ff6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:55:12 2015 Not After : Mon May 18 20:55:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:71:ac:3e:18:48:fe:b7:ff:aa:a6:d0:6c:cb:08:ca: fe:c7:8e:0e:ba:f3:5a:3d:37:3a:a7:a7:1b:41:3e:7c: 86:e6:66:88:79:76:43:0a:89:a6:1f:95:e2:6c:ec:bc: cb:85:55:f7:6b:3c:c5:b5:97:17:6b:2e:35:82:cb:af: a4:61:18:95:23:51:77:de:d4:7e:e9:32:1f:c3:c5:81: fe:ea:28:6f:51:98:57:67:58:26:c5:96:84:c3:e5:80: 8c:0c:cc:b8:69:1f:22:15:a6:7c:2a:3c:24:27:9b:3a: 28:35:b4:0a:cf:f1:59:f7:39:8a:7f:a2:14:a4:dd:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:55:79:09:a2:c5:82:b4:9b:c8:b8:6f:64:1a:7d:89: df:b8:3b:67:23:01:6b:1f:47:56:1a:0b:2e:35:49:65: 66:d0:ea:95:6d:55:9c:4d:49:2a:d5:6c:ef:66:59:e2: 2e:a6:04:c4:b6:67:f7:98:29:b3:a3:7c:b7:d4:7e:b8: 05:af:e6:92:8c:0a:1d:76:fe:09:3a:e2:d3:ec:0a:58: 1e:21:96:4e:f2:0d:03:c6:e7:15:75:30:0d:5f:d4:b6: 3c:7e:b7:3d:23:4c:8b:e7:1b:cc:df:d4:10:d9:19:64: 8b:ee:58:7b:f3:e1:6b:96:bf:ff:f3:87:60:77:5c:00 Fingerprint (SHA-256): 7C:9A:DC:D2:A4:0C:4C:E2:8B:C0:BA:D5:37:38:8C:39:13:19:CA:7E:27:B4:67:DA:C5:16:72:6A:67:36:19:99 Fingerprint (SHA1): 22:74:CC:52:82:0A:87:7D:34:34:25:A1:E3:E3:FD:CC:A6:71:95:7B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3934: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164471 (0x1ee28ff7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:55:15 2015 Not After : Mon May 18 20:55:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:cb:c0:1f:3a:24:e2:31:65:0d:21:b4:41:da:51:61: 73:61:47:e4:63:f0:b2:37:93:81:d2:9e:ab:52:bc:f2: 5e:f3:68:4f:94:ce:8f:5a:6c:5a:f1:c7:4c:fe:3f:2c: 53:aa:ad:e6:f3:cf:06:37:03:79:0a:d3:55:a0:b3:d3: f6:f4:6e:30:5b:c2:07:7f:a2:c7:c1:cf:ee:b9:e0:ba: 77:15:1d:ac:78:2f:55:be:df:55:54:8f:ed:7e:43:b7: 4a:b3:d1:bd:24:f5:41:1c:eb:cd:3f:54:5c:c6:42:45: bd:e6:c6:c5:52:ce:82:6e:5c:97:27:87:79:1c:72:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:8b:04:d3:02:61:e6:79:4f:db:86:f7:86:61:66:9e: ed:13:00:99:f3:6e:11:23:39:73:42:40:51:e7:4a:be: 21:e8:eb:16:dc:dd:04:64:0c:28:58:89:0e:80:fa:f9: f7:6e:aa:92:bf:60:a0:b6:02:71:b1:5b:73:18:0f:cb: 65:28:62:42:09:6f:ac:fc:0f:a3:2c:51:f2:4a:77:f5: 27:88:28:51:4a:9b:0a:53:9a:60:6f:b7:10:d8:d6:a3: b0:7d:4c:16:a6:72:aa:92:ac:58:9c:bd:82:50:8c:47: 9d:31:c8:e2:fe:d1:23:56:cb:45:b7:16:f2:bc:a4:23 Fingerprint (SHA-256): 7D:8E:0B:0C:51:69:34:57:67:39:B4:3D:93:C4:A2:9D:F6:F5:DE:69:71:4B:54:79:38:97:B6:CF:BD:54:F6:43 Fingerprint (SHA1): 1E:6E:A5:7F:F8:DC:EC:7C:FE:40:26:D4:02:A6:2D:CE:5C:BA:E6:D1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3935: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3936: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3937: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3938: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3939: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3940: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164471 (0x1ee28ff7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:55:15 2015 Not After : Mon May 18 20:55:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:cb:c0:1f:3a:24:e2:31:65:0d:21:b4:41:da:51:61: 73:61:47:e4:63:f0:b2:37:93:81:d2:9e:ab:52:bc:f2: 5e:f3:68:4f:94:ce:8f:5a:6c:5a:f1:c7:4c:fe:3f:2c: 53:aa:ad:e6:f3:cf:06:37:03:79:0a:d3:55:a0:b3:d3: f6:f4:6e:30:5b:c2:07:7f:a2:c7:c1:cf:ee:b9:e0:ba: 77:15:1d:ac:78:2f:55:be:df:55:54:8f:ed:7e:43:b7: 4a:b3:d1:bd:24:f5:41:1c:eb:cd:3f:54:5c:c6:42:45: bd:e6:c6:c5:52:ce:82:6e:5c:97:27:87:79:1c:72:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:8b:04:d3:02:61:e6:79:4f:db:86:f7:86:61:66:9e: ed:13:00:99:f3:6e:11:23:39:73:42:40:51:e7:4a:be: 21:e8:eb:16:dc:dd:04:64:0c:28:58:89:0e:80:fa:f9: f7:6e:aa:92:bf:60:a0:b6:02:71:b1:5b:73:18:0f:cb: 65:28:62:42:09:6f:ac:fc:0f:a3:2c:51:f2:4a:77:f5: 27:88:28:51:4a:9b:0a:53:9a:60:6f:b7:10:d8:d6:a3: b0:7d:4c:16:a6:72:aa:92:ac:58:9c:bd:82:50:8c:47: 9d:31:c8:e2:fe:d1:23:56:cb:45:b7:16:f2:bc:a4:23 Fingerprint (SHA-256): 7D:8E:0B:0C:51:69:34:57:67:39:B4:3D:93:C4:A2:9D:F6:F5:DE:69:71:4B:54:79:38:97:B6:CF:BD:54:F6:43 Fingerprint (SHA1): 1E:6E:A5:7F:F8:DC:EC:7C:FE:40:26:D4:02:A6:2D:CE:5C:BA:E6:D1 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3941: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164471 (0x1ee28ff7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 20:55:15 2015 Not After : Mon May 18 20:55:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:cb:c0:1f:3a:24:e2:31:65:0d:21:b4:41:da:51:61: 73:61:47:e4:63:f0:b2:37:93:81:d2:9e:ab:52:bc:f2: 5e:f3:68:4f:94:ce:8f:5a:6c:5a:f1:c7:4c:fe:3f:2c: 53:aa:ad:e6:f3:cf:06:37:03:79:0a:d3:55:a0:b3:d3: f6:f4:6e:30:5b:c2:07:7f:a2:c7:c1:cf:ee:b9:e0:ba: 77:15:1d:ac:78:2f:55:be:df:55:54:8f:ed:7e:43:b7: 4a:b3:d1:bd:24:f5:41:1c:eb:cd:3f:54:5c:c6:42:45: bd:e6:c6:c5:52:ce:82:6e:5c:97:27:87:79:1c:72:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:8b:04:d3:02:61:e6:79:4f:db:86:f7:86:61:66:9e: ed:13:00:99:f3:6e:11:23:39:73:42:40:51:e7:4a:be: 21:e8:eb:16:dc:dd:04:64:0c:28:58:89:0e:80:fa:f9: f7:6e:aa:92:bf:60:a0:b6:02:71:b1:5b:73:18:0f:cb: 65:28:62:42:09:6f:ac:fc:0f:a3:2c:51:f2:4a:77:f5: 27:88:28:51:4a:9b:0a:53:9a:60:6f:b7:10:d8:d6:a3: b0:7d:4c:16:a6:72:aa:92:ac:58:9c:bd:82:50:8c:47: 9d:31:c8:e2:fe:d1:23:56:cb:45:b7:16:f2:bc:a4:23 Fingerprint (SHA-256): 7D:8E:0B:0C:51:69:34:57:67:39:B4:3D:93:C4:A2:9D:F6:F5:DE:69:71:4B:54:79:38:97:B6:CF:BD:54:F6:43 Fingerprint (SHA1): 1E:6E:A5:7F:F8:DC:EC:7C:FE:40:26:D4:02:A6:2D:CE:5C:BA:E6:D1 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3942: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3943: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3944: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3945: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3946: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3947: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164470 (0x1ee28ff6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:55:12 2015 Not After : Mon May 18 20:55:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:71:ac:3e:18:48:fe:b7:ff:aa:a6:d0:6c:cb:08:ca: fe:c7:8e:0e:ba:f3:5a:3d:37:3a:a7:a7:1b:41:3e:7c: 86:e6:66:88:79:76:43:0a:89:a6:1f:95:e2:6c:ec:bc: cb:85:55:f7:6b:3c:c5:b5:97:17:6b:2e:35:82:cb:af: a4:61:18:95:23:51:77:de:d4:7e:e9:32:1f:c3:c5:81: fe:ea:28:6f:51:98:57:67:58:26:c5:96:84:c3:e5:80: 8c:0c:cc:b8:69:1f:22:15:a6:7c:2a:3c:24:27:9b:3a: 28:35:b4:0a:cf:f1:59:f7:39:8a:7f:a2:14:a4:dd:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:55:79:09:a2:c5:82:b4:9b:c8:b8:6f:64:1a:7d:89: df:b8:3b:67:23:01:6b:1f:47:56:1a:0b:2e:35:49:65: 66:d0:ea:95:6d:55:9c:4d:49:2a:d5:6c:ef:66:59:e2: 2e:a6:04:c4:b6:67:f7:98:29:b3:a3:7c:b7:d4:7e:b8: 05:af:e6:92:8c:0a:1d:76:fe:09:3a:e2:d3:ec:0a:58: 1e:21:96:4e:f2:0d:03:c6:e7:15:75:30:0d:5f:d4:b6: 3c:7e:b7:3d:23:4c:8b:e7:1b:cc:df:d4:10:d9:19:64: 8b:ee:58:7b:f3:e1:6b:96:bf:ff:f3:87:60:77:5c:00 Fingerprint (SHA-256): 7C:9A:DC:D2:A4:0C:4C:E2:8B:C0:BA:D5:37:38:8C:39:13:19:CA:7E:27:B4:67:DA:C5:16:72:6A:67:36:19:99 Fingerprint (SHA1): 22:74:CC:52:82:0A:87:7D:34:34:25:A1:E3:E3:FD:CC:A6:71:95:7B Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3948: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164470 (0x1ee28ff6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 20:55:12 2015 Not After : Mon May 18 20:55:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:71:ac:3e:18:48:fe:b7:ff:aa:a6:d0:6c:cb:08:ca: fe:c7:8e:0e:ba:f3:5a:3d:37:3a:a7:a7:1b:41:3e:7c: 86:e6:66:88:79:76:43:0a:89:a6:1f:95:e2:6c:ec:bc: cb:85:55:f7:6b:3c:c5:b5:97:17:6b:2e:35:82:cb:af: a4:61:18:95:23:51:77:de:d4:7e:e9:32:1f:c3:c5:81: fe:ea:28:6f:51:98:57:67:58:26:c5:96:84:c3:e5:80: 8c:0c:cc:b8:69:1f:22:15:a6:7c:2a:3c:24:27:9b:3a: 28:35:b4:0a:cf:f1:59:f7:39:8a:7f:a2:14:a4:dd:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:55:79:09:a2:c5:82:b4:9b:c8:b8:6f:64:1a:7d:89: df:b8:3b:67:23:01:6b:1f:47:56:1a:0b:2e:35:49:65: 66:d0:ea:95:6d:55:9c:4d:49:2a:d5:6c:ef:66:59:e2: 2e:a6:04:c4:b6:67:f7:98:29:b3:a3:7c:b7:d4:7e:b8: 05:af:e6:92:8c:0a:1d:76:fe:09:3a:e2:d3:ec:0a:58: 1e:21:96:4e:f2:0d:03:c6:e7:15:75:30:0d:5f:d4:b6: 3c:7e:b7:3d:23:4c:8b:e7:1b:cc:df:d4:10:d9:19:64: 8b:ee:58:7b:f3:e1:6b:96:bf:ff:f3:87:60:77:5c:00 Fingerprint (SHA-256): 7C:9A:DC:D2:A4:0C:4C:E2:8B:C0:BA:D5:37:38:8C:39:13:19:CA:7E:27:B4:67:DA:C5:16:72:6A:67:36:19:99 Fingerprint (SHA1): 22:74:CC:52:82:0A:87:7D:34:34:25:A1:E3:E3:FD:CC:A6:71:95:7B Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3949: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3950: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164475 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3951: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3952: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3953: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164476 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3954: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3955: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3956: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164477 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3957: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3958: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3959: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164478 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3960: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3961: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3962: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164479 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3963: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3964: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3965: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164480 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3966: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3967: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3968: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164481 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3969: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3970: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3971: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164482 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3972: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3973: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3974: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164483 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3975: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3976: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3977: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3978: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518164484 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3979: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3980: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518164485 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3981: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3982: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518164486 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3983: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3984: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3985: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3986: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3987: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518164487 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3988: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3989: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518164488 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3990: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3991: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518164489 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3992: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3993: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3994: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3995: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3996: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518164490 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3997: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3998: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518164491 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3999: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4000: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518164492 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4001: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4002: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #4003: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #4004: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4005: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518164493 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4006: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4007: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518164494 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4008: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4009: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518164495 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4010: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4011: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #4012: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4013: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4014: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518164496 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4015: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4016: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4017: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4018: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518164497 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4019: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4020: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164475 (0x1ee28ffb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 20:55:40 2015 Not After : Mon May 18 20:55:40 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d7:dd:e8:fd:be:62:c5:c9:d5:05:84:b0:80:bf:cd:19: d3:4d:45:53:2f:06:a3:c0:9e:9f:c5:9c:76:a5:a7:cf: 7d:87:54:59:bc:c8:59:5e:b0:0d:67:f7:a6:2b:cf:cf: 93:d6:ec:dc:37:a3:6e:b3:c2:15:d6:5b:f7:fc:e3:b8: 5f:2e:02:5a:88:2a:9b:1b:da:df:1a:68:e0:cb:42:e6: ce:26:ab:ee:eb:0c:b4:42:0e:35:3a:f0:e2:bb:5c:1e: b6:07:02:11:05:52:48:07:a4:fa:4f:6c:59:4c:43:f6: 4e:56:5d:b0:77:f6:d1:9e:57:98:21:74:cd:89:b2:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:48:b1:02:f3:38:13:75:7b:19:9b:e5:75:95:88:b0: 17:ae:2e:5b:8d:65:d5:fb:97:d1:1e:33:c2:d7:1b:6f: 40:3f:e5:c0:34:3c:b2:12:15:de:c2:3f:dd:ad:40:14: b0:27:df:1c:5b:cc:ab:56:f7:f7:d2:92:99:38:d7:60: d2:15:10:fe:c1:3c:72:0c:bd:47:c0:66:d5:44:d8:8a: df:2a:a5:15:00:30:83:cb:66:50:35:31:40:85:63:5b: 03:f6:7b:e6:8a:8e:85:55:1a:cd:aa:64:da:f1:12:c4: b5:9f:52:5e:2d:13:9f:e9:46:92:ce:4f:91:fd:1a:38 Fingerprint (SHA-256): B1:DE:FB:C0:D3:1B:71:FE:4C:4B:AC:68:D2:D4:64:E5:5D:9D:43:68:E2:73:A4:2A:65:59:D7:81:89:F8:A3:2F Fingerprint (SHA1): 0B:57:4C:90:92:5D:CC:76:28:06:10:EA:35:C8:95:10:E3:29:35:64 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4021: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164476 (0x1ee28ffc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 20:55:42 2015 Not After : Mon May 18 20:55:42 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:ca:1f:22:bb:14:50:81:54:b5:84:2b:e4:bd:a1:e5: 18:0a:a3:d6:c7:b5:0a:b2:14:0a:f9:d2:25:d2:4f:44: ad:1c:91:da:44:ec:45:a0:d6:25:cc:98:cc:70:b0:6d: 39:40:84:77:96:41:16:6b:c3:9a:fd:ca:65:7e:e5:87: c5:b1:16:97:cb:61:95:27:c8:0d:e8:92:24:74:55:72: ef:35:f7:d0:ca:ee:e7:35:f4:08:9c:0d:2f:10:bc:d6: fd:e9:53:e4:38:69:c2:79:04:ff:82:76:5e:5d:5d:72: 98:4c:29:64:bd:ec:d2:2e:21:0a:e2:35:73:85:58:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:24:7e:5f:6c:b7:1e:5c:23:d1:bc:72:3b:66:f4:e8: 70:c1:b6:b6:2c:b2:6f:ba:b5:1a:a2:ea:5c:99:a6:d3: 63:e9:66:97:7d:ec:dc:73:0f:32:bf:19:c0:3a:49:35: 8e:8c:54:a5:9d:d6:18:30:e3:17:58:ed:2e:19:23:b7: 99:b2:b1:31:6a:01:4f:8a:8d:47:e1:33:0f:9d:8d:45: 04:5e:39:ac:fb:79:26:3e:97:f7:b2:f0:95:79:fd:8f: 89:b5:6a:99:0f:af:23:c8:b3:35:09:bb:6b:9c:c5:27: 51:cf:a2:af:be:eb:64:1c:b2:46:b0:e4:82:81:24:5e Fingerprint (SHA-256): F1:10:9A:8B:50:9B:D3:F0:C1:F1:DC:F7:9F:AC:BE:01:2D:DC:91:DF:7D:73:37:33:EF:0F:AF:CC:F8:8E:76:96 Fingerprint (SHA1): C9:3B:92:2D:05:E4:EF:1E:65:1B:66:D7:42:26:32:AE:CE:65:B4:FB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4022: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164477 (0x1ee28ffd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 20:55:45 2015 Not After : Mon May 18 20:55:45 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:29:fe:62:29:78:5a:8f:46:ef:a5:b5:14:bc:b0:74: ad:3f:93:68:73:18:59:2c:ec:bb:cb:b1:f5:80:b3:58: 9e:57:be:d6:a9:e1:f7:62:c1:1b:4b:a0:94:a8:d9:33: 7c:f1:c3:19:90:87:75:c1:8b:a9:5a:01:c5:42:06:1e: 2f:39:f9:70:f4:c9:db:6f:72:16:5d:14:11:8b:64:d7: 06:a7:45:45:de:e5:c7:83:f5:85:47:e1:18:9c:35:a6: 75:fa:eb:40:9b:19:a6:4f:35:2d:2a:3f:6f:55:01:48: 50:cb:f4:52:92:50:a4:ee:a6:20:32:d5:3d:b5:cd:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:13:9f:b9:0e:75:ff:b4:f2:0a:7d:8d:d6:7f:1c:1e: 82:30:c8:9a:9a:97:31:52:46:19:70:40:cb:e7:9c:c9: 1b:a2:45:6f:7a:e3:3b:27:0b:5a:89:e1:e4:e3:db:22: f5:a2:76:10:ca:0b:e9:ee:cd:da:94:ff:4b:81:b6:5d: 20:cd:f8:e2:1b:18:d5:01:f6:68:fe:fa:2d:74:ec:9d: d2:a4:1a:cc:40:11:d9:85:47:81:a9:d5:9d:e3:ad:7c: 6d:64:de:40:02:18:6e:30:14:71:e8:2f:98:46:fa:66: 9c:98:78:ee:f3:6a:43:20:5b:33:8e:a3:f4:4c:3f:ea Fingerprint (SHA-256): 12:FA:A4:EF:76:E7:E2:EE:75:39:90:32:FD:51:12:4F:AB:61:41:65:B5:82:B0:77:27:7B:D4:84:FB:2E:7F:B0 Fingerprint (SHA1): 32:99:DF:DE:F3:36:A3:CD:C0:86:4D:B1:41:E7:65:DA:62:A8:7D:63 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4023: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164478 (0x1ee28ffe) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 20:55:47 2015 Not After : Mon May 18 20:55:47 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f9:49:d5:04:fd:b7:b9:2e:e5:79:7d:98:b5:13:33:62: cc:7b:c6:7c:58:02:68:5e:b4:83:f2:0c:00:8c:c2:08: a1:db:24:31:34:2f:13:6f:88:54:d1:ba:dd:c0:c5:30: dd:29:74:d8:2d:d8:70:74:49:ce:3a:bc:8c:b2:4c:97: 76:e3:1b:97:79:8e:05:d6:09:6d:e2:5e:82:eb:1d:1c: cd:c5:97:31:05:17:21:a0:d8:d2:27:92:03:24:35:ee: 92:b0:5f:73:cd:98:de:46:f2:01:66:ad:10:03:e0:df: d7:fe:24:01:da:70:3d:26:39:c9:ad:82:0c:a3:3e:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: cc:8e:6d:fc:6a:85:c3:90:d9:6d:c5:f9:69:81:56:a5: 35:8f:2a:1b:e6:83:ca:6a:ed:b5:9b:0a:43:87:23:81: ee:71:6c:64:ab:5e:d7:d3:ce:0d:c9:4c:e5:51:62:7a: 2f:1a:ca:35:b9:78:dc:86:d8:f3:36:2b:29:26:6d:a5: 6d:34:f7:0c:06:38:47:38:cf:06:d7:77:d7:70:50:66: d3:d5:c5:55:e7:ed:e1:f0:e0:7e:73:88:00:20:32:62: 4f:41:50:4f:b7:28:90:8d:eb:18:49:62:98:48:94:fe: 07:12:a0:1f:75:79:ff:8e:fc:20:e7:ed:7f:f3:50:d8 Fingerprint (SHA-256): 05:14:E9:79:71:1A:7A:94:F8:BD:4E:50:B2:A3:D0:56:47:A0:CC:9E:36:40:B2:81:49:3A:75:A3:91:29:C5:86 Fingerprint (SHA1): 9D:26:8E:23:58:52:EB:E0:A3:27:93:03:2A:7A:91:E0:DD:6E:C4:7A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4024: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164479 (0x1ee28fff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 20:55:50 2015 Not After : Mon May 18 20:55:50 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:7a:32:26:0f:46:c7:34:b0:1e:65:38:ca:0b:3c:f2: e4:d5:73:d7:24:3c:fb:72:89:9f:22:19:e3:87:c9:2e: 9a:dc:8b:87:e3:89:8b:85:6f:a2:7b:c0:e1:db:5d:97: 9c:7f:ae:82:ed:4f:5e:cd:b8:fd:2b:4e:a3:75:f0:81: bd:f4:1c:54:2a:b9:30:5f:98:99:05:1d:ae:0f:c8:5d: 72:5d:f6:6e:fa:84:a6:0f:fd:46:3b:a2:93:94:d4:64: 1e:6c:3b:c6:c5:9c:fd:5c:07:f8:5f:d4:1e:e2:e7:dd: b6:3b:dc:45:3f:af:ee:48:aa:9d:92:6a:65:ac:ad:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:b8:4a:67:b2:64:39:8c:b9:fe:13:c2:c5:6c:27:04: 61:91:90:e3:13:02:58:9c:57:b4:d5:6c:35:90:c6:e2: 15:fe:fc:00:54:c1:10:bb:f8:50:58:cf:34:45:37:84: ee:60:19:52:22:4c:61:10:98:04:f7:d1:aa:5c:a9:27: 75:33:90:45:ee:01:3b:90:c7:24:73:7b:74:ec:b5:cd: d7:b4:55:90:1e:e2:b4:f4:d3:2e:f1:76:ff:09:0d:31: f8:a5:ab:0a:ff:b8:ed:4e:bf:72:ea:c4:15:c2:bd:77: fb:2d:5b:b2:3a:31:2f:a6:b4:c0:11:cd:97:b5:26:90 Fingerprint (SHA-256): 76:6D:41:22:86:81:90:6A:29:BB:B1:19:C6:A2:7A:0E:A4:5D:CB:15:AE:BA:FD:5A:00:80:75:6E:F1:D9:C1:D8 Fingerprint (SHA1): BA:D6:64:A4:76:65:EF:19:44:21:37:43:4D:BE:94:FF:46:DE:42:52 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4025: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164480 (0x1ee29000) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 20:55:53 2015 Not After : Mon May 18 20:55:53 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:94:d1:31:14:7e:16:8b:fc:c6:40:ce:3b:22:7f:01: 6a:05:d1:5f:eb:20:b6:45:db:86:51:38:25:f6:eb:d7: 12:21:95:9e:d0:26:f7:7b:e7:94:06:bc:82:0b:c9:2b: 30:ee:bf:af:bd:ed:22:60:32:26:a9:29:9b:f9:44:ef: ad:9d:fd:9a:e7:69:52:40:c2:62:ef:93:59:bf:be:1b: 6f:3f:b3:f0:18:a4:82:8d:fd:58:f0:66:63:17:2b:90: 4e:c2:e8:c8:0d:ec:67:91:c4:38:09:ba:da:54:8a:7b: 1e:e4:57:13:e6:a4:93:d9:99:e7:5d:a1:7f:d4:ad:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 06:81:49:c8:12:6f:38:49:32:99:1d:0a:a1:01:39:f4: 11:f0:9a:91:e3:fc:38:48:33:9d:77:2c:e9:f7:6b:37: 60:a1:83:63:8f:c5:dd:cd:9c:40:b5:5e:ed:b7:ff:ef: 51:fd:d7:8d:00:5d:6b:89:58:89:ca:3d:b2:3e:62:b0: 85:a4:6d:47:fd:ea:3d:b7:77:74:16:3e:88:01:81:db: 93:db:20:32:1b:eb:0e:0b:a5:99:b6:d3:f6:97:bf:52: ec:d5:83:75:34:83:26:aa:20:ea:be:e5:07:a6:10:c9: ea:e8:cd:12:e3:84:63:4d:81:76:8f:16:17:83:91:e6 Fingerprint (SHA-256): 8F:EE:A6:C2:E8:CB:6A:9D:81:4C:6E:96:DF:DC:4B:E8:AC:71:D7:39:87:64:90:6A:69:19:14:B4:53:33:B0:82 Fingerprint (SHA1): C5:55:D9:55:2D:DF:A3:C5:2C:6D:10:FF:06:1E:40:2B:7F:AE:EA:4A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4026: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164481 (0x1ee29001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 20:55:55 2015 Not After : Mon May 18 20:55:55 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:c6:a6:81:64:ba:3b:99:cf:51:7c:03:61:89:e9:e9: 37:49:66:72:63:23:db:64:57:2a:ac:86:17:0a:a6:c8: 6b:87:b7:0a:cb:21:81:27:7c:9b:18:46:01:19:59:22: b0:08:d9:d2:af:24:48:6f:16:0b:c2:f3:eb:4a:43:cd: e4:16:c6:db:fb:55:45:f0:9f:2f:ac:91:a8:5c:00:27: 54:0f:81:33:e1:c2:c6:d9:40:47:9a:b1:2a:14:04:2a: 78:cd:46:6c:da:16:36:1f:96:ea:fd:0e:ff:f7:41:6f: be:e6:76:8b:6e:f9:36:54:8a:c5:78:34:00:65:f9:2f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:3b:53:3e:99:54:b9:d9:c4:f9:fc:cd:c3:2d:d6:ee: 20:48:32:11:64:0e:51:18:5b:a8:62:af:89:b4:7f:d1: b7:22:52:fc:9f:d1:86:d9:97:81:2b:2f:20:d5:99:a5: 61:c7:a6:31:e6:ac:fa:4f:1e:9c:27:b3:5c:3e:e9:b1: b5:12:ee:da:71:91:a8:b9:b7:fb:a9:68:0b:3f:52:32: b6:e1:ea:af:a0:c0:6c:b8:20:2e:8d:cb:06:4d:cc:98: ce:d3:b5:18:a8:2e:83:78:2c:6a:5f:52:0c:be:21:0b: 73:12:01:7a:be:ea:45:b1:2a:c3:2f:98:6e:e2:28:ae Fingerprint (SHA-256): BA:73:21:51:EF:21:2C:A1:47:40:31:C8:1E:98:86:D8:D7:9A:97:1D:4E:39:F4:DE:BD:D3:7A:34:3D:C2:91:4F Fingerprint (SHA1): 71:73:35:89:7F:A9:DC:E7:51:B7:C2:28:2A:D9:C4:B7:AA:15:4B:2F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4027: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164482 (0x1ee29002) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 20:55:58 2015 Not After : Mon May 18 20:55:58 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:50:1d:0e:47:bf:bf:1a:b2:86:4e:b7:38:89:f7:83: 48:88:86:a2:e2:86:df:36:f3:75:f1:dc:16:9d:29:6c: d6:c6:67:df:4e:b3:10:7b:c4:20:c8:b6:af:66:d1:4a: 4e:9b:92:cb:f1:0b:0b:8f:d1:56:a0:f5:b9:39:b7:c1: 7d:eb:ab:19:02:b8:dd:c9:14:92:43:25:44:7a:d8:f9: 55:88:bf:26:a5:60:46:a7:cc:85:54:33:2f:cd:a6:b6: a3:e5:96:bf:3a:8c:a7:ef:a3:00:c0:5b:00:c1:27:31: 06:93:fd:ed:c3:1f:c9:23:39:95:13:a3:3e:a8:68:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:60:35:c4:a7:62:f5:63:da:50:49:2b:4d:58:58:92: 29:ab:04:2a:77:a1:94:c6:e6:95:3b:01:ea:b0:ce:7c: d1:60:36:20:4e:7e:de:2e:c8:cd:f5:3a:50:0d:d9:8e: c7:ad:92:a8:b9:35:0e:4c:56:cd:00:cd:f9:b1:ad:0d: 01:c0:81:e6:bc:c4:fd:f8:52:23:41:44:3d:e7:bf:ff: cf:0c:90:3d:f4:8d:d3:93:3f:c5:0a:a7:06:1e:f0:cc: 14:a8:f4:0d:1d:43:f7:b6:9e:88:47:29:93:c9:72:29: 08:d3:a7:2d:86:bb:e6:a6:55:bd:c4:a9:e1:62:ef:69 Fingerprint (SHA-256): 61:C6:AC:4A:70:9B:A3:D0:9F:90:39:58:A0:2F:8D:E0:F3:77:4B:63:8C:3F:C1:C1:F7:5A:C5:04:CF:0F:6D:FA Fingerprint (SHA1): 20:82:F1:CF:EB:87:E8:47:D2:C3:33:4A:8C:A0:96:B3:FA:FF:1C:15 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4028: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164483 (0x1ee29003) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 20:56:01 2015 Not After : Mon May 18 20:56:01 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:a7:fd:b3:f1:b2:09:bd:77:0e:db:be:b5:de:51:c4: 7f:e2:0f:ca:38:d2:1f:b9:23:9f:8a:f0:ba:95:4f:01: d3:df:7e:bc:b1:7f:73:d2:78:a6:52:c0:4e:1a:34:7a: ea:74:b5:e4:b0:9c:b6:41:1a:77:4a:b1:c7:c5:12:70: 47:6d:10:cd:9f:cf:3d:b9:2e:5c:b8:d1:8e:f7:a5:41: 84:b2:ce:5b:44:c1:27:f8:8e:96:1f:4c:77:86:8b:1a: 8c:09:ed:42:b5:55:e2:81:ba:cf:1a:1f:31:cc:f2:b3: 66:e8:dd:a4:6f:11:4b:c2:41:1c:9b:ea:be:a5:8b:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a9:32:7d:6d:de:73:01:1b:f3:e3:48:0d:2c:94:dd:83: fb:42:21:9b:91:d5:3c:db:c8:0a:d2:93:ec:8d:13:6a: b3:d5:e5:43:ae:89:6a:4f:37:dd:8a:7d:03:f1:99:ea: e4:db:c5:18:58:af:05:61:2d:0c:90:17:f1:c6:85:98: 88:3e:66:d6:a6:3c:ea:ce:81:8c:05:86:d4:7f:a3:ca: fe:3e:d7:65:e2:61:07:c9:4e:58:22:2b:62:a0:24:56: 76:a8:23:2c:13:f7:58:41:24:b2:a0:85:a7:bf:05:46: 5c:1e:f3:dc:c0:55:bd:86:b4:ab:8b:e0:5c:cc:03:9e Fingerprint (SHA-256): 89:56:11:AA:F7:02:01:49:69:7C:AB:8D:12:59:62:94:9F:C4:84:F6:06:25:AF:5D:46:C6:1C:9F:78:20:CC:52 Fingerprint (SHA1): 94:2D:2A:21:87:F8:50:0B:E4:53:C0:60:84:E6:CD:00:68:9F:98:37 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4029: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4030: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164498 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4031: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4032: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4033: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4034: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164499 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4035: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4036: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4037: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4038: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164500 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4039: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4040: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4041: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4042: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518164501 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4043: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4044: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4045: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164498 (0x1ee29012) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:56:42 2015 Not After : Mon May 18 20:56:42 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:9d:1a:8e:b1:53:68:f2:e1:c9:82:56:a2:b0:82:1e: 20:c8:f3:e8:b7:a7:99:9f:9d:d0:b5:b5:0d:47:5f:88: ff:c4:e6:6d:63:4b:90:17:97:49:3c:20:9d:94:cb:e1: 17:47:a4:46:a0:e8:f8:8e:54:c1:d1:20:4d:7f:5c:75: b4:2d:0a:ec:79:c6:8b:53:16:b0:60:85:21:6b:e6:1a: fa:60:f2:e9:b3:2f:a8:0c:42:78:77:c5:6a:1e:1b:02: 5a:ba:a3:95:f0:cd:70:08:2a:cd:e3:3e:99:ec:07:79: 95:cc:88:fd:e8:1f:be:33:45:cd:14:de:87:3f:88:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:b8:65:ff:da:bc:44:ee:f7:c4:c4:7e:3c:a0:22:f1: 03:a2:8d:3b:22:d7:2d:16:07:09:b0:ee:fd:3a:bd:99: c2:bc:f6:bd:fd:3b:77:74:7f:38:dd:b8:5c:11:a0:f8: 42:98:f3:c6:bd:ed:fc:52:bf:46:e8:d7:98:73:8d:c5: f5:a5:9b:ef:b7:e6:c4:ae:6b:c7:07:a3:58:38:04:99: 93:7f:24:45:40:43:05:ba:40:d4:3a:2f:dc:a3:d0:95: 5d:7d:02:6f:c3:cb:fc:aa:8a:c2:01:3e:be:24:51:99: 67:44:82:f8:0e:bb:11:e8:e3:c0:6d:61:94:9e:16:f4 Fingerprint (SHA-256): 20:2B:F6:6C:94:97:C5:ED:F8:35:8F:E0:BE:8A:56:A4:90:0D:AE:E0:5C:BE:F3:11:F6:7F:88:3C:C7:5E:3E:BD Fingerprint (SHA1): 25:6E:4B:2D:8C:84:EB:3D:C4:78:58:DD:4C:9F:FC:33:5E:97:B5:EB Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4046: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4047: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164499 (0x1ee29013) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:56:45 2015 Not After : Mon May 18 20:56:45 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:ff:d1:5d:2c:0e:f8:b4:7a:85:41:e5:8f:cb:20:64: 34:c3:07:3b:ed:3e:0a:33:91:6a:d7:f0:53:e0:47:60: a5:23:e6:7a:51:b0:96:d1:d5:33:2d:8f:84:6e:27:f1: d3:d8:e8:0f:07:b1:90:a0:13:5b:32:b8:ea:2b:8f:d7: 7a:01:67:11:ff:10:57:f4:5f:45:66:fb:e6:4a:62:a3: ce:97:04:ef:c0:9d:93:3e:80:dd:d0:6e:27:f0:8e:20: 89:e7:40:90:0a:52:1e:36:88:8b:60:6b:e4:c6:ed:f5: 99:32:b1:a5:ef:e6:a1:3c:a4:e7:69:4f:37:0d:1d:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:6d:72:4f:27:a7:7a:4a:ea:81:64:3f:e0:98:8e:5a: 0b:9c:f6:cf:dd:35:69:1e:d4:98:05:09:3d:92:85:27: 3c:17:62:5a:2c:0c:95:55:21:85:6b:9d:da:96:bb:60: 35:a5:e5:4f:87:f5:d3:54:44:d1:ca:b4:78:f0:7f:3b: 0b:2a:81:62:2f:1c:ac:37:4d:a2:41:2c:83:43:37:d4: 2e:00:d9:58:5d:a2:b4:ed:74:54:d8:63:6d:2d:1e:89: 1d:49:c8:e3:0a:97:c5:a0:11:86:7e:4a:59:69:03:08: 50:12:2a:63:50:e9:4d:31:cc:b2:ab:0c:3f:1a:14:eb Fingerprint (SHA-256): 3D:C7:CA:B8:92:CB:5E:CE:20:89:8F:51:8F:E7:87:B2:3F:8D:F5:5A:F7:40:E1:B0:EA:5B:E4:7D:9F:B6:C3:CF Fingerprint (SHA1): D0:28:A7:19:CF:46:95:D5:55:56:7F:DF:38:81:ED:2E:7A:61:83:A0 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4048: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4049: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164500 (0x1ee29014) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:56:48 2015 Not After : Mon May 18 20:56:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:73:5b:07:b6:61:38:e3:21:ad:fe:f9:d4:ca:40:83: 85:88:75:ff:08:f0:c7:12:de:e8:c2:5e:be:8f:90:7b: 11:cb:b6:b0:d7:ad:b0:3e:07:e2:93:d5:50:ee:00:51: f2:00:18:33:33:f3:13:39:4b:f9:52:99:de:70:50:77: 37:4b:02:e4:50:df:ae:df:92:ea:7a:c1:9d:41:5d:6b: 59:b6:c2:62:3e:d5:5e:4f:fc:cf:8c:fa:98:bc:1c:3b: ae:69:bf:de:3d:ce:7b:0b:e8:41:d7:04:af:82:db:15: 56:28:99:d8:b8:51:f3:6d:af:bc:7f:91:b3:86:43:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:e5:c0:ef:f2:ac:ca:99:6c:2f:a4:85:fd:1c:14:58: ed:a8:43:e7:41:7f:4d:cc:8f:5e:c3:76:d4:99:b9:c3: 82:1b:aa:e2:d4:cf:50:0a:48:50:da:7d:d7:99:55:f6: e8:02:60:ed:15:e7:d1:e0:2a:d7:10:f8:13:83:33:c3: 70:5f:92:d7:35:e2:d7:75:cd:e2:3e:49:4b:d6:da:ab: 68:0c:8a:56:99:c5:e0:84:44:67:ef:7f:f6:2b:33:35: 80:f6:8a:4a:31:3d:e8:f4:0f:5e:f2:04:64:f3:35:da: 0c:25:04:78:68:6a:10:bd:ad:07:f2:3a:48:35:f5:1f Fingerprint (SHA-256): 2B:88:2E:5E:79:D7:DB:4F:5F:11:DC:E1:B4:65:67:18:82:54:C0:F7:FE:90:29:94:6E:80:62:A5:E7:74:48:69 Fingerprint (SHA1): FD:36:85:00:76:30:21:72:B3:45:BD:BC:AF:C3:7F:F9:09:80:A7:EA Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4050: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4051: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4052: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4053: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4054: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164498 (0x1ee29012) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:56:42 2015 Not After : Mon May 18 20:56:42 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:9d:1a:8e:b1:53:68:f2:e1:c9:82:56:a2:b0:82:1e: 20:c8:f3:e8:b7:a7:99:9f:9d:d0:b5:b5:0d:47:5f:88: ff:c4:e6:6d:63:4b:90:17:97:49:3c:20:9d:94:cb:e1: 17:47:a4:46:a0:e8:f8:8e:54:c1:d1:20:4d:7f:5c:75: b4:2d:0a:ec:79:c6:8b:53:16:b0:60:85:21:6b:e6:1a: fa:60:f2:e9:b3:2f:a8:0c:42:78:77:c5:6a:1e:1b:02: 5a:ba:a3:95:f0:cd:70:08:2a:cd:e3:3e:99:ec:07:79: 95:cc:88:fd:e8:1f:be:33:45:cd:14:de:87:3f:88:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:b8:65:ff:da:bc:44:ee:f7:c4:c4:7e:3c:a0:22:f1: 03:a2:8d:3b:22:d7:2d:16:07:09:b0:ee:fd:3a:bd:99: c2:bc:f6:bd:fd:3b:77:74:7f:38:dd:b8:5c:11:a0:f8: 42:98:f3:c6:bd:ed:fc:52:bf:46:e8:d7:98:73:8d:c5: f5:a5:9b:ef:b7:e6:c4:ae:6b:c7:07:a3:58:38:04:99: 93:7f:24:45:40:43:05:ba:40:d4:3a:2f:dc:a3:d0:95: 5d:7d:02:6f:c3:cb:fc:aa:8a:c2:01:3e:be:24:51:99: 67:44:82:f8:0e:bb:11:e8:e3:c0:6d:61:94:9e:16:f4 Fingerprint (SHA-256): 20:2B:F6:6C:94:97:C5:ED:F8:35:8F:E0:BE:8A:56:A4:90:0D:AE:E0:5C:BE:F3:11:F6:7F:88:3C:C7:5E:3E:BD Fingerprint (SHA1): 25:6E:4B:2D:8C:84:EB:3D:C4:78:58:DD:4C:9F:FC:33:5E:97:B5:EB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4055: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4056: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164499 (0x1ee29013) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:56:45 2015 Not After : Mon May 18 20:56:45 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:ff:d1:5d:2c:0e:f8:b4:7a:85:41:e5:8f:cb:20:64: 34:c3:07:3b:ed:3e:0a:33:91:6a:d7:f0:53:e0:47:60: a5:23:e6:7a:51:b0:96:d1:d5:33:2d:8f:84:6e:27:f1: d3:d8:e8:0f:07:b1:90:a0:13:5b:32:b8:ea:2b:8f:d7: 7a:01:67:11:ff:10:57:f4:5f:45:66:fb:e6:4a:62:a3: ce:97:04:ef:c0:9d:93:3e:80:dd:d0:6e:27:f0:8e:20: 89:e7:40:90:0a:52:1e:36:88:8b:60:6b:e4:c6:ed:f5: 99:32:b1:a5:ef:e6:a1:3c:a4:e7:69:4f:37:0d:1d:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:6d:72:4f:27:a7:7a:4a:ea:81:64:3f:e0:98:8e:5a: 0b:9c:f6:cf:dd:35:69:1e:d4:98:05:09:3d:92:85:27: 3c:17:62:5a:2c:0c:95:55:21:85:6b:9d:da:96:bb:60: 35:a5:e5:4f:87:f5:d3:54:44:d1:ca:b4:78:f0:7f:3b: 0b:2a:81:62:2f:1c:ac:37:4d:a2:41:2c:83:43:37:d4: 2e:00:d9:58:5d:a2:b4:ed:74:54:d8:63:6d:2d:1e:89: 1d:49:c8:e3:0a:97:c5:a0:11:86:7e:4a:59:69:03:08: 50:12:2a:63:50:e9:4d:31:cc:b2:ab:0c:3f:1a:14:eb Fingerprint (SHA-256): 3D:C7:CA:B8:92:CB:5E:CE:20:89:8F:51:8F:E7:87:B2:3F:8D:F5:5A:F7:40:E1:B0:EA:5B:E4:7D:9F:B6:C3:CF Fingerprint (SHA1): D0:28:A7:19:CF:46:95:D5:55:56:7F:DF:38:81:ED:2E:7A:61:83:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4057: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4058: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164500 (0x1ee29014) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:56:48 2015 Not After : Mon May 18 20:56:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:73:5b:07:b6:61:38:e3:21:ad:fe:f9:d4:ca:40:83: 85:88:75:ff:08:f0:c7:12:de:e8:c2:5e:be:8f:90:7b: 11:cb:b6:b0:d7:ad:b0:3e:07:e2:93:d5:50:ee:00:51: f2:00:18:33:33:f3:13:39:4b:f9:52:99:de:70:50:77: 37:4b:02:e4:50:df:ae:df:92:ea:7a:c1:9d:41:5d:6b: 59:b6:c2:62:3e:d5:5e:4f:fc:cf:8c:fa:98:bc:1c:3b: ae:69:bf:de:3d:ce:7b:0b:e8:41:d7:04:af:82:db:15: 56:28:99:d8:b8:51:f3:6d:af:bc:7f:91:b3:86:43:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:e5:c0:ef:f2:ac:ca:99:6c:2f:a4:85:fd:1c:14:58: ed:a8:43:e7:41:7f:4d:cc:8f:5e:c3:76:d4:99:b9:c3: 82:1b:aa:e2:d4:cf:50:0a:48:50:da:7d:d7:99:55:f6: e8:02:60:ed:15:e7:d1:e0:2a:d7:10:f8:13:83:33:c3: 70:5f:92:d7:35:e2:d7:75:cd:e2:3e:49:4b:d6:da:ab: 68:0c:8a:56:99:c5:e0:84:44:67:ef:7f:f6:2b:33:35: 80:f6:8a:4a:31:3d:e8:f4:0f:5e:f2:04:64:f3:35:da: 0c:25:04:78:68:6a:10:bd:ad:07:f2:3a:48:35:f5:1f Fingerprint (SHA-256): 2B:88:2E:5E:79:D7:DB:4F:5F:11:DC:E1:B4:65:67:18:82:54:C0:F7:FE:90:29:94:6E:80:62:A5:E7:74:48:69 Fingerprint (SHA1): FD:36:85:00:76:30:21:72:B3:45:BD:BC:AF:C3:7F:F9:09:80:A7:EA Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4059: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4060: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4061: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164502 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4062: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4063: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4064: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4065: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518164503 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4066: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4067: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4068: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4069: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164504 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4070: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4071: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4072: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4073: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518164505 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4074: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4075: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4076: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4077: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518164506 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4078: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4079: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4080: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164502 (0x1ee29016) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:05 2015 Not After : Mon May 18 20:57:05 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:9a:e6:e7:c2:6b:c6:57:8a:a0:bf:73:94:3a:ca:a9: a0:f6:b6:87:96:32:79:9a:87:dd:38:37:b9:ee:63:5f: 01:e9:8e:07:1e:6a:80:05:ff:2b:22:bd:12:c5:a2:43: 01:eb:66:36:73:d0:0b:03:47:73:a7:d4:5f:3b:5a:59: fb:f3:65:3d:71:b7:b7:3c:68:ed:46:87:3d:ef:0c:f0: a7:79:c6:13:63:a4:f7:c4:12:1d:db:da:e7:f4:e6:16: 15:66:90:da:23:09:34:f3:d1:0f:99:07:93:c4:2d:92: 29:81:76:86:da:a6:e0:68:6b:13:6a:b6:b6:20:36:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:91:ec:27:2d:76:42:30:40:7f:33:5b:2e:b0:94:57: 56:0e:51:58:a5:4c:55:b6:af:7f:f6:a9:61:61:42:82: d9:78:02:76:75:1d:c5:0a:71:29:41:55:1a:49:07:c6: 29:0d:16:c2:ae:fd:2f:50:00:1b:a2:99:a0:1a:a2:bd: 06:27:44:c8:6f:37:7b:42:e4:1c:57:02:d1:e8:16:0d: e1:19:6b:7d:dd:ff:04:b5:80:25:56:8d:fd:2b:1d:5a: 76:72:f6:86:78:56:87:d2:c2:16:87:19:a7:81:82:ff: a3:81:17:42:00:59:3f:f8:6b:1e:b7:f2:4a:b6:c5:e2 Fingerprint (SHA-256): A8:7F:FF:18:DE:A0:83:72:D8:B1:9F:A6:43:24:83:28:A9:AF:E1:67:6F:50:B5:92:18:84:9D:3A:F9:32:9C:3B Fingerprint (SHA1): 45:9C:D3:00:29:BE:BC:74:29:50:48:AF:9E:14:18:9F:19:39:F1:85 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4081: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4082: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164503 (0x1ee29017) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:08 2015 Not After : Mon May 18 20:57:08 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:19:90:cb:15:00:f6:db:88:96:68:71:b7:4d:e9:fb: 28:54:b1:2e:47:b5:f3:0f:e9:e5:49:cf:fe:15:52:23: bb:a1:a1:74:50:55:d6:18:13:3b:df:f0:ed:23:3e:52: e1:f5:50:24:8d:12:a2:94:ea:08:f5:e5:16:e1:96:f0: b3:f4:15:88:c3:78:41:8d:06:c1:59:9b:4f:0f:81:22: 48:5d:ff:10:3d:8a:05:3f:a8:87:64:66:b7:bc:b4:0b: 86:d5:46:2b:49:87:d1:50:99:da:45:db:fc:a8:54:af: fe:dc:9c:ba:96:87:6b:d4:b4:60:59:c4:77:5e:46:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:f3:90:6a:d2:3d:ee:dc:2e:8f:57:0a:e6:9b:f7:1a: d4:9d:89:32:c6:be:a3:ea:ad:82:41:59:bd:c7:2c:7a: da:59:f7:7c:fb:89:d1:9e:3e:1e:61:e5:b2:75:c3:5f: 90:67:6e:ce:4e:12:1b:28:b6:54:fb:01:a4:6a:80:c1: 19:56:5a:91:5c:7a:5c:6f:1e:8e:3d:b4:c4:00:8d:2e: 84:c4:0c:63:0c:fc:0c:1b:83:75:b4:db:fd:c0:cf:f6: 07:ca:fd:25:07:33:bc:87:74:21:32:c4:99:58:67:85: 62:48:7a:97:05:32:ee:46:98:a2:25:ef:2b:02:68:d5 Fingerprint (SHA-256): AC:CF:15:32:1D:28:CC:28:8D:7E:B4:73:81:23:0D:9C:95:13:59:AC:58:59:13:1B:1A:16:56:36:37:38:D6:E2 Fingerprint (SHA1): 7E:8A:68:18:5C:B6:EC:F9:F1:E5:30:05:96:AD:CA:64:55:7D:17:A0 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4083: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4084: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164504 (0x1ee29018) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:57:12 2015 Not After : Mon May 18 20:57:12 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:fa:91:fd:03:c9:85:78:08:b8:ea:fe:49:3c:90:25: a2:b4:6f:6d:6a:41:63:fd:c1:54:83:90:2a:86:f0:9b: ba:7f:95:e3:7e:06:34:8d:58:e5:0f:9a:90:cd:7c:0c: 2a:ac:51:0f:90:12:64:e3:11:06:64:44:a5:bd:0c:da: b7:d4:9f:7e:92:5d:75:a2:3e:2c:82:a2:12:03:0c:d2: 6b:59:40:73:19:7f:06:f6:1b:98:50:28:d7:d7:86:dc: 14:92:19:0c:89:42:56:96:7d:77:fb:da:49:24:34:38: b1:8f:d3:d1:61:ca:79:d7:e5:a6:39:3d:ad:ee:e5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:39:5d:5a:f0:1c:21:ee:4f:fb:55:5f:d6:04:6a:92: 66:2b:90:fa:2e:6c:2a:13:ac:2f:9f:1d:66:6e:6b:65: 06:69:12:b1:b6:7c:da:05:ae:bf:16:f8:9c:10:42:b7: dc:ed:dd:d4:8a:fa:40:59:04:8d:a4:9b:36:ae:c6:06: 32:81:03:d3:4f:ea:27:91:ba:db:7c:65:41:5d:d3:7c: de:7d:ce:d9:cc:dd:0c:10:be:4c:56:87:3a:0e:56:56: a3:22:0c:71:da:ae:1e:8e:7b:e4:c6:bb:3c:21:aa:1c: 05:95:3f:c5:01:1c:07:f0:cc:66:88:e7:6c:ac:c2:ef Fingerprint (SHA-256): FD:94:F9:60:7A:CC:5D:82:63:1B:3F:18:14:08:EE:54:1D:77:01:C3:24:EB:CA:A8:80:4C:C9:DC:B8:E6:C5:24 Fingerprint (SHA1): ED:9C:F6:F6:D5:AA:20:6C:EC:70:51:7B:5A:E6:52:61:1C:F3:F3:1A Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4085: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4086: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4087: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4088: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4089: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164502 (0x1ee29016) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:05 2015 Not After : Mon May 18 20:57:05 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:9a:e6:e7:c2:6b:c6:57:8a:a0:bf:73:94:3a:ca:a9: a0:f6:b6:87:96:32:79:9a:87:dd:38:37:b9:ee:63:5f: 01:e9:8e:07:1e:6a:80:05:ff:2b:22:bd:12:c5:a2:43: 01:eb:66:36:73:d0:0b:03:47:73:a7:d4:5f:3b:5a:59: fb:f3:65:3d:71:b7:b7:3c:68:ed:46:87:3d:ef:0c:f0: a7:79:c6:13:63:a4:f7:c4:12:1d:db:da:e7:f4:e6:16: 15:66:90:da:23:09:34:f3:d1:0f:99:07:93:c4:2d:92: 29:81:76:86:da:a6:e0:68:6b:13:6a:b6:b6:20:36:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:91:ec:27:2d:76:42:30:40:7f:33:5b:2e:b0:94:57: 56:0e:51:58:a5:4c:55:b6:af:7f:f6:a9:61:61:42:82: d9:78:02:76:75:1d:c5:0a:71:29:41:55:1a:49:07:c6: 29:0d:16:c2:ae:fd:2f:50:00:1b:a2:99:a0:1a:a2:bd: 06:27:44:c8:6f:37:7b:42:e4:1c:57:02:d1:e8:16:0d: e1:19:6b:7d:dd:ff:04:b5:80:25:56:8d:fd:2b:1d:5a: 76:72:f6:86:78:56:87:d2:c2:16:87:19:a7:81:82:ff: a3:81:17:42:00:59:3f:f8:6b:1e:b7:f2:4a:b6:c5:e2 Fingerprint (SHA-256): A8:7F:FF:18:DE:A0:83:72:D8:B1:9F:A6:43:24:83:28:A9:AF:E1:67:6F:50:B5:92:18:84:9D:3A:F9:32:9C:3B Fingerprint (SHA1): 45:9C:D3:00:29:BE:BC:74:29:50:48:AF:9E:14:18:9F:19:39:F1:85 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4090: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4091: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164503 (0x1ee29017) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:08 2015 Not After : Mon May 18 20:57:08 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:19:90:cb:15:00:f6:db:88:96:68:71:b7:4d:e9:fb: 28:54:b1:2e:47:b5:f3:0f:e9:e5:49:cf:fe:15:52:23: bb:a1:a1:74:50:55:d6:18:13:3b:df:f0:ed:23:3e:52: e1:f5:50:24:8d:12:a2:94:ea:08:f5:e5:16:e1:96:f0: b3:f4:15:88:c3:78:41:8d:06:c1:59:9b:4f:0f:81:22: 48:5d:ff:10:3d:8a:05:3f:a8:87:64:66:b7:bc:b4:0b: 86:d5:46:2b:49:87:d1:50:99:da:45:db:fc:a8:54:af: fe:dc:9c:ba:96:87:6b:d4:b4:60:59:c4:77:5e:46:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:f3:90:6a:d2:3d:ee:dc:2e:8f:57:0a:e6:9b:f7:1a: d4:9d:89:32:c6:be:a3:ea:ad:82:41:59:bd:c7:2c:7a: da:59:f7:7c:fb:89:d1:9e:3e:1e:61:e5:b2:75:c3:5f: 90:67:6e:ce:4e:12:1b:28:b6:54:fb:01:a4:6a:80:c1: 19:56:5a:91:5c:7a:5c:6f:1e:8e:3d:b4:c4:00:8d:2e: 84:c4:0c:63:0c:fc:0c:1b:83:75:b4:db:fd:c0:cf:f6: 07:ca:fd:25:07:33:bc:87:74:21:32:c4:99:58:67:85: 62:48:7a:97:05:32:ee:46:98:a2:25:ef:2b:02:68:d5 Fingerprint (SHA-256): AC:CF:15:32:1D:28:CC:28:8D:7E:B4:73:81:23:0D:9C:95:13:59:AC:58:59:13:1B:1A:16:56:36:37:38:D6:E2 Fingerprint (SHA1): 7E:8A:68:18:5C:B6:EC:F9:F1:E5:30:05:96:AD:CA:64:55:7D:17:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4092: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4093: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164504 (0x1ee29018) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:57:12 2015 Not After : Mon May 18 20:57:12 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:fa:91:fd:03:c9:85:78:08:b8:ea:fe:49:3c:90:25: a2:b4:6f:6d:6a:41:63:fd:c1:54:83:90:2a:86:f0:9b: ba:7f:95:e3:7e:06:34:8d:58:e5:0f:9a:90:cd:7c:0c: 2a:ac:51:0f:90:12:64:e3:11:06:64:44:a5:bd:0c:da: b7:d4:9f:7e:92:5d:75:a2:3e:2c:82:a2:12:03:0c:d2: 6b:59:40:73:19:7f:06:f6:1b:98:50:28:d7:d7:86:dc: 14:92:19:0c:89:42:56:96:7d:77:fb:da:49:24:34:38: b1:8f:d3:d1:61:ca:79:d7:e5:a6:39:3d:ad:ee:e5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:39:5d:5a:f0:1c:21:ee:4f:fb:55:5f:d6:04:6a:92: 66:2b:90:fa:2e:6c:2a:13:ac:2f:9f:1d:66:6e:6b:65: 06:69:12:b1:b6:7c:da:05:ae:bf:16:f8:9c:10:42:b7: dc:ed:dd:d4:8a:fa:40:59:04:8d:a4:9b:36:ae:c6:06: 32:81:03:d3:4f:ea:27:91:ba:db:7c:65:41:5d:d3:7c: de:7d:ce:d9:cc:dd:0c:10:be:4c:56:87:3a:0e:56:56: a3:22:0c:71:da:ae:1e:8e:7b:e4:c6:bb:3c:21:aa:1c: 05:95:3f:c5:01:1c:07:f0:cc:66:88:e7:6c:ac:c2:ef Fingerprint (SHA-256): FD:94:F9:60:7A:CC:5D:82:63:1B:3F:18:14:08:EE:54:1D:77:01:C3:24:EB:CA:A8:80:4C:C9:DC:B8:E6:C5:24 Fingerprint (SHA1): ED:9C:F6:F6:D5:AA:20:6C:EC:70:51:7B:5A:E6:52:61:1C:F3:F3:1A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4094: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4095: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164502 (0x1ee29016) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:05 2015 Not After : Mon May 18 20:57:05 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:9a:e6:e7:c2:6b:c6:57:8a:a0:bf:73:94:3a:ca:a9: a0:f6:b6:87:96:32:79:9a:87:dd:38:37:b9:ee:63:5f: 01:e9:8e:07:1e:6a:80:05:ff:2b:22:bd:12:c5:a2:43: 01:eb:66:36:73:d0:0b:03:47:73:a7:d4:5f:3b:5a:59: fb:f3:65:3d:71:b7:b7:3c:68:ed:46:87:3d:ef:0c:f0: a7:79:c6:13:63:a4:f7:c4:12:1d:db:da:e7:f4:e6:16: 15:66:90:da:23:09:34:f3:d1:0f:99:07:93:c4:2d:92: 29:81:76:86:da:a6:e0:68:6b:13:6a:b6:b6:20:36:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:91:ec:27:2d:76:42:30:40:7f:33:5b:2e:b0:94:57: 56:0e:51:58:a5:4c:55:b6:af:7f:f6:a9:61:61:42:82: d9:78:02:76:75:1d:c5:0a:71:29:41:55:1a:49:07:c6: 29:0d:16:c2:ae:fd:2f:50:00:1b:a2:99:a0:1a:a2:bd: 06:27:44:c8:6f:37:7b:42:e4:1c:57:02:d1:e8:16:0d: e1:19:6b:7d:dd:ff:04:b5:80:25:56:8d:fd:2b:1d:5a: 76:72:f6:86:78:56:87:d2:c2:16:87:19:a7:81:82:ff: a3:81:17:42:00:59:3f:f8:6b:1e:b7:f2:4a:b6:c5:e2 Fingerprint (SHA-256): A8:7F:FF:18:DE:A0:83:72:D8:B1:9F:A6:43:24:83:28:A9:AF:E1:67:6F:50:B5:92:18:84:9D:3A:F9:32:9C:3B Fingerprint (SHA1): 45:9C:D3:00:29:BE:BC:74:29:50:48:AF:9E:14:18:9F:19:39:F1:85 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4096: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164502 (0x1ee29016) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:05 2015 Not After : Mon May 18 20:57:05 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dc:9a:e6:e7:c2:6b:c6:57:8a:a0:bf:73:94:3a:ca:a9: a0:f6:b6:87:96:32:79:9a:87:dd:38:37:b9:ee:63:5f: 01:e9:8e:07:1e:6a:80:05:ff:2b:22:bd:12:c5:a2:43: 01:eb:66:36:73:d0:0b:03:47:73:a7:d4:5f:3b:5a:59: fb:f3:65:3d:71:b7:b7:3c:68:ed:46:87:3d:ef:0c:f0: a7:79:c6:13:63:a4:f7:c4:12:1d:db:da:e7:f4:e6:16: 15:66:90:da:23:09:34:f3:d1:0f:99:07:93:c4:2d:92: 29:81:76:86:da:a6:e0:68:6b:13:6a:b6:b6:20:36:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:91:ec:27:2d:76:42:30:40:7f:33:5b:2e:b0:94:57: 56:0e:51:58:a5:4c:55:b6:af:7f:f6:a9:61:61:42:82: d9:78:02:76:75:1d:c5:0a:71:29:41:55:1a:49:07:c6: 29:0d:16:c2:ae:fd:2f:50:00:1b:a2:99:a0:1a:a2:bd: 06:27:44:c8:6f:37:7b:42:e4:1c:57:02:d1:e8:16:0d: e1:19:6b:7d:dd:ff:04:b5:80:25:56:8d:fd:2b:1d:5a: 76:72:f6:86:78:56:87:d2:c2:16:87:19:a7:81:82:ff: a3:81:17:42:00:59:3f:f8:6b:1e:b7:f2:4a:b6:c5:e2 Fingerprint (SHA-256): A8:7F:FF:18:DE:A0:83:72:D8:B1:9F:A6:43:24:83:28:A9:AF:E1:67:6F:50:B5:92:18:84:9D:3A:F9:32:9C:3B Fingerprint (SHA1): 45:9C:D3:00:29:BE:BC:74:29:50:48:AF:9E:14:18:9F:19:39:F1:85 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4097: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164503 (0x1ee29017) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:08 2015 Not After : Mon May 18 20:57:08 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:19:90:cb:15:00:f6:db:88:96:68:71:b7:4d:e9:fb: 28:54:b1:2e:47:b5:f3:0f:e9:e5:49:cf:fe:15:52:23: bb:a1:a1:74:50:55:d6:18:13:3b:df:f0:ed:23:3e:52: e1:f5:50:24:8d:12:a2:94:ea:08:f5:e5:16:e1:96:f0: b3:f4:15:88:c3:78:41:8d:06:c1:59:9b:4f:0f:81:22: 48:5d:ff:10:3d:8a:05:3f:a8:87:64:66:b7:bc:b4:0b: 86:d5:46:2b:49:87:d1:50:99:da:45:db:fc:a8:54:af: fe:dc:9c:ba:96:87:6b:d4:b4:60:59:c4:77:5e:46:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:f3:90:6a:d2:3d:ee:dc:2e:8f:57:0a:e6:9b:f7:1a: d4:9d:89:32:c6:be:a3:ea:ad:82:41:59:bd:c7:2c:7a: da:59:f7:7c:fb:89:d1:9e:3e:1e:61:e5:b2:75:c3:5f: 90:67:6e:ce:4e:12:1b:28:b6:54:fb:01:a4:6a:80:c1: 19:56:5a:91:5c:7a:5c:6f:1e:8e:3d:b4:c4:00:8d:2e: 84:c4:0c:63:0c:fc:0c:1b:83:75:b4:db:fd:c0:cf:f6: 07:ca:fd:25:07:33:bc:87:74:21:32:c4:99:58:67:85: 62:48:7a:97:05:32:ee:46:98:a2:25:ef:2b:02:68:d5 Fingerprint (SHA-256): AC:CF:15:32:1D:28:CC:28:8D:7E:B4:73:81:23:0D:9C:95:13:59:AC:58:59:13:1B:1A:16:56:36:37:38:D6:E2 Fingerprint (SHA1): 7E:8A:68:18:5C:B6:EC:F9:F1:E5:30:05:96:AD:CA:64:55:7D:17:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4098: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164503 (0x1ee29017) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 20:57:08 2015 Not After : Mon May 18 20:57:08 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:19:90:cb:15:00:f6:db:88:96:68:71:b7:4d:e9:fb: 28:54:b1:2e:47:b5:f3:0f:e9:e5:49:cf:fe:15:52:23: bb:a1:a1:74:50:55:d6:18:13:3b:df:f0:ed:23:3e:52: e1:f5:50:24:8d:12:a2:94:ea:08:f5:e5:16:e1:96:f0: b3:f4:15:88:c3:78:41:8d:06:c1:59:9b:4f:0f:81:22: 48:5d:ff:10:3d:8a:05:3f:a8:87:64:66:b7:bc:b4:0b: 86:d5:46:2b:49:87:d1:50:99:da:45:db:fc:a8:54:af: fe:dc:9c:ba:96:87:6b:d4:b4:60:59:c4:77:5e:46:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:f3:90:6a:d2:3d:ee:dc:2e:8f:57:0a:e6:9b:f7:1a: d4:9d:89:32:c6:be:a3:ea:ad:82:41:59:bd:c7:2c:7a: da:59:f7:7c:fb:89:d1:9e:3e:1e:61:e5:b2:75:c3:5f: 90:67:6e:ce:4e:12:1b:28:b6:54:fb:01:a4:6a:80:c1: 19:56:5a:91:5c:7a:5c:6f:1e:8e:3d:b4:c4:00:8d:2e: 84:c4:0c:63:0c:fc:0c:1b:83:75:b4:db:fd:c0:cf:f6: 07:ca:fd:25:07:33:bc:87:74:21:32:c4:99:58:67:85: 62:48:7a:97:05:32:ee:46:98:a2:25:ef:2b:02:68:d5 Fingerprint (SHA-256): AC:CF:15:32:1D:28:CC:28:8D:7E:B4:73:81:23:0D:9C:95:13:59:AC:58:59:13:1B:1A:16:56:36:37:38:D6:E2 Fingerprint (SHA1): 7E:8A:68:18:5C:B6:EC:F9:F1:E5:30:05:96:AD:CA:64:55:7D:17:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4099: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164504 (0x1ee29018) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:57:12 2015 Not After : Mon May 18 20:57:12 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:fa:91:fd:03:c9:85:78:08:b8:ea:fe:49:3c:90:25: a2:b4:6f:6d:6a:41:63:fd:c1:54:83:90:2a:86:f0:9b: ba:7f:95:e3:7e:06:34:8d:58:e5:0f:9a:90:cd:7c:0c: 2a:ac:51:0f:90:12:64:e3:11:06:64:44:a5:bd:0c:da: b7:d4:9f:7e:92:5d:75:a2:3e:2c:82:a2:12:03:0c:d2: 6b:59:40:73:19:7f:06:f6:1b:98:50:28:d7:d7:86:dc: 14:92:19:0c:89:42:56:96:7d:77:fb:da:49:24:34:38: b1:8f:d3:d1:61:ca:79:d7:e5:a6:39:3d:ad:ee:e5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:39:5d:5a:f0:1c:21:ee:4f:fb:55:5f:d6:04:6a:92: 66:2b:90:fa:2e:6c:2a:13:ac:2f:9f:1d:66:6e:6b:65: 06:69:12:b1:b6:7c:da:05:ae:bf:16:f8:9c:10:42:b7: dc:ed:dd:d4:8a:fa:40:59:04:8d:a4:9b:36:ae:c6:06: 32:81:03:d3:4f:ea:27:91:ba:db:7c:65:41:5d:d3:7c: de:7d:ce:d9:cc:dd:0c:10:be:4c:56:87:3a:0e:56:56: a3:22:0c:71:da:ae:1e:8e:7b:e4:c6:bb:3c:21:aa:1c: 05:95:3f:c5:01:1c:07:f0:cc:66:88:e7:6c:ac:c2:ef Fingerprint (SHA-256): FD:94:F9:60:7A:CC:5D:82:63:1B:3F:18:14:08:EE:54:1D:77:01:C3:24:EB:CA:A8:80:4C:C9:DC:B8:E6:C5:24 Fingerprint (SHA1): ED:9C:F6:F6:D5:AA:20:6C:EC:70:51:7B:5A:E6:52:61:1C:F3:F3:1A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4100: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164504 (0x1ee29018) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 20:57:12 2015 Not After : Mon May 18 20:57:12 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:fa:91:fd:03:c9:85:78:08:b8:ea:fe:49:3c:90:25: a2:b4:6f:6d:6a:41:63:fd:c1:54:83:90:2a:86:f0:9b: ba:7f:95:e3:7e:06:34:8d:58:e5:0f:9a:90:cd:7c:0c: 2a:ac:51:0f:90:12:64:e3:11:06:64:44:a5:bd:0c:da: b7:d4:9f:7e:92:5d:75:a2:3e:2c:82:a2:12:03:0c:d2: 6b:59:40:73:19:7f:06:f6:1b:98:50:28:d7:d7:86:dc: 14:92:19:0c:89:42:56:96:7d:77:fb:da:49:24:34:38: b1:8f:d3:d1:61:ca:79:d7:e5:a6:39:3d:ad:ee:e5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 85:39:5d:5a:f0:1c:21:ee:4f:fb:55:5f:d6:04:6a:92: 66:2b:90:fa:2e:6c:2a:13:ac:2f:9f:1d:66:6e:6b:65: 06:69:12:b1:b6:7c:da:05:ae:bf:16:f8:9c:10:42:b7: dc:ed:dd:d4:8a:fa:40:59:04:8d:a4:9b:36:ae:c6:06: 32:81:03:d3:4f:ea:27:91:ba:db:7c:65:41:5d:d3:7c: de:7d:ce:d9:cc:dd:0c:10:be:4c:56:87:3a:0e:56:56: a3:22:0c:71:da:ae:1e:8e:7b:e4:c6:bb:3c:21:aa:1c: 05:95:3f:c5:01:1c:07:f0:cc:66:88:e7:6c:ac:c2:ef Fingerprint (SHA-256): FD:94:F9:60:7A:CC:5D:82:63:1B:3F:18:14:08:EE:54:1D:77:01:C3:24:EB:CA:A8:80:4C:C9:DC:B8:E6:C5:24 Fingerprint (SHA1): ED:9C:F6:F6:D5:AA:20:6C:EC:70:51:7B:5A:E6:52:61:1C:F3:F3:1A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4101: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4102: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164507 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4103: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4104: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4105: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4106: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518164508 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4107: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4108: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4109: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4110: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518164509 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4111: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4112: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4113: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4114: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518164510 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4115: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4116: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4117: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4118: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518164511 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4119: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4120: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4121: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4122: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518164512 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4123: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4124: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #4125: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4126: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518164513 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4127: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4128: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4129: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #4130: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #4131: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4132: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #4133: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164507 (0x1ee2901b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:57:35 2015 Not After : Mon May 18 20:57:35 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:38:53:c7:83:bf:df:7f:ff:66:ec:2c:d8:6d:49:14: 22:9a:d5:3f:d6:b2:0d:a6:75:f9:ba:ee:ff:ec:5a:54: ff:92:3f:fc:1e:a1:62:70:f1:64:24:b5:c0:7e:69:35: 58:61:a7:3f:cb:08:db:db:06:e8:00:d8:be:13:9b:d7: f2:37:e2:d6:f4:2b:37:47:e8:e6:0b:5e:01:1b:32:d3: c9:56:0f:2a:e3:1f:8b:89:19:fa:40:c4:b8:90:40:4e: 25:37:a7:f7:19:b9:00:aa:f5:e8:fd:8e:4b:f5:de:bf: 52:97:22:83:d9:c5:5f:44:f4:ef:1d:27:72:04:f6:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:92:bc:8a:3f:34:58:d8:05:25:a5:18:4e:33:39:6d: f4:f9:63:67:e8:8f:c6:87:2f:89:df:19:f6:ba:a7:52: 09:a5:0d:7e:d8:bc:1b:c9:34:15:e9:37:83:1b:ad:bf: 0e:a0:4d:23:5c:d3:1d:11:64:a6:bc:23:64:44:c5:ff: 41:21:65:27:e2:21:fc:c8:44:e7:1c:50:00:c4:ed:87: 07:09:6c:2e:6c:ee:c5:6a:3c:21:94:de:1c:f2:02:ec: f1:6f:33:d0:56:07:2e:82:e5:b3:6a:d6:17:42:e6:d3: e7:f9:99:65:a5:b7:90:1f:03:e4:fb:c5:aa:01:99:13 Fingerprint (SHA-256): 92:4F:6F:C5:9F:00:8B:28:8E:D4:DE:87:FF:15:F0:D4:51:AD:35:D2:6E:97:81:2B:01:23:52:F0:7D:44:04:31 Fingerprint (SHA1): 14:98:44:BD:5A:B1:E1:9C:CD:B6:44:E9:FB:06:22:D3:8A:AE:6E:03 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4134: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4135: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4136: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4137: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164507 (0x1ee2901b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:57:35 2015 Not After : Mon May 18 20:57:35 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:38:53:c7:83:bf:df:7f:ff:66:ec:2c:d8:6d:49:14: 22:9a:d5:3f:d6:b2:0d:a6:75:f9:ba:ee:ff:ec:5a:54: ff:92:3f:fc:1e:a1:62:70:f1:64:24:b5:c0:7e:69:35: 58:61:a7:3f:cb:08:db:db:06:e8:00:d8:be:13:9b:d7: f2:37:e2:d6:f4:2b:37:47:e8:e6:0b:5e:01:1b:32:d3: c9:56:0f:2a:e3:1f:8b:89:19:fa:40:c4:b8:90:40:4e: 25:37:a7:f7:19:b9:00:aa:f5:e8:fd:8e:4b:f5:de:bf: 52:97:22:83:d9:c5:5f:44:f4:ef:1d:27:72:04:f6:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:92:bc:8a:3f:34:58:d8:05:25:a5:18:4e:33:39:6d: f4:f9:63:67:e8:8f:c6:87:2f:89:df:19:f6:ba:a7:52: 09:a5:0d:7e:d8:bc:1b:c9:34:15:e9:37:83:1b:ad:bf: 0e:a0:4d:23:5c:d3:1d:11:64:a6:bc:23:64:44:c5:ff: 41:21:65:27:e2:21:fc:c8:44:e7:1c:50:00:c4:ed:87: 07:09:6c:2e:6c:ee:c5:6a:3c:21:94:de:1c:f2:02:ec: f1:6f:33:d0:56:07:2e:82:e5:b3:6a:d6:17:42:e6:d3: e7:f9:99:65:a5:b7:90:1f:03:e4:fb:c5:aa:01:99:13 Fingerprint (SHA-256): 92:4F:6F:C5:9F:00:8B:28:8E:D4:DE:87:FF:15:F0:D4:51:AD:35:D2:6E:97:81:2B:01:23:52:F0:7D:44:04:31 Fingerprint (SHA1): 14:98:44:BD:5A:B1:E1:9C:CD:B6:44:E9:FB:06:22:D3:8A:AE:6E:03 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4138: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4139: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4140: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518164514 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4141: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4142: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4143: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4144: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518164515 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4145: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4146: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #4147: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4148: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518164516 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4149: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4150: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #4151: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4152: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518164517 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4153: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4154: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4155: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4156: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518164518 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4157: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4158: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #4159: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4160: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518164519 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4161: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4162: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #4163: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4164: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518164520 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4165: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4166: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4167: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4168: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518164521 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4169: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4170: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #4171: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4172: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518164522 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4173: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4174: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #4175: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4176: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518164523 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4177: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4178: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #4179: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4180: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518164524 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4181: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4182: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #4183: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4184: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518164525 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4185: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4186: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #4187: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4188: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518164526 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4189: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4190: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #4191: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4192: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518164527 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4193: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4194: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #4195: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4196: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518164528 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4197: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4198: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #4199: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4200: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518164529 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4201: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4202: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #4203: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4204: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518164530 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4205: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4206: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #4207: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4208: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518164531 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4209: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4210: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #4211: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4212: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518164532 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4213: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4214: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #4215: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4216: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518164533 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4217: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4218: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #4219: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4220: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518164534 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4221: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4222: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #4223: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4224: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518164535 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4225: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4226: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #4227: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4228: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518164536 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4229: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4230: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #4231: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4232: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518164537 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4233: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4234: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #4235: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4236: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518164538 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4237: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4238: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #4239: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4240: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518164539 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4241: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4242: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #4243: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4244: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518164540 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4245: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4246: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #4247: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4248: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518164541 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4249: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4250: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #4251: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4252: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518164542 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4253: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4254: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #4255: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4256: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518164543 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4257: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4258: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4259: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164514 (0x1ee29022) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:58:06 2015 Not After : Mon May 18 20:58:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:e4:ca:41:7c:3a:d0:59:56:af:7e:7b:89:6f:aa:b2: 7b:42:f3:46:36:75:2b:64:ae:a2:0c:08:55:53:25:ce: 6b:9a:d6:42:47:1a:13:2b:a0:bc:af:b3:b2:78:9f:7c: 3b:15:bd:6e:2e:4c:4c:bf:53:d6:64:28:82:11:95:5f: 6a:80:8c:dc:05:7e:4a:e4:25:f2:6b:46:5f:f9:41:44: 97:fc:72:d4:89:13:0f:61:bf:f8:0b:9a:0b:6b:36:86: 90:dc:2b:35:fc:5c:a7:40:c9:61:91:f3:32:c6:a3:1d: 6b:01:fd:f3:78:f4:7a:84:4e:34:a8:0c:0e:6b:ce:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1e:8c:4a:e3:53:0f:24:18:c4:51:05:cf:7f:9e:31:d7: b7:04:35:ae:7c:7c:a0:72:87:71:ce:e7:7c:8a:f5:13: ad:76:2b:c2:ae:86:fe:d8:5b:04:91:2a:67:e1:b3:15: 77:47:a4:93:23:7d:d4:5e:cd:d6:b9:e1:1f:5c:c8:17: c0:54:d1:7f:ec:ae:b3:df:de:95:76:38:1c:2a:26:94: 2c:28:b9:2e:21:41:23:34:9a:11:50:42:fd:57:02:4e: 75:46:65:30:58:d3:02:30:2a:be:5b:46:5c:a8:4e:dd: 92:7f:3f:b9:86:3f:e8:47:d6:9d:b6:7c:6e:61:63:0f Fingerprint (SHA-256): 43:23:1A:37:91:84:D0:51:DF:9F:27:79:03:A8:AB:FF:10:55:4F:1A:96:C5:D2:1A:B5:3A:4F:F2:1D:99:DA:36 Fingerprint (SHA1): 74:52:9C:BF:BC:50:93:AB:8B:18:5E:8D:2D:79:A1:1C:48:13:98:53 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4260: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4261: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164514 (0x1ee29022) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:58:06 2015 Not After : Mon May 18 20:58:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:e4:ca:41:7c:3a:d0:59:56:af:7e:7b:89:6f:aa:b2: 7b:42:f3:46:36:75:2b:64:ae:a2:0c:08:55:53:25:ce: 6b:9a:d6:42:47:1a:13:2b:a0:bc:af:b3:b2:78:9f:7c: 3b:15:bd:6e:2e:4c:4c:bf:53:d6:64:28:82:11:95:5f: 6a:80:8c:dc:05:7e:4a:e4:25:f2:6b:46:5f:f9:41:44: 97:fc:72:d4:89:13:0f:61:bf:f8:0b:9a:0b:6b:36:86: 90:dc:2b:35:fc:5c:a7:40:c9:61:91:f3:32:c6:a3:1d: 6b:01:fd:f3:78:f4:7a:84:4e:34:a8:0c:0e:6b:ce:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1e:8c:4a:e3:53:0f:24:18:c4:51:05:cf:7f:9e:31:d7: b7:04:35:ae:7c:7c:a0:72:87:71:ce:e7:7c:8a:f5:13: ad:76:2b:c2:ae:86:fe:d8:5b:04:91:2a:67:e1:b3:15: 77:47:a4:93:23:7d:d4:5e:cd:d6:b9:e1:1f:5c:c8:17: c0:54:d1:7f:ec:ae:b3:df:de:95:76:38:1c:2a:26:94: 2c:28:b9:2e:21:41:23:34:9a:11:50:42:fd:57:02:4e: 75:46:65:30:58:d3:02:30:2a:be:5b:46:5c:a8:4e:dd: 92:7f:3f:b9:86:3f:e8:47:d6:9d:b6:7c:6e:61:63:0f Fingerprint (SHA-256): 43:23:1A:37:91:84:D0:51:DF:9F:27:79:03:A8:AB:FF:10:55:4F:1A:96:C5:D2:1A:B5:3A:4F:F2:1D:99:DA:36 Fingerprint (SHA1): 74:52:9C:BF:BC:50:93:AB:8B:18:5E:8D:2D:79:A1:1C:48:13:98:53 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4262: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4263: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4264: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4265: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518164514 (0x1ee29022) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 20:58:06 2015 Not After : Mon May 18 20:58:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f1:e4:ca:41:7c:3a:d0:59:56:af:7e:7b:89:6f:aa:b2: 7b:42:f3:46:36:75:2b:64:ae:a2:0c:08:55:53:25:ce: 6b:9a:d6:42:47:1a:13:2b:a0:bc:af:b3:b2:78:9f:7c: 3b:15:bd:6e:2e:4c:4c:bf:53:d6:64:28:82:11:95:5f: 6a:80:8c:dc:05:7e:4a:e4:25:f2:6b:46:5f:f9:41:44: 97:fc:72:d4:89:13:0f:61:bf:f8:0b:9a:0b:6b:36:86: 90:dc:2b:35:fc:5c:a7:40:c9:61:91:f3:32:c6:a3:1d: 6b:01:fd:f3:78:f4:7a:84:4e:34:a8:0c:0e:6b:ce:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1e:8c:4a:e3:53:0f:24:18:c4:51:05:cf:7f:9e:31:d7: b7:04:35:ae:7c:7c:a0:72:87:71:ce:e7:7c:8a:f5:13: ad:76:2b:c2:ae:86:fe:d8:5b:04:91:2a:67:e1:b3:15: 77:47:a4:93:23:7d:d4:5e:cd:d6:b9:e1:1f:5c:c8:17: c0:54:d1:7f:ec:ae:b3:df:de:95:76:38:1c:2a:26:94: 2c:28:b9:2e:21:41:23:34:9a:11:50:42:fd:57:02:4e: 75:46:65:30:58:d3:02:30:2a:be:5b:46:5c:a8:4e:dd: 92:7f:3f:b9:86:3f:e8:47:d6:9d:b6:7c:6e:61:63:0f Fingerprint (SHA-256): 43:23:1A:37:91:84:D0:51:DF:9F:27:79:03:A8:AB:FF:10:55:4F:1A:96:C5:D2:1A:B5:3A:4F:F2:1D:99:DA:36 Fingerprint (SHA1): 74:52:9C:BF:BC:50:93:AB:8B:18:5E:8D:2D:79:A1:1C:48:13:98:53 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4266: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4267: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4268: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4269: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Child return code was: -15 EXCEPTION: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py", line 70, in trace result = func(*args, **kw) File "/usr/lib/python2.7/site-packages/mockbuild/util.py", line 378, in do raise mockbuild.exception.Error, ("Command failed. See logs for output.\n # %s" % (command,), child.returncode) Error: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] LEAVE do --> EXCEPTION RAISED Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> ENTER do(['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} warning: bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Building target platforms: armv7hl Building for target armv7hl Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.RWNVBp + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf nss-3.16.2.3 + /usr/bin/gzip -dc /builddir/build/SOURCES/nss-3.16.2.3.tar.gz + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd nss-3.16.2.3 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/cp /builddir/build/SOURCES/PayPalEE.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestCA.ca.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser50.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser51.cert -f ./nss/tests/libpkix/certs + cd /builddir/build/BUILD + cd nss-3.16.2.3 + /usr/bin/bzip2 -dc /builddir/build/SOURCES/nss-pem-20140125.tar.bz2 + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . Patch #2 (add-relro-linker-option.patch): + echo 'Patch #2 (add-relro-linker-option.patch):' + /usr/bin/cat /builddir/build/SOURCES/add-relro-linker-option.patch + /usr/bin/patch -p0 -b --suffix .relro --fuzz=0 patching file nss/coreconf/Linux.mk Hunk #1 succeeded at 176 (offset 2 lines). Patch #3 (renegotiate-transitional.patch): + echo 'Patch #3 (renegotiate-transitional.patch):' + /usr/bin/cat /builddir/build/SOURCES/renegotiate-transitional.patch + /usr/bin/patch -p0 -b --suffix .transitional --fuzz=0 patching file nss/lib/ssl/sslsock.c Hunk #1 succeeded at 74 (offset -75 lines). Patch #6 (nss-enable-pem.patch): + echo 'Patch #6 (nss-enable-pem.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-enable-pem.patch + /usr/bin/patch -p0 -b --suffix .libpem --fuzz=0 patching file nss/lib/ckfw/manifest.mn Patch #16 (nss-539183.patch): + echo 'Patch #16 (nss-539183.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-539183.patch + /usr/bin/patch -p0 -b --suffix .539183 --fuzz=0 patching file nss/cmd/httpserv/httpserv.c Hunk #1 succeeded at 938 (offset 277 lines). patching file nss/cmd/selfserv/selfserv.c Patch #18 (nss-646045.patch): + echo 'Patch #18 (nss-646045.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-646045.patch + /usr/bin/patch -p0 -b --suffix .646045 --fuzz=0 patching file nss/tests/dbtests/dbtests.sh Patch #25 (nsspem-use-system-freebl.patch): + echo 'Patch #25 (nsspem-use-system-freebl.patch):' + /usr/bin/cat /builddir/build/SOURCES/nsspem-use-system-freebl.patch + /usr/bin/patch -p0 -b --suffix .systemfreebl --fuzz=0 patching file nss/lib/ckfw/pem/config.mk patching file nss/lib/ckfw/pem/Makefile patching file nss/lib/ckfw/pem/manifest.mn Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch): + echo 'Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-3.14.0.0-disble-ocsp-test.patch + /usr/bin/patch -p0 -b --suffix .noocsptest --fuzz=0 patching file nss/tests/chains/scenarios/scenarios Hunk #1 succeeded at 59 (offset 9 lines). Patch #47 (utilwrap-include-templates.patch): + echo 'Patch #47 (utilwrap-include-templates.patch):' + /usr/bin/cat /builddir/build/SOURCES/utilwrap-include-templates.patch + /usr/bin/patch -p0 -b --suffix .templates --fuzz=0 patching file nss/lib/nss/config.mk Patch #49 (nss-skip-bltest-and-fipstest.patch): + echo 'Patch #49 (nss-skip-bltest-and-fipstest.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-skip-bltest-and-fipstest.patch + /usr/bin/patch -p0 -b --suffix .skipthem --fuzz=0 patching file nss/cmd/Makefile Patch #50 (iquote.patch): + echo 'Patch #50 (iquote.patch):' + /usr/bin/cat /builddir/build/SOURCES/iquote.patch + /usr/bin/patch -p0 -b --suffix .iquote --fuzz=0 patching file ./nss/cmd/bltest/Makefile patching file ./nss/cmd/httpserv/Makefile patching file ./nss/cmd/lib/Makefile patching file ./nss/cmd/modutil/Makefile patching file ./nss/cmd/selfserv/Makefile patching file ./nss/cmd/ssltap/Makefile patching file ./nss/cmd/strsclnt/Makefile patching file ./nss/cmd/tstclnt/Makefile patching file ./nss/cmd/vfyserv/Makefile patching file ./nss/coreconf/location.mk patching file ./nss/lib/certhigh/Makefile patching file ./nss/lib/cryptohi/Makefile patching file ./nss/lib/libpkix/pkix/checker/Makefile patching file ./nss/lib/nss/Makefile ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #52 (Bug-1001841-disable-sslv2-libssl.patch): + pushd nss + echo 'Patch #52 (Bug-1001841-disable-sslv2-libssl.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-libssl.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2libssl --fuzz=0 patching file lib/ssl/config.mk patching file lib/ssl/sslsock.c Hunk #1 succeeded at 650 (offset 1 line). Hunk #2 succeeded at 675 (offset 1 line). Patch #53 (Bug-1001841-disable-sslv2-tests.patch): + echo 'Patch #53 (Bug-1001841-disable-sslv2-tests.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-tests.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2tests --fuzz=0 patching file tests/ssl/ssl.sh patching file tests/ssl/sslcov.noSSL2orExport.txt patching file tests/ssl/sslstress.noSSL2orExport.txt ~/build/BUILD/nss-3.16.2.3 Patch #55 (enable-fips-when-system-is-in-fips-mode.patch): + popd + echo 'Patch #55 (enable-fips-when-system-is-in-fips-mode.patch):' + /usr/bin/cat /builddir/build/SOURCES/enable-fips-when-system-is-in-fips-mode.patch + /usr/bin/patch -p0 -b --suffix .852023 --fuzz=0 patching file nss/lib/pk11wrap/pk11pars.c patching file nss/lib/pk11wrap/pk11util.c patching file nss/lib/pk11wrap/secmodi.h Hunk #1 succeeded at 113 (offset -3 lines). Patch #56 (p-ignore-setpolicy.patch): + echo 'Patch #56 (p-ignore-setpolicy.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-ignore-setpolicy.patch + /usr/bin/patch -p0 -b --suffix .1026677 --fuzz=0 + echo 'Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch):' + /usr/bin/cat /builddir/build/SOURCES/dont-hold-issuer-cert-handles-in-crl-cache.patch patching file ./nss/lib/ssl/sslsock.c Hunk #1 succeeded at 1328 (offset 13 lines). Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch): patching file ./nss/lib/certdb/certi.h + /usr/bin/patch -p0 -b --suffix .1034409 --fuzz=0 patching file ./nss/lib/certdb/crl.c patching file ./nss/tests/chains/chains.sh ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch): + pushd nss + echo 'Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch):' + /usr/bin/cat /builddir/build/SOURCES/Crash-in-stan_GetCERTCertificate-rhbz1094468.patch + /usr/bin/patch -p1 -b --suffix .1094468 --fuzz=0 patching file lib/pki/pki3hack.c patching file lib/pki/tdcache.c Patch #88 (p-1083360.patch): + echo 'Patch #88 (p-1083360.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-1083360.patch + /usr/bin/patch -p1 -b --suffix .support_tls_fallback_scsv --fuzz=0 patching file cmd/ssltap/ssltap.c patching file cmd/tstclnt/tstclnt.c ~/build/BUILD/nss-3.16.2.3 Patch #89 (certutil-man-supply-missing-options.patch): + popd + echo 'Patch #89 (certutil-man-supply-missing-options.patch):' + /usr/bin/cat /builddir/build/SOURCES/certutil-man-supply-missing-options.patch + /usr/bin/patch -p0 -b --suffix .missing_options --fuzz=0 patching file ./nss/doc/certutil.xml + pushd nss ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #90 (Bug-1174527-fixsegfault.patch): + echo 'Patch #90 (Bug-1174527-fixsegfault.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1174527-fixsegfault.patch + /usr/bin/patch -p1 -b --suffix .1174527 --fuzz=0 patching file lib/pkcs12/p12local.c Patch #1001 (0001-paypal-fix.patch): + echo 'Patch #1001 (0001-paypal-fix.patch):' + /usr/bin/cat /builddir/build/SOURCES/0001-paypal-fix.patch + /usr/bin/patch -p1 -b --suffix .paypal --fuzz=0 patching file tests/chains/scenarios/realcerts.cfg ~/build/BUILD/nss-3.16.2.3 Patch #91 (nss-3.16-tcache-race.patch): + popd + echo 'Patch #91 (nss-3.16-tcache-race.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-3.16-tcache-race.patch + /usr/bin/patch -p0 -b --suffix .race --fuzz=0 patching file ./nss/lib/pki/tdcache.c + pemNeedsFromSoftoken='lowkeyi lowkeyti softoken softoknt' + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoken.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoknt.h ./nss/lib/ckfw/pem/ + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf + /usr/bin/rm -rf ./nss/lib/freebl + /usr/bin/rm -rf ./nss/lib/softoken + /usr/bin/rm -rf ./nss/lib/util + /usr/bin/rm -rf ./nss/cmd/bltest + /usr/bin/rm -rf ./nss/cmd/fipstest + /usr/bin/rm -rf ./nss/cmd/rsaperf_low Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.8oLb1G + exit 0 + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + NSS_NO_PKCS11_BYPASS=1 + export NSS_NO_PKCS11_BYPASS + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + XCFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard' + export XCFLAGS + PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 + PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + export PKG_CONFIG_ALLOW_SYSTEM_LIBS + export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS ++ /usr/bin/pkg-config --cflags-only-I nspr ++ sed s/-I// + NSPR_INCLUDE_DIR='/usr/include/nspr4 ' + NSPR_LIB_DIR=/usr/lib + export NSPR_INCLUDE_DIR + export NSPR_LIB_DIR ++ /usr/bin/pkg-config --cflags-only-I nss-util ++ sed s/-I// + export 'NSSUTIL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + NSSUTIL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export NSSUTIL_LIB_DIR=/usr/lib + NSSUTIL_LIB_DIR=/usr/lib ++ /usr/bin/pkg-config --cflags-only-I nss-softokn ++ sed s/-I// + export 'FREEBL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + FREEBL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export FREEBL_LIB_DIR=/usr/lib + FREEBL_LIB_DIR=/usr/lib + export USE_SYSTEM_FREEBL=1 + USE_SYSTEM_FREEBL=1 + export NSS_USE_SYSTEM_FREEBL=1 + NSS_USE_SYSTEM_FREEBL=1 ++ /usr/bin/pkg-config --libs nss-softokn + export 'FREEBL_LIBS=-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + FREEBL_LIBS='-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib + export USE_SYSTEM_NSSUTIL=1 + USE_SYSTEM_NSSUTIL=1 + export USE_SYSTEM_SOFTOKEN=1 + USE_SYSTEM_SOFTOKEN=1 + export NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_USE_SYSTEM_SQLITE=1 + export NSS_USE_SYSTEM_SQLITE + export IN_TREE_FREEBL_HEADERS_FIRST=1 + IN_TREE_FREEBL_HEADERS_FIRST=1 + NSS_ENABLE_ECC=1 + export NSS_ENABLE_ECC + NSS_ECC_MORE_THAN_SUITE_B=1 + export NSS_ECC_MORE_THAN_SUITE_B + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + /usr/bin/make -C ./nss/coreconf make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsinstall.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pathsub.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -Wl,-z,relro -lpthread -ldl -lc true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' + /usr/bin/make -C ./nss/lib/dbm make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' Creating ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm Creating ../../../../dist/private/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' cd include; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[1]: Nothing to be done for `libs'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard db.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_bigkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_func.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_log2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_page.c h_page.c: In function 'new_lseek': h_page.c:165:15: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); ^ h_page.c: In function 'overflow_page': h_page.c:1002:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1017:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1043:5: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash_buf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mktemp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dirent.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' + /usr/bin/make -C ./nss make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss' cd coreconf; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' Creating ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssbaset.h nssbase.h ../../../dist/public/nss Creating ../../../dist/private/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 baset.h base.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ckhelper.h devm.h devtm.h devt.h dev.h nssdevt.h nssdev.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pki.h pkit.h nsspkit.h nsspki.h pkistore.h pki3hack.h pkitm.h pkim.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd include; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cert.h certt.h certdb.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 genname.h xconst.h certxutl.h certi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocsp.h ocspt.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocspti.h ocspi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmod.h secmodt.h secpkcs5.h pk11func.h pk11pub.h pk11priv.h pk11sdr.h pk11pqg.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmodi.h dev3hack.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cryptohi.h cryptoht.h key.h keyhi.h keyt.h keythi.h sechash.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nss.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssrenam.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ssl.h sslt.h sslerr.h sslproto.h preenc.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkcs12t.h pkcs12.h p12plcy.h p12.h p12t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmime.h secpkcs7.h pkcs7t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cms.h cmst.h smime.h cmsreclist.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmf.h crmft.h cmmf.h cmmft.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmfi.h crmfit.h cmmfi.h cmmfit.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 jar.h jar-ds.h jarfile.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd builtins; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssckbi.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nsspem.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssck.api nssckepv.h nssckft.h nssckfw.h nssckfwc.h nssckfwt.h nssckg.h nssckmdt.h nssckt.h ../../../dist/public/nss cd builtins; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ck.h ckfw.h ckfwm.h ckfwtm.h ckmd.h ckt.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 basicutil.h secutil.h pk11table.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd mangle; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd coreconf; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard arena.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard errorval.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hashops.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard libc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tracker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard item.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utf8.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c list.c: In function 'nssList_Add': list.c:220:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devtoken.c devtoken.c: In function 'nssToken_TraverseCertificates': devtoken.c:1469:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckhelper.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asymmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certificate.c certificate.c: In function 'nssCertificateList_DoCallback': certificate.c:898:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cryptocontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard trustdomain.c trustdomain.c: In function 'NSSTrustDomain_TraverseCertificates': trustdomain.c:998:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status = PR_FAILURE; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tdcache.c tdcache.c: In function 'add_cert_to_cache': tdcache.c:779:9: warning: variable 'handle' set but not used [-Wunused-but-set-variable] PRBool handle = PR_FALSE; ^ tdcache.c: In function 'nssTrustDomain_RemoveCertFromCacheLOCKED': tdcache.c:272:16: warning: 'nickname' may be used uninitialized in this function [-Wmaybe-uninitialized] nssHash_Remove(cache->nickname, nickname); ^ tdcache.c:332:14: note: 'nickname' was declared here NSSUTF8 *nickname; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkistore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkibase.c pkibase.c: In function 'nssPKIObjectCollection_Traverse': pkibase.c:906:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCertificateCollection_Create': pkibase.c:1060:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCRLCollection_Create': pkibase.c:1167:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pki3hack.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcertselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcrlselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_basicconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certchainchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ekuchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_expirationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_namechainingchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_nameconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ocspchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationmethod.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policychecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_signaturechecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_targetcertchecker.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_trustanchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_procparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_resourcelimits.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_buildresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policynode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_verifynode.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_store.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_validate.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_lifecycle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_build.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_tools.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_logger.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_errpaths.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_basicconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_cert.c pkix_pl_cert.c: In function 'PKIX_PL_Cert_Create': pkix_pl_cert.c:1518:22: warning: variable 'copyDER' set but not used [-Wunused-but-set-variable] PKIX_Boolean copyDER; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicymap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyqualifier.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crl.c pkix_pl_crl.c: In function 'pkix_pl_CRL_ToString': pkix_pl_crl.c:455:58: warning: 'crlVersion' may be used uninitialized in this function [-Wmaybe-uninitialized] PKIX_CHECK(PKIX_PL_Sprintf ^ pkix_pl_crl.c:354:21: note: 'crlVersion' was declared here PKIX_UInt32 crlVersion; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crldp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crlentry.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_date.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_generalname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_infoaccess.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nameconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocsprequest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_publickey.c pkix_pl_publickey.c: In function 'pkix_pl_PublicKey_Hashcode': pkix_pl_publickey.c:214:21: warning: variable 'fullHash' set but not used [-Wunused-but-set-variable] PKIX_UInt32 fullHash; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_x500name.c pkix_pl_x500name.c:37:1: warning: 'pkix_pl_X500Name_ToString_Helper' defined but not used [-Wunused-function] pkix_pl_X500Name_ToString_Helper( ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspcertid.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bigint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bytearray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_hashtable.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_lifecycle.c pkix_pl_lifecycle.c: In function 'PKIX_PL_Shutdown': pkix_pl_lifecycle.c:248:21: warning: variable 'numLeakedObjects' set but not used [-Wunused-but-set-variable] PKIX_UInt32 numLeakedObjects = 0; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mem.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_monitorlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_oid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_primhash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_rwlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_string.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_aiamgr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_colcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpdefaultclient.c pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_KeepAliveSession': pkix_pl_httpdefaultclient.c:1135:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_Cancel': pkix_pl_httpdefaultclient.c:1487:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaptemplates.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaprequest.c pkix_pl_ldaprequest.c: In function 'pkix_pl_LdapRequest_Destroy': pkix_pl_ldaprequest.c:266:30: warning: variable 'ldapRq' set but not used [-Wunused-but-set-variable] PKIX_PL_LdapRequest *ldapRq = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapdefaultclient.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nsscontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_pk11certstore.c pkix_pl_pk11certstore.c: In function 'NameCacheHasFetchedCrlInfo': pkix_pl_pk11certstore.c:382:22: warning: variable 'cert' set but not used [-Wunused-but-set-variable] CERTCertificate *cert; ^ pkix_pl_pk11certstore.c: In function 'DownloadCrl': pkix_pl_pk11certstore.c:782:16: warning: variable 'savedError' set but not used [-Wunused-but-set-variable] PKIX_Int32 savedError = -1; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_socket.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard alg1485.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdb.c certdb.c: In function 'cert_VerifySubjectAltName': certdb.c:1428:18: warning: variable 'hnLen' set but not used [-Wunused-but-set-variable] unsigned int hnLen; ^ certdb.c: In function 'CERT_ImportCerts': certdb.c:2440:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certdb.c: In function 'CERT_UnlockCertRefCount': certdb.c:2890:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ certdb.c: In function 'CERT_UnlockCertTrust': certdb.c:2970:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certv3.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certxutl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crl.c crl.c: In function 'crl_storeCRL': crl.c:630:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ crl.c: In function 'cert_CheckCertRevocationStatus': crl.c:2696:27: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); ^ crl.c: In function 'cert_CacheCRLByGeneralName': crl.c:3053:32: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] SECStatus rv = SECSuccess, rv2; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard genname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard stanpcertdb.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard polcyxtn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xauthkid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xbsconst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xconst.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhtml.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlv2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocsp.c ocsp.c: In function 'ocsp_RemoveCacheItem': ocsp.c:562:12: warning: variable 'couldRemoveFromHashTable' set but not used [-Wunused-but-set-variable] PRBool couldRemoveFromHashTable; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspsig.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhigh.c certhigh.c: In function 'CERT_MatchNickname': certhigh.c:28:9: warning: variable 'len' set but not used [-Wunused-but-set-variable] int len; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkix.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkixprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xcrldist.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dev3hack.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11akey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11auth.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cert.c pk11cert.c: In function 'pk11_fastCert': pk11cert.c:231:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pk11cert.c: In function 'PK11_MakeCertFromHandle': pk11cert.c:297:12: warning: variable 'swapNickname' set but not used [-Wunused-but-set-variable] PRBool swapNickname = PR_FALSE; ^ pk11cert.c:296:12: warning: variable 'isFortezzaRootCA' set but not used [-Wunused-but-set-variable] PRBool isFortezzaRootCA = PR_FALSE; ^ pk11cert.c: In function 'PK11_TraverseCertsForNicknameInSlot': pk11cert.c:2014:28: warning: variable 'pk11cb' set but not used [-Wunused-but-set-variable] struct nss3_cert_cbstr pk11cb; ^ pk11cert.c: In function 'PK11_FindCertFromDERCertItem': pk11cert.c:2158:21: warning: unused variable 'td' [-Wunused-variable] NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cxt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11err.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11kea.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11load.c pk11load.c: In function 'SECMOD_UnloadModule': pk11load.c:592:28: warning: unused variable 'status' [-Wunused-variable] PRStatus status = PR_UnloadLibrary(softokenLib); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mech.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11merge.c pk11merge.c: In function 'pk11_mergeByObjectIDs': pk11merge.c:852:20: warning: 'error' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_SetError(error); ^ pk11merge.c:753:9: note: 'error' was declared here int error; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11nobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11obj.c pk11obj.c: In function 'PK11_MatchItem': pk11obj.c:1784:22: warning: variable 'parent' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE parent; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pars.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pbe.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pk12.c pk11pk12.c: In function 'PK11_ImportPrivateKeyInfoAndReturnKey': pk11pk12.c:425:17: warning: variable 'keyType' set but not used [-Wunused-but-set-variable] CK_KEY_TYPE keyType = CKK_RSA; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11sdr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11skey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11slot.c pk11slot.c: In function 'PK11_InitToken': pk11slot.c:1108:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ pk11slot.c: In function 'PK11_InitSlot': pk11slot.c:1352:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11util.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sechash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard seckey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dsautil.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssinit.c nssinit.c: In function 'NSS_VersionCheck': nssinit.c:1250:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utilwrap.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a grep -v ';-' nss.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnss3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ../libpkix/pkix/store/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derive.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dtlscon.c dtlscon.c: In function 'ssl3_DisableNonDTLSSuites': dtlscon.c:100:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prelib.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3con.c ssl3con.c: In function 'ssl3_HandleRSAClientKeyExchange': ssl3con.c:9199:13: warning: variable 'pmsItem' set but not used [-Wunused-but-set-variable] SECItem pmsItem = {siBuffer, NULL, 0}; ^ ssl3con.c:9195:12: warning: variable 'isTLS' set but not used [-Wunused-but-set-variable] PRBool isTLS = PR_FALSE; ^ ssl3con.c: In function 'ssl3_HandleRecord': ssl3con.c:11573:21: warning: 'dtls_seq_num' may be used uninitialized in this function [-Wmaybe-uninitialized] dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num); ^ ssl3con.c:11293:14: note: 'dtls_seq_num' was declared here PRUint64 dtls_seq_num; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3gthr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslauth.c sslauth.c: In function 'SSL_AuthCertificate': sslauth.c:267:18: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslcon.c sslcon.c: In function 'ssl2_HandleMessage': sslcon.c:2497:9: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] int rv2; ^ sslcon.c: In function 'NSSSSL_VersionCheck': sslcon.c:3686:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssldef.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslenum.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerrstrs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinit.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ext.c ssl3ext.c: In function 'ssl3_HandleServerNameXtn': ssl3ext.c:418:17: warning: variable 'type' set but not used [-Wunused-but-set-variable] PRInt32 type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslgathr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslmutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslnonce.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslreveal.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsecur.c sslsecur.c: In function 'ssl_SecureRecv': sslsecur.c:1182:22: warning: variable 'sec' set but not used [-Wunused-but-set-variable] sslSecurityInfo *sec; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsnce.c sslsnce.c: In function 'InitCache': sslsnce.c:1232:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1233:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1234:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1235:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1236:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1237:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1238:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1239:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1240:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1241:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1242:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1243:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1244:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ sslsnce.c: In function 'SSL_InheritMPServerSIDCacheInstance': sslsnce.c:1584:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1585:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1586:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1587:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1588:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1589:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1590:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1591:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1592:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1593:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1594:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1595:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1596:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsock.c sslsock.c: In function 'NSS_SetDomesticPolicy': sslsock.c:1327:15: warning: unused variable 'status' [-Wunused-variable] SECStatus status = SECSuccess; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltrace.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard authcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmpcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinfo.c sslinfo.c: In function 'SSL_DisableDefaultExportCipherSuites': sslinfo.c:247:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ sslinfo.c: In function 'SSL_DisableExportCipherSuites': sslinfo.c:268:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ecc.c ssl3ecc.c: In function 'ssl3_DisableECCSuites': ssl3ecc.c:953:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard unix_err.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a grep -v ';-' ssl.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libssl3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc -lz chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12creat.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12dec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12plcy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12tmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12e.c p12e.c: In function 'sec_PKCS12CreateSafeBag': p12e.c:698:12: warning: variable 'setName' set but not used [-Wunused-but-set-variable] PRBool setName = PR_TRUE; ^ p12e.c: In function 'sec_pkcs12_encoder_start_context': p12e.c:1535:12: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12d.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certread.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7create.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7decode.c p7decode.c: In function 'sec_pkcs7_verify_signature': p7decode.c:1293:21: warning: variable 'crls' set but not used [-Wunused-but-set-variable] CERTSignedCrl **crls; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7encode.c p7encode.c: In function 'sec_pkcs7_encoder_start_encrypt': p7encode.c:62:18: warning: variable 'wincx' set but not used [-Wunused-but-set-variable] void *mark, *wincx; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmime.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsarray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsattr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscipher.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencode.c cmsencode.c: In function 'nss_cms_encoder_notify': cmsencode.c:125:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ cmsencode.c: In function 'nss_cms_before_data': cmsencode.c:204:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsenvdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsmessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmspubkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsrecinfo.c cmsrecinfo.c: In function 'NSS_CMSRecipientInfo_UnwrapBulkKey': cmsrecinfo.c:529:21: warning: variable 'encalg' set but not used [-Wunused-but-set-variable] SECAlgorithmID *encalg; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsreclist.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssiginfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsudf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimemessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimeutil.c smimeutil.c: In function 'NSSSMIME_VersionCheck': smimeutil.c:770:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ smimeutil.c: In function 'NSS_SMIMEUtil_FindBulkAlgForRecipients': smimeutil.c:446:9: warning: 'key_type' may be used uninitialized in this function [-Wmaybe-uninitialized] if (key_type == ecKey) { ^ smimeutil.c:425:14: note: 'key_type' was declared here KeyType key_type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimever.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a grep -v ';-' smime.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libsmime3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfenc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmftmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfpop.c crmfpop.c: In function 'CRMF_CertReqMsgSetRAVerifiedPOP': crmfpop.c:36:14: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] SECItem *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfdec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfcont.c crmfcont.c: In function 'CRMF_CreateEncryptedKeyWithEncryptedValue': crmfcont.c:860:25: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] CRMFEncryptedValue *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfresp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfrec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfchal.c cmmfchal.c: In function 'cmmf_create_witness_and_challenge': cmmfchal.c:33:22: warning: variable 'id' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE id; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard servget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcmn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard challcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asn1cmn.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarsign.c jarsign.c: In function 'jar_create_pk7': jarsign.c:174:11: warning: variable 'errstring' set but not used [-Wunused-but-set-variable] char *errstring; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarfile.c jarfile.c: In function 'jar_listtar': jarfile.c:824:12: warning: variable 'when' set but not used [-Wunused-but-set-variable] time_t when; ^ jarfile.c:823:14: warning: variable 'mode' set but not used [-Wunused-but-set-variable] long sz, mode; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarint.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crypto.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard find.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instance.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard session.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sessobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard slot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard token.c token.c: In function 'nssCKFWToken_GetUTCTime': token.c:1261:27: warning: variable 'z' set but not used [-Wunused-but-set-variable] int Y, M, D, h, m, s, z; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard wrap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mechanism.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib cd builtins; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard binst.c binst.c: In function 'builtins_mdInstance_GetLibraryVersion': binst.c:70:17: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bobject.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bsession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoken.c perl certdata.perl < certdata.txt > Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckbiver.c grep -v ';-' nssckbi.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnssckbi.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pargs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pinst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pobject.c pobject.c: In function 'pem_CreateObject': pobject.c:1047:15: warning: variable 'token' set but not used [-Wunused-but-set-variable] pemToken *token; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prsa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard psession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ptoken.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckpemver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsawrapr.c rsawrapr.c:128:1: warning: 'oaep_xor_with_h1' defined but not used [-Wunused-function] oaep_xor_with_h1(unsigned char *data, unsigned int datalen, ^ rsawrapr.c:190:1: warning: 'oaep_xor_with_h2' defined but not used [-Wunused-function] oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'ReadDERFromFile': util.c:142:9: warning: variable 'error' set but not used [-Wunused-but-set-variable] int error; ^ grep -v ';-' nsspem.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsspem.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnssutil3 -lfreebl3 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssckfw -lnssb -lplc4 -lplds4 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssutil3 -lfreebl3 -lsoftokn3 -lpthread -ldl -lc -L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsssysinit.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsssysinit.so -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard basicutil.c basicutil.c: In function 'SECU_PrintAsHex': basicutil.c:312:9: warning: 'column' may be used uninitialized in this function [-Wmaybe-uninitialized] column++; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secutil.c secutil.c: In function 'SECU_ChangePW2': secutil.c:332:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ secutil.c: In function 'secu_PrintPKCS7Signed': secutil.c:2702:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'secu_PrintPKCS7SignedAndEnveloped': secutil.c:2821:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'SEC_PrintCertificateAndTrust': secutil.c:3151:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ secutil.c:3124:5: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secpwd.c secpwd.c: In function 'SEC_GetPassword': secpwd.c:77:8: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] QUIET_FGETS ( phrase, sizeof(phrase), input); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard moreoids.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pppolicy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ffs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11table.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard addbuiltin.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard atob.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/atob ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certcgi.c certcgi.c: In function 'MakeV1Cert': certcgi.c:530:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certcgi.c: In function 'get_serial_number': certcgi.c:594:6: warning: this decimal constant is unsigned only in ISO C90 [enabled by default] if (serial == 4294967295) { ^ certcgi.c: In function 'string_to_binary': certcgi.c:1425:9: warning: variable 'low_digit' set but not used [-Wunused-but-set-variable] int low_digit; ^ certcgi.c:1424:9: warning: variable 'high_digit' set but not used [-Wunused-but-set-variable] int high_digit; ^ certcgi.c: At top level: certcgi.c:360:1: warning: 'update_data_by_name' defined but not used [-Wunused-function] update_data_by_name(Pair *data, ^ certcgi.c:388:1: warning: 'update_data_by_index' defined but not used [-Wunused-function] update_data_by_index(Pair *data, ^ certcgi.c:404:1: warning: 'add_field' defined but not used [-Wunused-function] add_field(Pair *data, ^ certcgi.c: In function 'get_serial_number': certcgi.c:590:11: warning: ignoring return value of 'fread', declared with attribute warn_unused_result [-Wunused-result] fread(&serial, sizeof(int), 1, serialFile); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard keystuff.c keystuff.c: In function 'CERTUTIL_GeneratePrivateKey': keystuff.c:497:15: warning: variable 'algtag' set but not used [-Wunused-but-set-variable] SECOidTag algtag; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard checkcert.c checkcert.c: In function 'OurVerifyData': checkcert.c:125:15: warning: variable 'sigAlgTag' set but not used [-Wunused-but-set-variable] SECOidTag sigAlgTag; ^ checkcert.c: In function 'main': checkcert.c:392:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from checkcert.c:5:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard chktest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen_lex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen.c crlgen.c: In function 'crlgen_RmCert': crlgen.c:1082:18: warning: variable 'arena' set but not used [-Wunused-but-set-variable] PLArenaPool *arena; ^ crlgen.c: In function 'crlgen_CreateInvalidityDate': crlgen.c:627:27: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease(arena, mark); ^ crlgen.c: In function 'crlgen_CreateReasonCode': crlgen.c:586:28: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease (arena, mark); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlutil.c crlutil.c: In function 'main': crlutil.c:1108:16: warning: 'rv' may be used uninitialized in this function [-Wmaybe-uninitialized] return (rv != SECSuccess); ^ crlutil.c:851:9: note: 'rv' was declared here int rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard testcrmf.c testcrmf.c: In function 'get_serial_number': testcrmf.c:130:14: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ testcrmf.c: In function 'main': testcrmf.c:1539:12: warning: variable 'PArg' set but not used [-Wunused-but-set-variable] PRBool PArg = PR_FALSE; ^ testcrmf.c:1538:12: warning: variable 'sArg' set but not used [-Wunused-but-set-variable] PRBool sArg = PR_FALSE; ^ testcrmf.c:1537:12: warning: variable 'eArg' set but not used [-Wunused-but-set-variable] PRBool eArg = PR_FALSE; ^ testcrmf.c:1536:12: warning: variable 'pArg' set but not used [-Wunused-but-set-variable] PRBool pArg = PR_FALSE; ^ testcrmf.c: At top level: testcrmf.c:941:1: warning: 'mapWrapKeyType' defined but not used [-Wunused-function] mapWrapKeyType(KeyType keyType) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dbtest.c In file included from ../modutil/modutil.h:22:0, from dbtest.c:32: ../modutil/error.h:136:14: warning: 'msgStrings' defined but not used [-Wunused-variable] static char *msgStrings[] = { ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derdump.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard digest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/digest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard httpserv.c httpserv.c: In function 'handle_connection': httpserv.c:715:39: warning: integer overflow in expression [-Woverflow] nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ ^ httpserv.c:716:37: warning: integer overflow in expression [-Woverflow] revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ ^ httpserv.c: In function 'getBoundListenSocket': httpserv.c:941:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard listsuites.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard makepqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard multinit.c multinit.c:320:1: warning: 'appendItem' defined but not used [-Wunused-function] appendItem(SECItem *item) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspclnt.c ocspclnt.c: In function 'print_raw_certificates': ocspclnt.c:565:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from ocspclnt.c:9:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ ocspclnt.c: In function 'main': ocspclnt.c:446:8: warning: 'cert_usage' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time, ^ ocspclnt.c:967:18: note: 'cert_usage' was declared here SECCertUsage cert_usage; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspresp.c ocspresp.c: In function 'main': ocspresp.c:140:15: warning: variable 'statusDecodedFail' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedFail; ^ ocspresp.c:136:15: warning: variable 'statusDecodedRev' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedRev; ^ ocspresp.c:132:15: warning: variable 'statusDecoded' set but not used [-Wunused-but-set-variable] SECStatus statusDecoded; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard oidcalc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7content.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7env.c p7env.c: In function 'main': p7env.c:133:11: warning: variable 'certName' set but not used [-Wunused-but-set-variable] char *certName; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk12util.c pk12util.c: In function 'p12u_InitContext': pk12util.c:104:12: warning: variable 'fileExist' set but not used [-Wunused-but-set-variable] PRBool fileExist; ^ pk12util.c: In function 'P12U_ListPKCS12File': pk12util.c:762:30: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] 0, SECU_PrintCertificate) != 0) { ^ In file included from pk12util.c:11:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11gcmtest.c pk11gcmtest.c: In function 'aes_gcm_kat': pk11gcmtest.c:319:6: warning: 'tagsize' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = aes_decrypt_buf(key, keysize, iv, ivsize, ^ pk11gcmtest.c:319:6: warning: 'ciphertextlen' may be used uninitialized in this function [-Wmaybe-uninitialized] pk11gcmtest.c:66:24: warning: 'ivsize' may be used uninitialized in this function [-Wmaybe-uninitialized] gcm_params.ulIvLen = ivsize; ^ pk11gcmtest.c:174:18: note: 'ivsize' was declared here unsigned int ivsize; ^ pk11gcmtest.c:54:18: warning: 'keysize' may be used uninitialized in this function [-Wmaybe-uninitialized] key_item.len = keysize; ^ pk11gcmtest.c:172:18: note: 'keysize' was declared here unsigned int keysize; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mode.c pk11mode.c: In function 'PKM_TLSMasterKeyDerive': pk11mode.c:4561:16: warning: variable 'expected_version' set but not used [-Wunused-but-set-variable] CK_VERSION expected_version, version; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk1sign.c pk1sign.c: In function 'main': pk1sign.c:283:32: warning: 'cert' may be used uninitialized in this function [-Wmaybe-uninitialized] CERT_DestroyCertificate(cert); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix-errcodes.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pp.c pp.c: In function 'Usage': pp.c:35:13: warning: too many arguments for format [-Wformat-extra-args] SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); ^ pp.c: In function 'main': pp.c:140:9: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from pp.c:10:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pwdecrypt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsaperf.c rsaperf.c: In function 'main': rsaperf.c:433:27: warning: variable 'certdb' set but not used [-Wunused-but-set-variable] CERTCertDBHandle* certdb = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard defkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sdrtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard selfserv.c selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1132:33: warning: integer overflow in expression [-Woverflow] nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ ^ selfserv.c:1147:18: warning: integer overflow in expression [-Woverflow] now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ ^ selfserv.c: In function 'getBoundListenSocket': selfserv.c:1690:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1163:24: warning: 'sr' may be used uninitialized in this function [-Wmaybe-uninitialized] singleResponses[0] = sr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signtool.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certgen.c certgen.c: In function 'sign_cert': certgen.c:423:11: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] void *dummy; ^ certgen.c: In function 'GetSubjectFromUser': certgen.c:125:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:147:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:166:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:184:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:202:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:223:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:241:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard javascript.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'XP_GetString': util.c:21:5: warning: return discards 'const' qualifier from pointer target type [enabled by default] return SECU_Strerror (i); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard zip.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk7print.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signver ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard shlibsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin cd mangle; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mangle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard strsclnt.c strsclnt.c: In function 'do_connects': strsclnt.c:735:15: warning: variable 'result' set but not used [-Wunused-but-set-variable] SECStatus result; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symkeyutil.c symkeyutil.c: In function 'main': symkeyutil.c:1018:31: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard baddbdir.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard conflict.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dertimetest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encodeinttest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nonspr10.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard remtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmodtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tstclnt.c tstclnt.c: In function 'ownAuthCertificate': tstclnt.c:536:19: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfychain.c vfychain.c: In function 'configureRevocationParams': vfychain.c:363:50: warning: 'revFlags' may be used uninitialized in this function [-Wmaybe-uninitialized] revFlags[cert_revocation_method_ocsp] = ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyserv.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard modutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instsec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard installparse.c ytab.c: In function 'Pk11Install_yyparse': ytab.c:219:5: warning: suggest parentheses around assignment used as truth value [-Wparentheses] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard lex.Pk11Install_yy.c lex.Pk11Install_yy.cpp:1060:13: warning: 'Pkcs11Install_yyunput' defined but not used [-Wunused-function] lex.Pk11Install_yy.cpp:1106:12: warning: 'input' defined but not used [-Wunused-function] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss' ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 + unset NSS_BLTEST_NOT_AVAILABLE + pushd ./nss + /usr/bin/make clean_docs build_docs /usr/bin/make -C ./doc clean make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' rm -f date.xml version.xml *.tar.bz2 rm -f html/*.proc rm -fr nss-man ascii make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' /usr/bin/make -C ./doc make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' date +"%e %B %Y" | tr -d '\n' > date.xml echo -n > version.xml mkdir -p html mkdir -p nroff xmlto -o nroff man certutil.xml Note: Writing certutil.1 xmlto -o html html certutil.xml Writing index.html for refentry(certutil) mv html/index.html html/certutil.html make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' ~/build/BUILD/nss-3.16.2.3 + popd + /usr/bin/mkdir -p ./dist/doc/nroff + /usr/bin/cp ./nss/doc/nroff/certutil.1 ./nss/doc/nroff/cmsutil.1 ./nss/doc/nroff/crlutil.1 ./nss/doc/nroff/derdump.1 ./nss/doc/nroff/modutil.1 ./nss/doc/nroff/pk12util.1 ./nss/doc/nroff/pp.1 ./nss/doc/nroff/signtool.1 ./nss/doc/nroff/signver.1 ./nss/doc/nroff/ssltap.1 ./nss/doc/nroff/vfychain.1 ./nss/doc/nroff/vfyserv.1 ./dist/doc/nroff + /usr/bin/mkdir -p ./dist/pkgconfig + /usr/bin/cat /builddir/build/SOURCES/nss.pc.in + sed -e s,%libdir%,/usr/lib,g -e s,%prefix%,/usr,g -e s,%exec_prefix%,/usr,g -e s,%includedir%,/usr/include/nss3,g -e s,%NSS_VERSION%,3.16.2.3,g -e s,%NSPR_VERSION%,4.10.6,g -e s,%NSSUTIL_VERSION%,3.16.2.3,g -e s,%SOFTOKEN_VERSION%,3.16.2.3,g ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VMAJOR' ++ awk '{print $3}' + NSS_VMAJOR=3 ++ grep '#define.*NSS_VMINOR' ++ cat nss/lib/nss/nss.h ++ awk '{print $3}' + NSS_VMINOR=16 ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VPATCH' ++ awk '{print $3}' + NSS_VPATCH=2 + export NSS_VMAJOR + export NSS_VMINOR + export NSS_VPATCH + /usr/bin/cat /builddir/build/SOURCES/nss-config.in + sed -e s,@libdir@,/usr/lib,g -e s,@prefix@,/usr,g -e s,@exec_prefix@,/usr,g -e s,@includedir@,/usr/include/nss3,g -e s,@MOD_MAJOR_VERSION@,3,g -e s,@MOD_MINOR_VERSION@,16,g -e s,@MOD_PATCH_VERSION@,2,g + chmod 755 ./dist/pkgconfig/nss-config + /usr/bin/cat /builddir/build/SOURCES/setup-nsssysinit.sh + chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh + /usr/bin/cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/ + tr -d '\n' + date '+%e %B %Y' + echo -n 3.16.2.3 + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/nss-config.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/setup-nsssysinit.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/pkcs11.txt.xml . + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man nss-config.xml Note: Writing nss-config.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man setup-nsssysinit.xml Note: Writing setup-nsssysinit.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man pkcs11.txt.xml Note: Writing pkcs11.txt.5 + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert8.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert9.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key3.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key4.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/secmod.db.xml . + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert8.db.xml Note: Writing cert8.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert9.db.xml Note: Writing cert9.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key3.db.xml Note: Writing key3.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key4.db.xml Note: Writing key4.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man secmod.db.xml Note: Writing secmod.db.5 + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.7IvtlJ + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm '!=' / ']' + rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm ++ dirname /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + cd nss-3.16.2.3 + /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1 + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5 + touch /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnssckbi.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/libnssckbi.so + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert8.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert8.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key3.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key3.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-secmod.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/secmod.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert9.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert9.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key4.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key4.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/system-pkcs11.txt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/pkcs11.txt + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/certutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/cmsutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/crlutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/modutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signtool /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signver /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ssltap /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/atob /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/btoa /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/derdump /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ocspclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pp /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/selfserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/strsclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/symkeyutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/tstclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfyserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfychain /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cert.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certdb.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cms.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmsreclist.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmst.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptohi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptoht.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar-ds.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jarfile.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/key.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyhi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keythi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nss.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbase.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbaset.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckbi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckepv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfw.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckmdt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nsspem.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocsp.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocspt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12plcy.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11func.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pqg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11priv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pub.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11sdr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs7t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/preenc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sechash.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmod.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmodt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs5.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs7.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/smime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ssl.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslerr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslproto.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in dist/private/nss/nssck.api + /usr/bin/install -p -m 644 dist/private/nss/nssck.api /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/install -p -m 644 ./dist/pkgconfig/nss.pc /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig/nss.pc + /usr/bin/install -p -m 755 ./dist/pkgconfig/nss-config /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/nss-config + /usr/bin/install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh + ln -r -s -f /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit + for f in nss-config setup-nsssysinit + install -c -m 644 nss-config.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/nss-config.1 + for f in nss-config setup-nsssysinit + install -c -m 644 setup-nsssysinit.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/setup-nsssysinit.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/certutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/certutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/cmsutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/cmsutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/crlutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/crlutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/derdump.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/derdump.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/modutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/modutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pk12util.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pk12util.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pp.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pp.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signtool.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signtool.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signver.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signver.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/ssltap.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/ssltap.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfychain.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfychain.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfyserv.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfyserv.1 + for f in pkcs11.txt + install -c -m 644 pkcs11.txt.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/pkcs11.txt.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert8.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert8.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert9.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert9.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key3.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key3.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key4.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key4.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 secmod.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/secmod.db.5 + /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 /builddir/build/BUILD/nss-3.16.2.3 extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/certutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signtool extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/pk12util extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/crlutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/modutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signver extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/cmsutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/ssltap extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libsmime3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsssysinit.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libssl3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnss3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfyserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfychain extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/selfserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/ocspclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/strsclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/derdump extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/pp extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/tstclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/btoa extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/symkeyutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/atob extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/libnssckbi.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsspem.so /usr/lib/rpm/sepdebugcrcfix: Updated 25 CRC32s, 0 CRC32s did match. cpio: nss-3.16.2.3/nss/cmd/modutil/lex.Pk11Install_yy.cpp: Cannot stat: No such file or directory cpio: nss-3.16.2.3/nss/cmd/modutil/ytab.c: Cannot stat: No such file or directory 23564 blocks + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/lib/rpm/redhat/brp-java-repack-jars Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.k0wkwt + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + '[' 0 -eq 1 ']' + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib ++ find ./nss/tests ++ grep -c ' ' + SPACEISBAD=0 + : + '[' 0 -ne 0 ']' ++ perl -e 'print 9000 + int rand 1000' 9673 selfserv_9673 + MYRAND=9673 + echo 9673 + RANDSERV=selfserv_9673 + echo selfserv_9673 ++ ls -d ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ~/build/BUILD/nss-3.16.2.3 ~/build/BUILD/nss-3.16.2.3 + DISTBINDIR=./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + echo ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ++ pwd + pushd /builddir/build/BUILD/nss-3.16.2.3 + cd ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + ln -s selfserv selfserv_9673 + popd + find ./nss/tests -type f + grep -v '\.db$' + grep -v '\.crl$' + grep -vw CVS + xargs grep -lw selfserv + xargs -l perl -pi -e 's/\bselfserv\b/selfserv_9673/g' ~/build/BUILD/nss-3.16.2.3 + grep -v '\.crt$' + killall selfserv_9673 selfserv_9673: no process found + : + rm -rf ./tests_results ~/build/BUILD/nss-3.16.2.3/nss/tests ~/build/BUILD/nss-3.16.2.3 + pushd ./nss/tests/ + nss_tests='libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains' + HOST=localhost + DOMSUF=localdomain + PORT=9673 + NSS_CYCLES= + NSS_TESTS= + NSS_SSL_TESTS= + NSS_SSL_RUN= + ./all.sh testdir is /builddir/build/BUILD/nss-3.16.2.3/tests_results/security init.sh init: Creating /builddir/build/BUILD/nss-3.16.2.3/tests_results/security which: no domainname in (.:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin) ******************************************** Platform: Linux3.19_arm_glibc_PTH_OPT.OBJ Results: localhost.1 ******************************************** init.sh init: Testing PATH .:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin against LIB /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib: ./all.sh: line 304: [: -eq: unary operator expected Running tests for cipher TIMESTAMP cipher BEGIN: Mon May 18 17:06:38 EDT 2015 ./cipher.sh: line 127: res: command not found ./init.sh: line 228: [: : integer expression expected cipher.sh: #1: - PASSED TIMESTAMP cipher END: Mon May 18 17:06:38 EDT 2015 Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 17:06:38 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 17:06:38 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Mon May 18 17:06:38 EDT 2015 TIMESTAMP libpkix END: Mon May 18 17:06:38 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Mon May 18 17:06:38 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -f ../tests.pw cert.sh: #3: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #4: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #6: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -f ../tests.pw cert.sh: #7: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #8: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #9: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #10: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #11: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #12: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #13: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #14: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -f ../tests.pw cert.sh: #15: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #16: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #17: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #18: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #19: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #20: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #21: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #22: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #23: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #24: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #25: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #26: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #27: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #28: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #29: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #30: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #31: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #32: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #33: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #34: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #35: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #36: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw cert.sh: #37: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #38: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #39: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #40: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #41: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #42: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #43: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #44: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #45: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #46: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #47: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #48: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #49: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #50: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #51: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #52: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #53: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #54: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #55: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw cert.sh: #56: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #57: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #58: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #59: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #60: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #61: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #62: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #63: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #64: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #65: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #66: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #67: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #68: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #69: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #70: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #71: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #72: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #73: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #74: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw cert.sh: #75: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #76: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA.ca.cert cert.sh: #77: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA-ec.ca.cert cert.sh: #78: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #79: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #80: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #81: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #82: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #83: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #84: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #85: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #86: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #87: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #88: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #89: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA.ca.cert cert.sh: #90: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA-ec.ca.cert cert.sh: #91: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #92: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #93: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #94: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #95: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #96: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #97: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #98: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #99: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #100: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #101: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #102: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #103: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #104: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #105: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #106: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #107: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #108: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #109: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #110: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #111: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw cert.sh: #112: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #113: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA.ca.cert cert.sh: #114: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #115: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #116: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #117: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #118: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #119: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #120: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #121: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #122: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #123: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #124: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw cert.sh: #125: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #126: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA.ca.cert cert.sh: #127: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #128: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #129: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #130: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #131: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #132: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #133: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #134: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #135: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #136: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #137: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw cert.sh: #138: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #139: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA.ca.cert cert.sh: #140: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #141: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #142: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #143: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #144: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #145: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #146: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #147: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #148: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #149: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #150: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw cert.sh: #151: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #152: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA.ca.cert cert.sh: #153: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #154: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #155: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #156: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #157: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #158: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #159: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #160: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #161: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #162: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #163: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #164: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #165: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #166: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #167: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #168: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #169: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #170: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #171: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw cert.sh: #172: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #173: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #174: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #175: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw cert.sh: #176: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #177: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #178: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #179: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #180: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #181: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #182: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #183: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #184: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #185: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #186: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #187: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw cert.sh: #188: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #189: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #190: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #191: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #192: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #193: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #194: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #195: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #196: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #197: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #198: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #199: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #200: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:2e Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:46 2015 Not After : Tue Aug 18 21:08:46 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:04:07:bc:e3:06:e8:9c:78:20:03:50:78:01:a3:45: d9:99:b3:18:66:25:dd:09:1c:3c:a8:06:33:6e:5c:72: d6:d4:33:16:e1:b3:f8:b3:97:5f:9d:79:a0:b0:49:ff: 6e:74:c1:45:74:24:f6:dc:70:96:ed:fc:8d:2e:ea:22: 86:a3:74:36:9a:16:11:2f:f1:6f:20:d8:d6:35:2b:5d: 6d:1e:92:6a:c2:9b:46:c4:a0:43:5a:7d:37:a0:c6:54: 26:97:01:75:c4:80:6b:05:5f:88:ed:3f:15:00:a3:56: e2:1e:08:1c:c8:97:7f:0f:de:4a:6b:b8:f5:f5:1b:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:ce:ee:b6:3f:20:ae:5d:9e:9f:c8:29:16:15:3a:9c: 23:53:b4:eb:c7:ad:4b:61:ab:4c:fd:1c:56:87:f4:01: bf:ed:1c:e8:37:be:e1:ab:75:32:1f:88:3d:63:6b:a0: f0:0b:f7:a9:32:c0:9d:21:93:f1:72:9c:c7:94:f6:ba: 04:77:13:16:a7:ea:3c:ad:00:9c:67:ee:44:3b:a3:49: a5:40:88:13:99:8a:85:8c:97:81:60:50:28:08:d8:31: df:11:55:b6:50:bf:73:6c:53:1c:9a:d0:73:12:06:3d: c6:0f:06:34:46:90:5d:67:84:b8:ee:a8:61:40:d1:55 Fingerprint (SHA-256): 71:ED:CD:51:0C:45:3A:02:00:7D:B3:07:21:2B:DB:8F:51:F1:0D:4F:48:62:A5:F4:4D:37:6D:05:6E:B3:57:95 Fingerprint (SHA1): 11:68:38:B8:47:8D:0B:DE:B5:79:F0:C7:14:DC:6B:C0:7C:FA:BB:D9 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #201: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:32 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:48 2015 Not After : Tue Aug 18 21:08:48 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:74:df:a5:56:2c:4b:e8:83:e0:be:cb:be:61:ae:90: af:80:c0:06:11:6c:22:9c:ea:3b:c1:15:f8:80:4e:40: 07:5c:bb:ec:79:f1:d4:54:dc:16:6d:e3:fc:4d:11:f1: 05:c1:9c:f0:8f:7e:cd:15:c0:61:e4:7f:c3:61:86:13: 02:07:1d:b3:14:21:c9:ee:90:4c:75:5e:7b:b5:56:a6: 50:23:b7:ce:20:ed:ea:71:a8:74:9f:b8:36:9f:0a:87: c7:fb:59:c8:f9:15:4c:21:7f:94:c6:90:63:19:0b:bf: 45:17:1d:64:44:03:a9:f4:c9:d1:0d:40:cb:c7:38:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:ef:5e:ef:63:87:7c:df:55:f4:63:06:9b:c1:f2:da: 4f:85:e3:3c:fc:08:bb:53:33:7f:d6:32:4a:4c:ab:20: f2:55:77:e7:b1:b6:48:57:13:66:63:a8:f8:30:5e:f2: 76:01:89:27:bf:f3:1e:34:a2:d3:bc:6c:dd:b3:2a:4a: e9:50:02:a3:7a:8a:eb:af:bc:35:92:a7:4a:32:ab:69: c4:69:59:d0:74:d2:84:c1:4f:66:90:c9:9f:3b:cf:89: 29:0b:fe:74:0b:65:8e:4a:75:5b:72:30:25:a4:16:fd: c1:4a:31:35:c5:7e:01:10:27:76:f9:a2:f0:5d:2c:28 Fingerprint (SHA-256): 27:09:03:C9:C8:9C:D2:89:D1:E4:1D:07:E1:43:0F:10:FB:C5:52:40:35:36:03:7F:D8:B6:34:97:2F:6F:C4:B4 Fingerprint (SHA1): E7:17:9D:A9:D8:F0:4D:45:8D:2E:47:BC:04:E6:74:2D:3C:21:CB:63 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #202: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:36 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:51 2015 Not After : Tue Aug 18 21:08:51 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:bf:ac:f1:cb:b1:22:21:37:3a:86:2c:04:de:54:8a: b3:ed:52:1d:97:52:f2:45:ec:f2:af:29:c1:2e:69:1c: de:97:05:f7:8f:21:6c:be:71:39:85:5d:4e:ec:55:5d: 89:f8:fe:70:6a:4e:ad:bc:cc:c1:24:44:28:da:b3:f9: 54:96:6c:64:93:77:d6:c2:75:e9:39:c5:a9:12:b3:e1: 99:15:f0:cf:5b:bb:cc:23:03:29:7d:54:0b:37:b8:03: 5f:78:4b:ea:ef:45:27:d3:6a:8c:42:f6:7c:0d:0f:ad: a7:ca:07:66:2a:2b:54:79:47:0e:d6:1f:91:9c:7b:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a4:c6:33:6a:4d:e9:ae:cd:e0:04:3b:f7:11:b8:c5:91: f9:b0:cf:d4:3e:35:2a:52:ff:6d:de:27:6e:66:15:7b: 1e:35:af:28:40:c7:bb:fd:34:19:71:41:0c:52:46:e4: f7:9b:3a:93:09:44:66:42:c8:12:e5:09:86:10:66:00: f0:07:e7:af:5a:06:db:fc:1b:17:80:a2:65:73:b1:93: 0c:31:61:99:7a:51:95:b7:7b:26:88:10:51:a9:a7:df: 30:0f:4a:18:3c:74:c2:e0:86:24:d9:3f:51:eb:2d:81: 0c:b9:43:72:30:2b:ab:17:f1:a9:20:0e:cd:ca:4c:f6 Fingerprint (SHA-256): 6E:A9:45:B9:6E:A2:20:25:D6:EB:6B:79:D8:A7:24:3B:17:54:F6:A2:CC:B7:40:6B:84:2F:2D:35:82:60:02:F5 Fingerprint (SHA1): 99:18:AE:3A:9D:2A:9B:E6:B5:4E:86:9D:42:24:C2:97:A6:AE:F8:1C Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #203: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:3b Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:53 2015 Not After : Tue Aug 18 21:08:53 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:24:17:55:f0:ef:9a:ba:31:99:f8:3f:45:c0:f7:b4: 81:a6:9b:e5:ad:12:32:13:5e:9b:2c:5f:ca:7c:ca:1a: e4:92:9d:2a:d9:87:16:fe:c8:74:cf:38:83:89:95:b5: 6a:c9:bb:47:dd:60:8e:e4:0b:f0:3e:76:b3:a3:3c:c6: da:c3:a0:36:56:5a:a9:9b:c9:e7:66:0c:9d:49:a0:c2: 9d:64:d5:ef:94:21:93:6d:4b:11:8d:a3:2a:ba:5a:42: 49:05:7a:f3:0f:fb:94:71:db:b8:71:93:a7:2d:0d:57: 08:7f:49:4d:af:c2:d8:9a:38:18:7e:57:49:58:cd:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:a9:07:af:7a:16:2d:00:ed:1b:9d:c4:cb:17:0d:91: ce:ae:e0:8d:19:66:ec:3b:35:3d:0d:e4:ad:a2:58:78: 2c:7b:ed:1d:4d:c9:19:a5:8a:fa:54:48:b8:32:fd:33: 2d:d6:2c:a8:e8:8b:3a:74:62:4b:54:47:85:d4:5c:2a: 25:fc:22:49:ee:e9:77:30:1b:57:20:48:11:c2:1f:83: 04:45:85:92:4b:f4:5e:36:d4:4f:52:a4:d2:ae:f4:26: 6c:55:0a:c8:fa:37:6b:b0:00:e0:b9:7a:24:cf:fc:0c: 5f:ad:4a:d2:80:be:ee:48:8d:ef:a3:97:0b:d6:b0:84 Fingerprint (SHA-256): 8D:24:B4:17:EC:03:BE:D7:F0:3C:DC:C8:C8:40:48:ED:4C:96:CA:47:5C:EE:D3:5D:9A:12:41:63:35:7F:ED:89 Fingerprint (SHA1): 19:1A:F1:14:9F:04:F1:51:D0:A5:B2:BC:F1:54:AC:9A:C6:BB:DE:B0 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #204: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:3f Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:55 2015 Not After : Tue Aug 18 21:08:55 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:12:20:95:72:81:43:3d:c8:1f:df:12:ba:6b:94:fb: 73:ec:a5:d8:e7:3b:a0:4f:7a:34:44:c3:85:46:07:d6: f1:18:ed:72:0e:47:d1:70:a6:ac:e8:ed:15:eb:70:8d: 74:dd:6c:3b:b3:50:1d:27:f9:92:32:86:6b:87:9a:66: b0:f1:7d:da:9d:97:5d:0f:36:51:2c:bf:08:08:b6:b7: 01:43:58:6a:06:c0:f1:68:a3:54:93:a3:63:51:d2:93: 1b:25:b0:04:1c:16:4a:74:89:cf:9a:97:b2:e4:37:bb: 60:22:bf:dc:df:80:68:b2:6d:73:a6:14:11:c7:8a:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8a:37:ba:aa:50:e7:98:41:7e:dc:2d:c7:14:9e:c6:d5: f6:d6:92:b6:d9:b8:30:f4:f3:51:b0:93:95:5f:3e:a4: 0e:2c:ae:d8:b4:68:39:95:aa:1e:4f:53:df:e6:6e:8c: aa:6e:e6:fa:65:a0:8c:23:09:64:93:04:cb:18:03:71: c8:5a:af:2a:dd:4d:8d:a8:f0:a6:60:c3:4e:9e:ec:aa: 0e:09:e8:e4:74:70:9f:88:05:3d:e6:3a:13:51:89:20: 8f:eb:8d:15:e5:b1:b5:8a:1e:6e:80:d2:5c:c7:a9:0d: e8:b3:04:e3:77:76:73:8e:ee:7f:39:1a:5f:7e:14:dd Fingerprint (SHA-256): 48:24:4D:20:E4:99:3B:C6:AF:2B:14:C9:9B:F0:05:8D:CC:52:CD:0F:70:30:85:26:5D:B7:30:D7:8C:FE:6D:49 Fingerprint (SHA1): 9C:29:2D:1E:B2:DF:C9:E2:1D:93:4C:41:7E:80:2B:51:76:B5:31:33 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #205: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:44 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:08:57 2015 Not After : Tue Aug 18 21:08:57 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:13:f8:73:cc:e7:22:41:e4:19:3c:74:fb:f2:a0: 2a:2d:99:43:31:03:90:95:55:4e:02:75:ad:42:1b:63: db:60:38:88:43:45:2e:8f:0f:fe:8e:64:a8:d4:3a:ee: ad:12:b3:01:1f:61:37:90:1c:b1:90:58:0f:9d:3f:c0: ec:d2:00:fc:5f:2a:c3:67:d6:69:a1:e2:8b:37:0e:df: 84:6b:9b:fb:5c:a7:7b:93:89:b4:a5:2e:ba:0d:dc:a8: 49:5b:fa:a8:a8:97:06:cf:9c:a0:32:8b:7f:3a:67:2a: ce:44:b1:15:d2:93:51:67:e2:be:00:4a:bb:c1:c7:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 17:29:fc:c5:a3:7c:42:08:f3:41:c2:a7:1a:7f:28:e1: dc:48:58:2f:d5:4d:09:b6:29:7c:9b:31:03:d6:ef:de: 6f:93:3b:c6:0b:bb:f3:22:7f:de:2d:72:21:9c:69:5b: d6:26:dd:4f:3d:04:ac:d1:69:e9:35:fa:dd:c5:c7:95: 1e:42:f2:ef:e6:7d:f2:25:61:40:9b:b6:2a:66:f2:ae: 51:fb:11:f8:20:e1:19:3b:29:db:8c:75:e6:cc:53:26: a2:5b:a6:9d:6a:0e:a7:63:75:f0:f1:19:14:c9:f1:ac: ea:ab:2c:8d:18:b1:86:2c:7e:52:53:16:a5:ac:d6:0e Fingerprint (SHA-256): 8C:A8:32:22:79:3B:89:D1:25:91:06:B0:AA:83:3C:22:AF:91:52:5B:F9:5F:51:3C:90:C3:26:43:32:B7:1F:B9 Fingerprint (SHA1): B3:34:36:E1:4A:23:DF:02:A7:7B:75:05:B4:D3:AB:4A:96:80:58:2C Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #206: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:48 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:09:00 2015 Not After : Tue Aug 18 21:09:00 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:a1:86:47:aa:e6:99:ae:4d:f5:ab:5d:36:66:6f:90: ac:8f:d3:39:dc:89:b2:20:e8:e2:bb:bb:52:6d:55:13: ce:a9:d3:53:80:4f:45:26:17:18:06:54:22:bc:a2:97: 0e:92:d0:2e:b8:2b:9b:ef:71:7a:5f:60:93:19:9d:1e: e1:4b:2d:47:7f:09:0a:72:fe:8b:44:8e:60:f0:70:c0: 1d:b4:ba:1c:91:2d:f2:67:6a:90:c3:db:4f:c0:17:89: d7:f1:5f:4d:2e:e2:1d:45:56:6d:a9:ba:8b:d9:37:04: fa:99:42:ec:db:24:7a:98:19:17:dc:cf:e4:e4:33:1f Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:8b:47:1f:1c:a8:13:85:b7:2d:d7:b6:e6:65:8f:bb: 25:a5:df:02:dc:89:fb:d1:72:11:33:7d:20:88:f1:10: ce:e8:5f:46:32:82:9e:b5:e2:3a:e3:a9:58:6d:59:11: cb:ec:1d:90:d9:7c:59:87:dd:59:75:37:0e:2b:95:6d: 92:f7:c2:a0:04:fe:28:d3:bf:66:98:1c:3e:53:9c:3c: 7c:37:0e:c9:d3:df:97:87:aa:ac:f1:a1:4c:c3:75:9b: 9d:47:09:e7:77:9e:13:ba:ae:b5:00:79:38:91:55:ac: e7:db:9c:15:8d:1c:9e:de:f3:1e:f2:94:f0:c4:41:90 Fingerprint (SHA-256): 5D:6A:92:87:9B:E6:45:0B:33:32:AA:AD:B4:FD:5B:FE:91:CB:93:62:62:65:7A:69:E9:A9:1F:83:B4:45:CE:CC Fingerprint (SHA1): CD:3A:9D:CB:D5:C1:67:70:23:18:FF:88:F3:42:68:14:5E:A2:7E:BA Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #207: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:4c Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:09:02 2015 Not After : Tue Aug 18 21:09:02 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:03:fe:8d:ce:ec:ac:f9:99:b9:01:cf:93:44:5a:96: f7:ef:78:0d:75:31:83:5d:ed:f2:9e:51:c0:9e:a9:27: 0d:e6:61:2a:87:b6:5e:42:dd:f8:d9:e9:4a:39:9a:96: db:70:82:fb:df:18:a2:c9:c8:25:3e:c3:65:21:11:7c: 99:5f:ca:61:23:09:cb:9c:f8:97:0b:89:e4:78:bb:6c: cb:74:11:4c:ff:9a:ba:fd:4e:ce:a9:a0:d4:49:6f:f2: cf:2c:39:eb:e3:a2:f3:5c:54:3a:4f:56:23:fc:c9:28: 94:40:00:6e:82:94:58:be:a7:74:ff:91:14:20:b0:2f Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a2:8a:d3:3d:37:e0:fc:9d:7d:d8:f9:72:1f:10:99:0d: 02:44:ae:fc:17:d0:b5:48:32:37:2a:da:b1:53:d9:cd: 83:fe:11:86:99:89:4e:ec:f3:ca:d2:d0:e2:2f:85:48: 62:56:1b:9e:86:33:62:95:a6:52:7a:83:80:39:6c:40: 12:3f:84:fd:45:b3:61:a5:bb:d6:f2:dc:28:97:22:74: e0:b1:82:9c:b5:04:04:6a:62:11:74:1f:32:61:15:9e: 34:ac:53:7f:83:0e:d5:3f:4a:fe:8d:f6:d4:23:8a:40: 76:73:86:e5:68:3e:7c:d8:cf:6c:ad:d7:8e:df:16:05 Fingerprint (SHA-256): 2A:72:0C:C7:33:D2:D5:70:B2:34:2C:38:1B:78:2F:55:D5:1E:27:C9:5B:62:7F:C4:98:D6:21:15:F1:B1:F9:6D Fingerprint (SHA1): D4:75:9F:51:0C:67:D8:60:E3:39:3F:C7:E5:61:69:59:1E:78:A7:04 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #208: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:50 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:09:04 2015 Not After : Tue Aug 18 21:09:04 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:ec:62:1b:0c:93:6a:5e:0f:a3:75:44:6d:34:51:e3: 1a:84:58:c7:35:88:4c:28:7f:b1:b3:83:c1:a2:23:38: 05:b3:c2:15:b6:07:7a:48:ec:4e:71:56:cf:17:d3:6f: 05:bd:cd:63:66:02:d7:46:e2:c6:b0:d7:8f:e8:84:ab: f4:54:78:9e:a7:45:68:86:74:38:df:0d:d2:46:d7:70: ec:01:ad:e7:00:e2:84:3a:0a:47:db:cb:26:21:1f:0e: 1e:d0:ff:45:9d:ee:0b:3a:df:87:ec:ea:9f:3c:84:98: ff:e6:35:42:35:3c:28:55:b7:02:10:d9:3e:78:b3:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:77:c0:bf:3a:4e:43:7a:c8:1a:9f:f5:35:66:1d:31: 82:ba:f8:a7:4a:86:77:2e:bd:8f:09:0d:a8:32:5e:4b: 4d:97:9b:b2:2c:0f:2f:ba:ac:7c:9c:92:12:a1:8e:5b: b3:31:b8:2d:f4:63:a6:96:22:50:f2:36:76:10:0b:d6: 93:54:9a:8f:bc:e3:f3:82:1f:b6:ca:a7:8f:76:d5:8f: 5a:eb:fd:98:3a:8e:27:8d:25:ce:e2:ec:f1:f3:14:e5: 5f:19:6e:b3:29:92:02:a4:58:6b:1e:82:3a:d9:eb:d5: 2b:b2:51:c2:92:ed:bf:c0:7f:db:ab:91:33:06:3b:25 Fingerprint (SHA-256): 35:AA:D8:55:97:91:D2:EA:54:0C:08:3C:C4:AA:71:19:49:E4:55:86:A2:2D:4B:65:68:D2:A0:73:93:FA:24:CD Fingerprint (SHA1): ED:6A:FF:52:D8:EB:CE:57:C9:FE:AC:24:C5:9D:43:9A:73:25:F2:31 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #209: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:55 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 21:09:06 2015 Not After : Tue Aug 18 21:09:06 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:64:e1:50:69:ed:66:d4:b1:eb:30:66:b5:e6:5e:db: d3:8c:ad:e1:12:bd:f9:25:6c:c7:77:de:bc:d3:f7:0e: 76:0c:c4:10:de:98:c3:2c:48:ff:f8:2e:7b:ec:9e:e6: 93:fb:86:07:ed:9f:5c:71:00:4f:8b:9d:65:b7:8e:a7: 4f:aa:7f:01:46:93:57:c8:9b:20:30:3c:99:3b:bb:b8: cf:26:4c:67:0c:9b:b7:34:f3:f3:ce:16:81:62:17:d5: 6d:cc:59:8e:a9:94:80:c6:7e:a1:08:1e:32:c2:26:9a: a7:9e:76:05:bc:8d:1d:ac:87:51:37:20:f2:a0:9d:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 15:a9:16:6d:8a:98:35:77:5d:3f:dd:43:15:e6:40:04: d8:90:dd:eb:ab:c8:06:fe:4a:ea:65:55:ae:45:71:f3: 88:de:98:0a:14:d7:99:e9:c7:73:7a:d8:85:2d:86:d8: d7:bd:76:3a:ce:dc:f9:02:17:c8:61:a3:63:36:78:f0: 7c:68:8a:c4:10:9d:b0:95:28:2d:f6:39:2d:df:a3:79: 14:cc:ea:d8:58:27:80:06:f5:9d:7c:b8:97:9f:c9:13: 73:cc:21:c7:38:1d:6e:43:e2:e0:2a:54:fc:14:dc:1f: f1:4a:95:8d:98:a6:f0:9c:0a:4b:ae:2c:cd:89:d8:e2 Fingerprint (SHA-256): 1A:2C:E0:B3:04:58:90:36:40:B3:8E:E0:7C:19:3A:AA:EF:B3:8D:22:D7:D3:68:DA:26:C4:6D:03:D9:C2:2A:F5 Fingerprint (SHA1): F8:97:39:46:49:0F:94:44:76:B0:0C:A5:15:17:B1:39:2F:C1:89:D1 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #210: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:58 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 21:09:09 2015 Not After : Tue Aug 18 21:09:09 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:a4:34:7d:22:ba:de:b7:15:e3:8d:77:33:74:c1:ba: 8d:b4:b5:cb:17:6a:28:7e:4f:24:3f:f6:68:0f:3b:ec: d1:13:03:a3:4a:62:02:85:21:fc:6a:96:17:ac:1b:93: 10:0e:15:ec:8d:81:a7:99:bf:db:06:56:bc:c7:c2:7c: 21:70:9a:44:c2:ca:81:fa:48:3a:5c:4d:da:93:6a:cf: ca:ba:0a:fc:e4:a6:1b:dc:17:85:0a:e2:45:de:39:72: bd:e2:d1:cc:cc:c0:9b:ba:aa:5a:12:30:8c:02:77:a0: 22:c3:b1:7d:81:60:00:06:f8:ba:6b:11:65:22:91:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:5b:be:fb:82:94:67:42:2a:ec:8e:91:17:62:40:38: ba:15:5c:b7:e7:06:d7:e2:31:36:06:92:85:12:e4:53: 73:a8:9e:82:d2:57:2c:d4:ae:c5:15:7a:26:11:2c:f4: c2:58:77:7f:c5:c3:3d:7f:10:09:aa:f9:37:4d:e7:63: 7f:9f:4a:ac:ae:b6:57:59:54:20:81:62:70:e9:c2:5f: eb:8a:7f:c6:df:54:9b:72:c8:68:57:72:a9:53:fa:23: 51:9d:11:31:32:98:01:28:9b:dc:cd:e2:36:29:da:98: 29:81:ca:8e:10:6e:af:20:61:c8:29:4f:cf:4e:72:26 Fingerprint (SHA-256): 07:74:23:0E:AD:C7:FC:1C:63:D6:28:BB:46:42:EE:8F:3D:FF:8D:EC:E5:A0:08:D5:76:C2:37:E5:0C:B6:FC:12 Fingerprint (SHA1): FA:FF:45:B2:1A:55:50:B1:F1:C9:D1:05:30:BC:F7:19:66:57:31:B9 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #211: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #212: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #213: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #214: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:61 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 21:09:13 2015 Not After : Tue Aug 18 21:09:13 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:51:91:0b:0d:a0:95:9f:46:78:df:d6:8e:cf:f1:ad: c6:4f:6f:e2:92:4f:87:ea:d6:8a:f5:b9:41:6f:1e:2e: fd:07:09:40:45:c3:2c:70:82:39:25:62:ac:a0:e2:e8: 0e:6e:46:f4:64:0b:b2:a1:b6:08:d4:02:06:34:56:52: 59:10:84:77:a6:5d:ca:21:e5:46:9d:95:99:33:7e:e7: 52:9c:1d:bc:d6:88:76:56:7f:56:c3:ec:58:80:aa:02: cc:40:22:e3:25:be:bf:00:ee:09:61:56:ab:21:34:c7: c9:7f:d2:31:bd:b8:6f:84:b7:e2:85:33:30:0b:29:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:eb:84:1b:c7:40:a6:61:79:ca:a2:8b:79:13:b6:e6: b3:41:93:c7:9a:91:a2:c6:64:aa:ac:c8:d1:08:2d:e3: fe:a8:61:ce:ad:96:ef:99:99:4c:91:ee:1d:31:e9:6e: 8f:28:e4:46:18:ef:ee:dc:62:12:20:3f:19:30:cd:0c: 9b:2b:7c:f5:92:db:1c:8e:af:d3:c0:99:0f:a6:01:9a: 7d:72:41:26:a2:16:ed:47:43:28:1a:4a:11:9f:79:65: a8:35:77:36:25:74:02:e4:42:9b:5b:48:7f:16:bc:26: b6:4a:e6:62:dc:04:91:3c:eb:c9:a4:fc:a6:76:cd:2f Fingerprint (SHA-256): E8:35:64:EA:AE:81:1A:B4:CF:0E:7D:86:82:A4:E4:6C:A5:D6:61:D5:5E:34:4C:0A:EB:B3:05:08:D9:2D:BA:08 Fingerprint (SHA1): 35:7D:6D:2E:19:0B:84:86:CB:E4:AA:2F:1B:72:BA:59:28:83:22:22 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #215: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der cert.sh: #216: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #217: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #218: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #219: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #220: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #221: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #222: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:33:72 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 21:09:22 2015 Not After : Tue Aug 18 21:09:22 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:10:38:61:42:65:2b:30:3e:4a:75:44:a5:23:cf:b5: ad:4b:8f:7c:cb:e3:28:88:e6:a3:04:cd:8f:76:d8:72: bc:35:03:4c:c6:99:c7:a3:8e:f2:21:0b:36:81:ce:9f: 40:7e:b2:34:f2:79:db:6b:6e:6f:8e:b7:77:a1:89:7b: d4:6e:12:08:17:a6:27:97:3e:29:35:cc:87:ac:9c:52: 1b:04:97:ab:15:6e:1c:f8:90:9d:68:d4:6a:d0:b0:aa: ee:65:fa:c6:7c:37:ee:8d:d8:95:c8:64:7a:c1:2b:64: 68:23:0e:f3:98:6b:41:9b:16:bd:fc:c9:a3:f1:20:bb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:61:98:03:11:2d:92:20:6e:45:6b:29:4e:39:d7:73: 72:43:18:1d:0e:31:ad:bf:81:26:cf:d6:59:ca:8f:a3: 4c:a8:53:e7:ea:92:86:58:ad:8b:78:69:20:d5:28:5c: 71:3c:13:73:6e:97:83:50:3e:e9:a7:7c:9c:0c:af:d6: b8:35:1b:58:5a:94:4e:2a:2c:82:17:b7:f2:81:e2:3b: 2e:ba:0a:8e:73:38:2f:86:38:33:76:cf:0d:94:7f:13: 2b:ee:ea:eb:4b:10:2a:fc:66:42:27:d5:c5:1f:ce:6e: 1a:5c:56:c3:c9:a9:c3:96:ab:ae:09:c3:7e:80:d3:f2 Fingerprint (SHA-256): E3:AE:8E:C0:7D:B8:0C:AD:59:B9:49:CE:FB:77:8B:BB:30:52:4C:7E:80:61:E5:20:E5:88:9B:33:F0:BE:7E:24 Fingerprint (SHA1): 94:E2:2C:77:3E:ED:4F:7F:67:85:01:7E:E8:34:05:3F:6A:83:09:EB Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #223: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #224: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #225: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw cert.sh: #226: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #227: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #228: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -o root.cert cert.sh: #229: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #230: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #231: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #232: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #233: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #234: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA.ca.cert cert.sh: #235: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #236: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #237: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #238: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #239: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #240: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #241: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #242: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #243: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #244: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #245: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #246: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #247: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #248: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #249: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #250: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #251: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #252: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #253: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #254: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #255: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #256: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #257: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #258: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #259: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #260: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #261: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #262: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #263: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #264: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #265: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #266: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #267: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #268: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #269: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #270: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #271: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #272: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #273: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #274: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #275: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #276: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #277: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #278: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #279: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #280: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #281: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #282: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #283: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #284: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #285: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #286: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #287: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #288: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #289: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #290: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #291: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #292: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #293: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #294: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #295: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #296: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #297: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #298: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #299: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #300: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #301: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #302: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #303: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #304: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #305: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #306: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #307: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #308: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #309: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #310: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #311: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #312: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #313: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #314: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #315: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #316: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #317: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #318: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #319: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #320: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #321: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #322: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #323: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #324: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #325: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #326: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #327: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #328: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #329: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #330: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #331: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #332: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #333: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #334: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #335: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #336: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #337: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #338: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #339: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #340: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #341: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #342: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #343: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #344: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #345: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #346: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #347: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #348: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #349: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #350: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #351: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #352: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #353: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #354: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #355: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #356: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #357: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #358: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #359: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #360: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #361: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #362: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #363: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #364: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #365: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #366: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #367: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #368: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #369: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #370: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #371: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #372: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #373: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #374: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #375: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #376: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #377: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #378: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #379: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #380: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #381: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #382: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #383: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #384: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #385: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #386: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #387: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #388: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #389: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #390: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #391: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #392: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #393: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #394: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #395: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #396: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Mon May 18 17:11:29 EDT 2015 Running tests for dbtests TIMESTAMP dbtests BEGIN: Mon May 18 17:11:29 EDT 2015 ./dbtests.sh: line 173: syntax error near unexpected token `then' ./dbtests.sh: line 173: ` if [[ $EUID -ne 0 ]] then' TIMESTAMP dbtests END: Mon May 18 17:11:29 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 17:11:29 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #397: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3f:c3:5c:43:a8:85:bc:14:2a:eb:05:69:9f:62:78:95 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #398: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #399: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #400: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #401: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 26:94:e2:e0:6f:f8:b3:08:aa:5d:8f:db:d1:53:0b:d4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:06:55 2015 Not After : Mon May 18 21:06:55 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:aa:05:72:a6:d6:4b:42:a8:7b:06:cd:0f:94:4e: ec:c4:4f:ae:ee:d3:be:cc:18:86:be:32:d2:7e:22:11: d8:39:51:21:31:62:40:f9:88:7c:67:3d:14:0e:24:30: 39:38:84:75:98:d4:a0:a9:7f:f0:b3:d8:ec:c3:b2:07: 56:e8:be:00:28:f5:3b:c9:5f:b8:c1:2e:20:a2:12:68: f6:a5:2d:ab:c9:2e:0c:a2:2a:b6:c7:2f:07:0b:7e:5f: 9c:c5:8b:f2:f7:e2:48:dd:ba:80:b1:59:98:67:23:c1: 8b:22:61:0f:ab:bf:ec:2e:22:e1:09:d9:b0:1f:b0:9f: 4e:65:88:83:44 Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:41:68:8b:8d:40:fc:fc:7a:7c:3a:e5:d2: 0e:34:0a:ec:ba:17:05:fc:86:44:e5:cf:50:fa:e6:b5: 4b:19:0b:9d:24:a0:7d:1a:47:d3:54:4e:96:36:51:6a: 73:69:95:ea:b2:cb:76:f4:97:c3:15:79:ec:27:0a:01: 7d:58:d1:79:a1:2b:02:42:00:a2:51:43:27:a7:5a:d1: fb:14:68:d0:28:26:07:2f:ea:67:82:6d:0b:82:a8:20: 01:b9:16:49:21:da:83:99:9d:7e:b6:a8:e2:15:ca:4c: 25:b6:56:03:f5:23:24:b9:24:e5:c1:0c:a5:97:64:1e: c8:19:6e:f3:71:29:69:3c:e3:e1 Fingerprint (SHA-256): E2:55:92:96:9D:0D:DE:44:5B:AF:45:4D:5B:2D:1C:81:B2:00:00:86:A6:CC:0A:F1:F7:40:82:CA:3D:B4:29:E8 Fingerprint (SHA1): 37:67:7F:CA:B4:C3:77:BB:C3:50:ED:0B:A6:34:35:08:D9:D4:BA:DB Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:07:56 2015 Not After : Mon May 18 21:07:56 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:72:36:24:7b:fd:d9:37:e6:47:8c:b2:80:96:87:3a: 89:74:22:97:f5:7e:42:a2:2a:4a:bd:f8:f4:04:72:ba: 00:c1:cc:43:18:fd:36:84:4f:04:ea:28:7d:35:58:59: 9c:c5:7c:b4:05:89:0e:e0:a6:6e:bf:05:41:62:e7:20: 5a:b8:f9:ca:81:19:b8:6d:cc:a2:52:fb:1c:18:50:28: 6c:6a:72:ee:84:1a:7b:d1:d4:19:01:b7:63:67:53:b1: dc Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:16:00:cc:52:33:d1:0c:aa:56:05: 35:1f:79:39:7c:78:3f:d9:58:07:56:aa:a4:8d:2f:b9: 37:22:01:e6:99:26:e0:e3:89:6f:06:93:4a:b5:56:58: 33:a2:1f:18:31:9f:fc:08:d3:14:d9:82:3a:ea:d5:8f: 1f:3d:d9:62:d2:ce:f2:02:42:01:ee:16:1f:34:08:65: a9:02:59:a4:61:77:8b:e0:36:b0:c1:a6:64:81:65:d3: 7f:e2:87:25:fb:5e:e0:29:c9:24:1e:cf:16:27:e6:7c: a4:70:07:46:6d:9f:5a:34:26:83:91:84:5a:0f:f8:0f: 0a:ac:fe:41:cd:b6:cc:94:32:29:72 Fingerprint (SHA-256): 7D:C3:E0:C5:CC:BB:CA:D5:11:BA:A1:2C:44:70:61:1C:52:AE:E8:27:2B:46:FD:6A:EB:62:ED:DF:D6:A4:DC:68 Fingerprint (SHA1): 63:31:D8:95:E6:FB:72:CD:A5:20:DC:0D:9D:BD:F3:EA:F8:C3:AE:17 Friendly Name: Alice-ec tools.sh: #402: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #403: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 29:94:3a:50:0e:d6:b7:04:7b:b4:b1:0a:a7:7f:82:05 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #404: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #405: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #406: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 05:bb:52:d9:19:00:7c:64:90:ac:40:a5:c9:62:76:da Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #407: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #408: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #409: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 5f:ab:64:92:db:65:86:bf:c8:1b:9e:1b:2e:64:a2:1a Iteration Count: 2000 (0x7d0) tools.sh: #410: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #411: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #412: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 86:e3:19:f5:fb:64:30:cc:a9:b6:3c:03:8b:28:86:e0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #413: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #414: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #415: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 84:ce:ad:08:b7:05:87:0f:4a:33:e4:bb:b1:8b:fb:52 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #416: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #417: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #418: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 1e:39:49:d2:3f:04:fe:6c:79:60:ab:fc:c7:2a:f1:b0 Iteration Count: 2000 (0x7d0) tools.sh: #419: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #420: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #421: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 9f:4b:62:08:2b:3f:cb:e0:8b:dc:24:10:02:ed:95:1a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:da:21:ee:08:a1:f1:d9:11:ae:98:0a:aa:2b:b0: 9d:59 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #422: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #423: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #424: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 88:e6:b5:f8:27:5b:35:30:fb:10:e1:35:b7:c3:d5:61 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:e1:10:dc:5b:1d:43:19:48:d3:78:71:9f:d2:38: 10:b1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #425: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #426: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #427: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ab:1c:28:5a:45:10:f8:f1:5e:a4:ae:2e:ea:29:06:fe Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:f9:f1:7f:61:ea:c8:d0:e2:dd:7a:d6:84:a0:52: 51:51 tools.sh: #428: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #429: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #430: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 58:05:90:22:15:d3:99:49:f4:70:fb:a3:8c:aa:53:2e Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:69:a5:ac:ad:c0:f9:1a:90:e5:ad:e2:de:e9:f7: ef:5d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #431: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #432: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #433: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: cb:99:71:5f:8f:ce:d1:a7:0e:75:47:68:3d:4e:46:1f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:b5:d5:dc:6e:fc:64:06:ec:e5:27:e0:71:fe:01: 26:ee Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #434: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #435: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #436: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: f3:3b:f8:32:08:9d:95:f8:ea:a4:07:74:cf:21:16:1f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:ab:1b:f0:9f:97:87:c5:08:66:ca:90:63:e4:e7: 44:41 tools.sh: #437: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #438: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #439: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 45:99:77:68:df:6c:d6:9d:01:79:21:08:e1:28:af:a4 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:5a:a4:60:8e:83:17:c6:4c:3d:08:b0:88:29:42: 3c:05 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #440: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #441: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #442: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 81:53:d5:7f:3d:df:d9:d8:bf:41:7c:dd:21:86:e6:92 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:37:9c:d6:38:26:94:17:2b:14:b6:26:b9:e2:1b: d2:8a Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #443: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #444: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #445: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: af:2d:04:b0:1c:e4:7c:8d:2d:3b:7e:24:3d:7a:8b:4c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:ef:cc:4c:61:68:29:f2:7e:46:5e:c2:8c:26:32: 81:15 tools.sh: #446: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #447: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #448: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: e8:96:7b:de:99:32:d2:6d:78:28:4f:e4:81:fb:4c:14 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:1f:8d:bf:0d:32:de:8b:af:20:25:b8:3c:1e:b5: 42:83 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #449: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #450: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #451: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a4:ab:21:d5:5e:6a:00:c1:5f:0c:8e:c1:19:00:91:b1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:61:77:d4:0a:a6:93:91:e8:7d:d2:1a:e2:26:d2: 4e:7e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #452: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #453: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #454: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 8c:18:41:1a:f1:5c:ce:23:5a:40:0d:98:42:b7:0d:7c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:ea:9e:d9:93:37:06:4c:69:cf:9b:90:66:15:5d: 48:2d tools.sh: #455: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #456: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #457: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: be:47:63:fa:f7:94:a2:b2:be:f9:11:81:19:d0:f6:93 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:4d:e6:b8:9a:4e:02:b7:f4:18:fe:55:34:68:ff: 11:6e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #458: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #459: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #460: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 9a:03:32:95:4d:eb:a3:57:fe:49:6c:39:92:90:61:50 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:95:72:28:e3:f7:69:18:29:86:45:7d:ab:d1:f3: 93:89 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #461: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #462: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #463: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 26:be:5b:53:e0:f8:e8:ae:d4:3b:25:28:5d:bc:d6:e8 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:8f:ec:ab:d7:45:8c:c2:ca:cb:4b:d3:5f:f9:15: 6a:9a tools.sh: #464: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #465: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #466: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 04:37:72:7a:62:d1:bf:f7:66:cd:be:07:a3:70:b8:1b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:03:1b:b9:ce:07:d1:1f:a4:b5:6a:36:da:38:6e: 67:e1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #467: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #468: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #469: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 75:97:1e:0a:d5:27:01:75:88:76:bd:75:8b:08:bc:84 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:08:01:63:c2:ab:dd:9a:51:62:37:5f:a2:8d:d2: 8f:af Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #470: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #471: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #472: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 15:78:fc:0d:4c:39:4f:e2:0a:58:5b:4f:fe:de:8e:16 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:f1:c5:9b:06:6a:2d:51:ef:c0:12:84:67:7a:4d: c9:32 tools.sh: #473: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #474: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #475: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 8f:b4:c5:5f:2d:32:ea:4a:c2:76:76:5f:ee:73:c0:04 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #476: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #477: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #478: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: c7:54:fd:82:08:8c:d8:2a:5b:17:41:4d:50:53:1c:f0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #479: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #480: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #481: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 20:be:05:55:f1:11:ee:00:09:3e:53:40:3b:37:09:2c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #482: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #483: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #484: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 8e:61:1b:f8:27:08:3f:be:03:ac:c7:a2:b7:30:39:a9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #485: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #486: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #487: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 4a:ba:cf:fe:5c:9d:ae:ea:cf:f9:84:01:8f:80:58:d1 Iteration Count: 2000 (0x7d0) tools.sh: #488: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #489: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #490: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 03:3b:10:f2:2c:60:85:13:7d:fb:48:f2:f2:fb:d1:7f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #491: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #492: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #493: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 1f:a2:6f:37:c7:77:69:4d:c2:f7:30:e5:80:bd:77:8d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #494: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #495: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #496: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: c5:40:f3:71:34:7d:0b:7f:23:49:b4:88:91:bb:50:f5 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #497: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #498: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #499: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 06:25:55:14:84:d0:e8:7d:26:20:61:07:3c:df:c9:ca Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #500: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #501: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #502: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: fd:f0:7b:93:03:08:ad:19:4a:a9:07:0b:ff:5d:00:a4 Iteration Count: 2000 (0x7d0) tools.sh: #503: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #504: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #505: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 5a:88:3e:05:35:26:5a:85:6b:e9:ca:4f:00:9c:b8:04 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #506: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #507: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #508: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: e9:0f:c6:96:37:91:f7:da:76:60:a4:38:4f:c3:26:97 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #509: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #510: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #511: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 0f:a9:47:31:b6:73:d5:c7:75:15:47:99:31:42:80:36 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #512: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #513: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #514: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 5c:3b:84:74:41:ca:3a:7b:bb:de:ec:ad:f5:65:bc:0f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #515: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #516: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #517: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: e8:90:c4:33:39:82:1e:db:e2:60:66:42:47:19:a6:0f Iteration Count: 2000 (0x7d0) tools.sh: #518: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #519: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #520: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6b:09:29:b0:63:5c:80:fb:c6:73:f4:a4:ac:6d:8a:24 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #521: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #522: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #523: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 18:78:16:98:10:8c:4a:81:e9:16:c7:6f:66:fa:73:83 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #524: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #525: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #526: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 7f:0b:6e:c9:77:1a:c0:2e:83:52:5e:e9:7f:93:38:01 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #527: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #528: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #529: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a8:cc:df:80:1f:c1:bd:d0:66:e6:03:ea:71:fd:6b:6f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #530: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #531: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #532: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 65:a2:01:8d:49:dd:79:f4:b1:07:25:84:8b:3a:4e:75 Iteration Count: 2000 (0x7d0) tools.sh: #533: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #534: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #535: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 69:55:77:1a:e5:ef:a9:02:41:a7:72:e8:8e:f3:d5:0e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #536: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #537: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #538: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: bb:49:34:d7:db:38:47:1a:98:1c:3c:53:2f:ce:02:39 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #539: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #540: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #541: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 42:d0:48:4c:e3:1e:95:cf:6c:9d:4b:ba:20:ed:0b:7a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #542: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #543: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #544: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: cd:1a:02:af:0b:09:1e:0f:06:a4:18:9c:60:2d:37:78 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #545: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #546: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #547: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 58:dd:f8:a4:fd:b9:5a:78:62:b6:d0:93:66:0c:21:00 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #548: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #549: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #550: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 23:2e:a7:7b:b1:73:46:eb:28:3d:be:d5:05:a5:0f:c6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #551: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #552: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #553: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 94:7c:1b:5d:0f:e1:d4:67:8b:f7:5a:46:1b:24:c0:1b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #554: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #555: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #556: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 7e:ea:97:99:9f:1a:66:c8:dc:ee:c1:fd:59:54:b6:63 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #557: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #558: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #559: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 26:99:a8:ec:90:9d:1a:c7:a9:02:3a:44:c4:00:dd:1f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #560: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #561: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #562: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 52:46:ab:92:85:35:2d:7c:58:c7:cc:3e:dd:3e:29:c8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #563: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #564: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #565: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #566: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #567: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #568: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #569: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #570: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 32%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #571: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #572: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #573: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 17:13:03 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 17:13:03 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #574: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #575: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #576: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #577: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #578: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #579: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #580: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #581: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #582: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #583: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #584: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #585: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #586: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 FIPS_PUB_140_Test_Certificate fips.sh: #587: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #588: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #589: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #590: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #591: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 FIPS_PUB_140_Test_Certificate fips.sh: #592: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #593: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #594: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle dbtest -r -d ../fips fips.sh: #595: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 17:14:02 EDT 2015 Running tests for sdr TIMESTAMP sdr BEGIN: Mon May 18 17:14:02 EDT 2015 sdr.sh: SDR Tests =============================== sdr.sh: Creating an SDR key/SDR Encrypt - Value 1 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.25156 -t "Test1" sdr.sh: #596: Creating SDR Key/Encrypt - Value 1 - PASSED sdr.sh: SDR Encrypt - Value 2 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.25156 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #597: Encrypt - Value 2 - PASSED sdr.sh: SDR Encrypt - Value 3 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.25156 -t "1234567" sdr.sh: #598: Encrypt - Value 3 - PASSED sdr.sh: SDR Decrypt - Value 1 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.25156 -t "Test1" sdr.sh: #599: Decrypt - Value 1 - PASSED sdr.sh: SDR Decrypt - Value 2 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.25156 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #600: Decrypt - Value 2 - PASSED sdr.sh: SDR Decrypt - Value 3 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.25156 -t "1234567" sdr.sh: #601: Decrypt - Value 3 - PASSED TIMESTAMP sdr END: Mon May 18 17:14:05 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Mon May 18 17:14:05 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #602: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #603: CMMF test . - PASSED TIMESTAMP crmf END: Mon May 18 17:14:06 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Mon May 18 17:14:06 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #604: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #605: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #606: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #607: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #608: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #609: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #610: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #611: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #612: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #613: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #614: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #615: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #616: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #617: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #618: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #619: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #620: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #621: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #622: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #623: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #624: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #625: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #626: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #627: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #628: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #629: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #630: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #631: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #632: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #633: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #634: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #635: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #636: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #637: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #638: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #639: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #640: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #641: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #642: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #643: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #644: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #645: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #646: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #647: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #648: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #649: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #650: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #651: Decrypt with a Multiple Email cert . - PASSED smime.sh: #652: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #653: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #654: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #655: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #656: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #657: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #658: Decode Encrypted-Data . - PASSED smime.sh: #659: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #660: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #661: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #662: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #663: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #664: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Mon May 18 17:14:34 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 17:14:34 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 17:14:34 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Mon May 18 17:14:34 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Mon May 18 17:14:34 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Mon May 18 17:14:34 EDT 2015 merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #665: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw merge.sh: #666: Merging Dave - PASSED merge.sh: Merging in new user certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw merge.sh: #667: Merging server - PASSED merge.sh: Merging in new chain certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw merge.sh: #668: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #669: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #670: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:10:23 2015 Not After : Mon May 18 21:10:23 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:15:e7:d0:da:5e:0e:df:d6:a5:05:04:c3:20:d8:fa: 80:4b:f8:f2:7d:3d:74:67:0b:c8:e7:a1:aa:ec:93:ac: 74:78:c3:59:4a:15:8e:8a:9f:dc:5c:b8:b4:d2:01:47: dc:b1:be:88:2c:8f:cd:dd:aa:62:8c:94:ff:15:27:4d: 63:0e:a8:8d:2f:8d:93:c9:39:d3:81:f5:ac:98:30:ce: 84:e9:50:5a:4c:ae:c6:37:1a:7f:fd:1e:ec:cc:25:d4: 31:a3:b5:12:bc:7f:b9:0d:4a:30:57:e1:b4:cd:74:49: ef:2e:ff:e0:4d:92:64:af:87:3d:18:3e:f4:25:ab:27 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:18:33:47:78:6e:19:c0:fc:63:99:70:de:4c:c0:ee: 79:f8:b8:04:6a:7b:0e:4c:e7:ff:99:9e:70:9c:13:a3: 95:62:5b:64:40:18:a0:92:7e:4a:b0:83:f9:09:e4:8c: e2:cc:e2:32:71:62:33:a8:91:f5:a5:dd:90:84:a5:1e: 6a:e2:0c:09:32:ee:c0:5d:14:51:fb:db:17:93:81:4f: 1f:f8:e2:43:4b:6a:89:bb:66:cd:9f:dd:46:5f:9c:09: 3b:b1:cd:01:a4:08:1e:cb:45:e0:84:43:c7:e2:28:45: 5c:85:7f:d3:7a:33:d5:22:8f:42:3c:c7:cb:ab:0c:4f Fingerprint (SHA-256): 98:FE:3B:31:0F:E2:39:A8:A2:DD:7F:4D:7C:D7:D1:5C:91:5C:F5:F9:F6:02:C4:30:91:C4:A8:90:28:46:04:C9 Fingerprint (SHA1): F5:EE:55:2F:94:29:F4:53:91:B9:17:FD:8F:A2:8F:87:30:6C:4C:06 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #671: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:10:31 2015 Not After : Mon May 18 21:10:31 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:16:3b:c0:96:06:8a:bc:ca:74:16:4d:2f:29:6a:12: 87:f1:4b:00:c6:f7:c4:cc:8c:b2:d7:a7:67:ee:6d:69: 79:15:b1:b6:04:92:fd:ed:4e:08:40:69:5f:28:24:07: 4a:77:db:75:0e:33:ba:5d:43:ca:75:7f:85:8e:6d:ee: 22:4c:c1:e7:27:c9:29:04:39:fa:5e:a1:56:fd:1b:76: 5e:0c:38:b1:25:f6:1b:e5:2e:26:66:a8:17:a2:c2:da: 38:90:1f:ec:e6:40:ae:a6:2a:de:db:60:4a:ec:36:f8: bf:7e:45:59:0b:b8:80:ea:63:16:ae:1a:0b:5d:9e:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:58:71:0a:4e:7f:ea:0a:64:51:d1:f6:1c:47:a0:c2: 37:f3:02:df:17:c9:c3:1a:1b:32:61:31:76:3a:e7:f2: 03:bf:82:2b:c3:eb:50:68:98:d0:95:25:89:4d:6d:1c: f5:1a:ab:6b:2d:b1:8e:f1:b2:aa:87:d0:73:20:75:f4: 16:cd:7e:97:c8:e1:77:33:ac:e9:5c:7f:5d:12:8f:55: 48:69:ba:dd:16:4f:91:83:3c:e0:28:86:d9:93:31:58: c7:ab:42:d1:ed:f2:10:48:ed:f8:3e:15:0f:8b:4d:bc: 1e:1a:9f:54:d0:e8:42:2f:b7:06:92:c1:a9:f6:3d:a2 Fingerprint (SHA-256): BF:A7:9D:5F:01:4A:74:D6:07:69:7B:92:3F:3C:C5:CC:ED:DA:55:77:29:C0:FE:1F:C7:EC:D0:A6:6B:68:42:F5 Fingerprint (SHA1): 11:62:1C:67:13:E9:07:F8:5F:69:D7:97:F1:2C:B9:04:26:B2:BE:EE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #672: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw merge.sh: #673: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Alice u,u,u Alice-ec u,u,u Dave u,u,u Dave-ec ,, ExtendedSSLUser-ecmixed ,, chain-2-clientCA-ec ,, chain-2-clientCA ,, Alice #1 ,, Alice #100 ,, localhost.localdomain-ecmixed ,, Alice #99 ,, bob@bogus.com ,, eve@bogus.com ,, bob-ec@bogus.com ,, localhost.localdomain u,u,u localhost.localdomain-ec ,, localhost-sni.localdomain-ecmixed ,, clientCA T,C,C clientCA-ec T,C,C Alice #3 ,, TestCA CT,C,C TestCA-ec CT,C,C Alice-ecmixed u,u,u Dave-ecmixed ,, localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec ,, ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec ,, serverCA-ec C,C,C chain-1-clientCA ,, chain-1-clientCA-ec ,, Alice #2 ,, Alice #4 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #674: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.25156 -t Test1 -f ../tests.pw merge.sh: #675: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #676: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #677: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #678: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Mon May 18 21:11:19 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Mon May 18 21:06:38 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Mon May 18 21:11:15 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #679: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Mon May 18 17:14:47 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Mon May 18 17:14:47 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Mon May 18 17:14:47 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Mon May 18 17:14:47 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #680: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171449 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #681: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #682: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #683: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #684: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #685: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #686: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #687: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #688: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #689: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #690: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #691: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #692: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #693: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #694: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #695: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #696: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #697: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #698: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #699: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #700: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #701: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #702: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #703: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #704: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #705: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #706: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #707: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #708: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #709: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #710: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #711: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #712: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #713: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #714: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #715: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #716: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #717: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #718: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #719: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #720: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #721: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #722: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #723: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #724: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #725: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #726: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #727: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #728: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #729: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #730: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #731: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #732: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #733: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #734: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #735: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #736: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #737: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #738: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #739: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #740: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #741: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #742: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518211537Z nextupdate=20160518211537Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 21:15:37 2015 Next Update: Wed May 18 21:15:37 2016 CRL Extensions: chains.sh: #743: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518211538Z addcert 2 20150518211538Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 21:15:38 2015 Next Update: Wed May 18 21:15:37 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:38 2015 CRL Extensions: chains.sh: #744: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518211539Z nextupdate=20160518211539Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:15:39 2015 Next Update: Wed May 18 21:15:39 2016 CRL Extensions: chains.sh: #745: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518211540Z addcert 2 20150518211540Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:15:40 2015 Next Update: Wed May 18 21:15:39 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:40 2015 CRL Extensions: chains.sh: #746: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518211541Z addcert 4 20150518211541Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:15:41 2015 Next Update: Wed May 18 21:15:39 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:40 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Mon May 18 21:15:41 2015 CRL Extensions: chains.sh: #747: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518211542Z nextupdate=20160518211542Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:15:42 2015 Next Update: Wed May 18 21:15:42 2016 CRL Extensions: chains.sh: #748: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518211543Z addcert 2 20150518211543Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:15:43 2015 Next Update: Wed May 18 21:15:42 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:43 2015 CRL Extensions: chains.sh: #749: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518211544Z addcert 3 20150518211544Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:15:44 2015 Next Update: Wed May 18 21:15:42 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:43 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 21:15:44 2015 CRL Extensions: chains.sh: #750: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518211544Z nextupdate=20160518211544Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:15:44 2015 Next Update: Wed May 18 21:15:44 2016 CRL Extensions: chains.sh: #751: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518211545Z addcert 2 20150518211545Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:15:45 2015 Next Update: Wed May 18 21:15:44 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:45 2015 CRL Extensions: chains.sh: #752: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518211546Z addcert 3 20150518211546Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:15:46 2015 Next Update: Wed May 18 21:15:44 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:15:45 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 21:15:46 2015 CRL Extensions: chains.sh: #753: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #754: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #755: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #756: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #757: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #758: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #759: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #760: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #761: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #762: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #763: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #764: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #765: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #766: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #767: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #768: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #769: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #770: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #771: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #772: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #773: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #774: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #775: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #776: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #777: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Mon May 18 17:16:00 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:16:00 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:16:05 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #778: Waiting for Server - FAILED kill -0 2197 >/dev/null 2>/dev/null httpserv with PID 2197 found at Mon May 18 17:16:06 EDT 2015 httpserv with PID 2197 started at Mon May 18 17:16:06 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #779: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 2197 at Mon May 18 17:16:07 EDT 2015 kill -USR1 2197 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 2197 killed at Mon May 18 17:16:07 EDT 2015 httpserv starting at Mon May 18 17:16:07 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:16:07 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:16:13 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #780: Waiting for Server - FAILED kill -0 2285 >/dev/null 2>/dev/null httpserv with PID 2285 found at Mon May 18 17:16:13 EDT 2015 httpserv with PID 2285 started at Mon May 18 17:16:13 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #781: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 2285 at Mon May 18 17:16:15 EDT 2015 kill -USR1 2285 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 2285 killed at Mon May 18 17:16:15 EDT 2015 httpserv starting at Mon May 18 17:16:15 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:16:15 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:16:21 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #782: Waiting for Server - FAILED kill -0 2371 >/dev/null 2>/dev/null httpserv with PID 2371 found at Mon May 18 17:16:21 EDT 2015 httpserv with PID 2371 started at Mon May 18 17:16:21 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #783: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171450 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #784: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #785: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #786: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171451 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #787: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #788: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #789: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #790: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171452 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #791: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #792: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171453 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #793: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #794: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #795: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #796: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #797: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518171454 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #798: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #799: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #800: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #801: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #802: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171451 (0x1ee2ab3b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:16:27 2015 Not After : Mon May 18 21:16:27 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:89:ba:3e:0d:b8:60:26:5e:a8:88:1c:53:dc:53:75: 4a:98:ba:a2:f9:54:fb:f5:8c:f4:e6:82:c2:d1:3c:67: 66:e2:de:44:e9:d3:56:bd:3a:ea:a9:f2:0f:75:af:1e: e3:be:d1:49:e8:6b:d4:e0:a1:ee:66:c2:39:f4:bb:5d: 09:6e:64:82:52:62:85:87:be:ba:47:56:f4:31:33:55: df:54:be:27:b5:1e:ee:e6:53:70:05:29:ae:c7:c4:e7: 2a:8b:48:dd:87:58:73:20:6e:c3:f6:76:33:85:b6:51: 44:40:25:76:05:32:d6:59:ef:50:cd:af:c2:62:7c:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:b3:c2:bd:07:da:db:06:5a:97:1f:d5:69:48:f0:ce: 13:3a:3b:bd:7a:12:80:d0:6d:f8:c5:0a:10:b2:c2:d6: 58:2b:f2:04:b8:fc:40:c5:ae:6b:28:fd:33:48:91:bb: d6:08:f9:fd:1d:db:fa:1d:72:b0:66:7d:1a:aa:d8:c0: fd:6b:1d:ab:90:eb:7c:b7:51:8b:0c:0f:6c:7d:34:56: 8d:22:85:c9:1e:95:2e:35:9c:19:12:04:db:46:e8:bf: 82:ad:c9:93:da:b8:b7:52:72:dc:7b:c7:49:15:d0:9c: ca:2e:a2:2f:e2:79:f5:7b:ab:fd:bd:ad:ba:03:b1:2c Fingerprint (SHA-256): DD:10:32:FE:CA:72:3C:13:E4:C3:78:65:24:E5:DE:B3:29:8E:48:BE:58:08:6C:F1:C6:54:7B:E6:2A:A3:77:83 Fingerprint (SHA1): D8:E9:5D:08:BF:01:24:6E:E7:23:34:4B:7E:78:03:9B:ED:32:AE:F9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #803: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171450 (0x1ee2ab3a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:16:24 2015 Not After : Mon May 18 21:16:24 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:f3:01:42:1c:5d:bb:12:a1:02:e0:d7:fd:62:0c:a5: 37:09:39:cd:2c:7a:b8:4e:98:0d:24:4c:ed:9c:e3:0f: 71:0a:47:45:42:57:70:18:79:6c:c4:50:c9:96:5a:46: d5:91:92:5c:2d:45:f5:df:f8:fd:9e:ef:f7:16:e5:d7: ca:43:07:01:f4:92:ec:07:8f:9e:80:91:9e:de:e4:14: f5:2b:4f:d3:99:78:ff:9e:b3:60:b1:1d:20:cb:d9:c4: 71:d9:2a:a3:56:3f:56:52:54:9c:15:cf:8c:b3:c7:85: 05:9f:9a:86:0a:9c:f8:56:4c:9c:7c:9e:c8:6d:75:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:ea:81:f6:ba:28:f9:1f:d4:de:37:bc:0c:74:5f:51: 40:12:19:f0:2d:a3:5f:66:73:68:b8:98:60:16:15:69: 66:3b:bb:95:43:f7:9f:a9:c7:42:f3:6a:ac:b0:cf:ec: d5:ea:ec:56:93:e0:dc:f2:8c:53:74:b4:d7:c6:05:34: 2e:6e:26:cd:dd:b9:f8:63:e1:ea:04:20:dd:79:bf:69: bc:b4:08:f1:ff:b1:3d:ce:85:66:c5:14:ff:1d:a6:78: d4:93:e5:19:32:61:1b:e5:60:2c:c2:73:50:e4:bc:7d: 8f:40:38:da:c7:63:08:64:1f:8f:6a:1b:a6:81:29:9f Fingerprint (SHA-256): 85:79:34:8D:D2:77:6F:27:E9:54:46:6D:29:C2:1E:E0:A5:20:36:7C:6F:86:92:AB:C0:E2:7B:D8:5E:4A:C1:D9 Fingerprint (SHA1): 7B:C6:67:CB:2C:CB:E5:42:E3:D4:07:31:EC:58:4B:1C:B9:45:82:2A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #804: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #805: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #806: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #807: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171450 (0x1ee2ab3a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:16:24 2015 Not After : Mon May 18 21:16:24 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:f3:01:42:1c:5d:bb:12:a1:02:e0:d7:fd:62:0c:a5: 37:09:39:cd:2c:7a:b8:4e:98:0d:24:4c:ed:9c:e3:0f: 71:0a:47:45:42:57:70:18:79:6c:c4:50:c9:96:5a:46: d5:91:92:5c:2d:45:f5:df:f8:fd:9e:ef:f7:16:e5:d7: ca:43:07:01:f4:92:ec:07:8f:9e:80:91:9e:de:e4:14: f5:2b:4f:d3:99:78:ff:9e:b3:60:b1:1d:20:cb:d9:c4: 71:d9:2a:a3:56:3f:56:52:54:9c:15:cf:8c:b3:c7:85: 05:9f:9a:86:0a:9c:f8:56:4c:9c:7c:9e:c8:6d:75:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:ea:81:f6:ba:28:f9:1f:d4:de:37:bc:0c:74:5f:51: 40:12:19:f0:2d:a3:5f:66:73:68:b8:98:60:16:15:69: 66:3b:bb:95:43:f7:9f:a9:c7:42:f3:6a:ac:b0:cf:ec: d5:ea:ec:56:93:e0:dc:f2:8c:53:74:b4:d7:c6:05:34: 2e:6e:26:cd:dd:b9:f8:63:e1:ea:04:20:dd:79:bf:69: bc:b4:08:f1:ff:b1:3d:ce:85:66:c5:14:ff:1d:a6:78: d4:93:e5:19:32:61:1b:e5:60:2c:c2:73:50:e4:bc:7d: 8f:40:38:da:c7:63:08:64:1f:8f:6a:1b:a6:81:29:9f Fingerprint (SHA-256): 85:79:34:8D:D2:77:6F:27:E9:54:46:6D:29:C2:1E:E0:A5:20:36:7C:6F:86:92:AB:C0:E2:7B:D8:5E:4A:C1:D9 Fingerprint (SHA1): 7B:C6:67:CB:2C:CB:E5:42:E3:D4:07:31:EC:58:4B:1C:B9:45:82:2A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #808: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171451 (0x1ee2ab3b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:16:27 2015 Not After : Mon May 18 21:16:27 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:89:ba:3e:0d:b8:60:26:5e:a8:88:1c:53:dc:53:75: 4a:98:ba:a2:f9:54:fb:f5:8c:f4:e6:82:c2:d1:3c:67: 66:e2:de:44:e9:d3:56:bd:3a:ea:a9:f2:0f:75:af:1e: e3:be:d1:49:e8:6b:d4:e0:a1:ee:66:c2:39:f4:bb:5d: 09:6e:64:82:52:62:85:87:be:ba:47:56:f4:31:33:55: df:54:be:27:b5:1e:ee:e6:53:70:05:29:ae:c7:c4:e7: 2a:8b:48:dd:87:58:73:20:6e:c3:f6:76:33:85:b6:51: 44:40:25:76:05:32:d6:59:ef:50:cd:af:c2:62:7c:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:b3:c2:bd:07:da:db:06:5a:97:1f:d5:69:48:f0:ce: 13:3a:3b:bd:7a:12:80:d0:6d:f8:c5:0a:10:b2:c2:d6: 58:2b:f2:04:b8:fc:40:c5:ae:6b:28:fd:33:48:91:bb: d6:08:f9:fd:1d:db:fa:1d:72:b0:66:7d:1a:aa:d8:c0: fd:6b:1d:ab:90:eb:7c:b7:51:8b:0c:0f:6c:7d:34:56: 8d:22:85:c9:1e:95:2e:35:9c:19:12:04:db:46:e8:bf: 82:ad:c9:93:da:b8:b7:52:72:dc:7b:c7:49:15:d0:9c: ca:2e:a2:2f:e2:79:f5:7b:ab:fd:bd:ad:ba:03:b1:2c Fingerprint (SHA-256): DD:10:32:FE:CA:72:3C:13:E4:C3:78:65:24:E5:DE:B3:29:8E:48:BE:58:08:6C:F1:C6:54:7B:E6:2A:A3:77:83 Fingerprint (SHA1): D8:E9:5D:08:BF:01:24:6E:E7:23:34:4B:7E:78:03:9B:ED:32:AE:F9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #809: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #810: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #811: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #812: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #813: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #814: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171451 (0x1ee2ab3b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:16:27 2015 Not After : Mon May 18 21:16:27 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:89:ba:3e:0d:b8:60:26:5e:a8:88:1c:53:dc:53:75: 4a:98:ba:a2:f9:54:fb:f5:8c:f4:e6:82:c2:d1:3c:67: 66:e2:de:44:e9:d3:56:bd:3a:ea:a9:f2:0f:75:af:1e: e3:be:d1:49:e8:6b:d4:e0:a1:ee:66:c2:39:f4:bb:5d: 09:6e:64:82:52:62:85:87:be:ba:47:56:f4:31:33:55: df:54:be:27:b5:1e:ee:e6:53:70:05:29:ae:c7:c4:e7: 2a:8b:48:dd:87:58:73:20:6e:c3:f6:76:33:85:b6:51: 44:40:25:76:05:32:d6:59:ef:50:cd:af:c2:62:7c:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:b3:c2:bd:07:da:db:06:5a:97:1f:d5:69:48:f0:ce: 13:3a:3b:bd:7a:12:80:d0:6d:f8:c5:0a:10:b2:c2:d6: 58:2b:f2:04:b8:fc:40:c5:ae:6b:28:fd:33:48:91:bb: d6:08:f9:fd:1d:db:fa:1d:72:b0:66:7d:1a:aa:d8:c0: fd:6b:1d:ab:90:eb:7c:b7:51:8b:0c:0f:6c:7d:34:56: 8d:22:85:c9:1e:95:2e:35:9c:19:12:04:db:46:e8:bf: 82:ad:c9:93:da:b8:b7:52:72:dc:7b:c7:49:15:d0:9c: ca:2e:a2:2f:e2:79:f5:7b:ab:fd:bd:ad:ba:03:b1:2c Fingerprint (SHA-256): DD:10:32:FE:CA:72:3C:13:E4:C3:78:65:24:E5:DE:B3:29:8E:48:BE:58:08:6C:F1:C6:54:7B:E6:2A:A3:77:83 Fingerprint (SHA1): D8:E9:5D:08:BF:01:24:6E:E7:23:34:4B:7E:78:03:9B:ED:32:AE:F9 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #815: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171451 (0x1ee2ab3b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:16:27 2015 Not After : Mon May 18 21:16:27 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:89:ba:3e:0d:b8:60:26:5e:a8:88:1c:53:dc:53:75: 4a:98:ba:a2:f9:54:fb:f5:8c:f4:e6:82:c2:d1:3c:67: 66:e2:de:44:e9:d3:56:bd:3a:ea:a9:f2:0f:75:af:1e: e3:be:d1:49:e8:6b:d4:e0:a1:ee:66:c2:39:f4:bb:5d: 09:6e:64:82:52:62:85:87:be:ba:47:56:f4:31:33:55: df:54:be:27:b5:1e:ee:e6:53:70:05:29:ae:c7:c4:e7: 2a:8b:48:dd:87:58:73:20:6e:c3:f6:76:33:85:b6:51: 44:40:25:76:05:32:d6:59:ef:50:cd:af:c2:62:7c:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:b3:c2:bd:07:da:db:06:5a:97:1f:d5:69:48:f0:ce: 13:3a:3b:bd:7a:12:80:d0:6d:f8:c5:0a:10:b2:c2:d6: 58:2b:f2:04:b8:fc:40:c5:ae:6b:28:fd:33:48:91:bb: d6:08:f9:fd:1d:db:fa:1d:72:b0:66:7d:1a:aa:d8:c0: fd:6b:1d:ab:90:eb:7c:b7:51:8b:0c:0f:6c:7d:34:56: 8d:22:85:c9:1e:95:2e:35:9c:19:12:04:db:46:e8:bf: 82:ad:c9:93:da:b8:b7:52:72:dc:7b:c7:49:15:d0:9c: ca:2e:a2:2f:e2:79:f5:7b:ab:fd:bd:ad:ba:03:b1:2c Fingerprint (SHA-256): DD:10:32:FE:CA:72:3C:13:E4:C3:78:65:24:E5:DE:B3:29:8E:48:BE:58:08:6C:F1:C6:54:7B:E6:2A:A3:77:83 Fingerprint (SHA1): D8:E9:5D:08:BF:01:24:6E:E7:23:34:4B:7E:78:03:9B:ED:32:AE:F9 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #816: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #817: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #818: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #819: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #820: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #821: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171450 (0x1ee2ab3a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:16:24 2015 Not After : Mon May 18 21:16:24 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:f3:01:42:1c:5d:bb:12:a1:02:e0:d7:fd:62:0c:a5: 37:09:39:cd:2c:7a:b8:4e:98:0d:24:4c:ed:9c:e3:0f: 71:0a:47:45:42:57:70:18:79:6c:c4:50:c9:96:5a:46: d5:91:92:5c:2d:45:f5:df:f8:fd:9e:ef:f7:16:e5:d7: ca:43:07:01:f4:92:ec:07:8f:9e:80:91:9e:de:e4:14: f5:2b:4f:d3:99:78:ff:9e:b3:60:b1:1d:20:cb:d9:c4: 71:d9:2a:a3:56:3f:56:52:54:9c:15:cf:8c:b3:c7:85: 05:9f:9a:86:0a:9c:f8:56:4c:9c:7c:9e:c8:6d:75:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:ea:81:f6:ba:28:f9:1f:d4:de:37:bc:0c:74:5f:51: 40:12:19:f0:2d:a3:5f:66:73:68:b8:98:60:16:15:69: 66:3b:bb:95:43:f7:9f:a9:c7:42:f3:6a:ac:b0:cf:ec: d5:ea:ec:56:93:e0:dc:f2:8c:53:74:b4:d7:c6:05:34: 2e:6e:26:cd:dd:b9:f8:63:e1:ea:04:20:dd:79:bf:69: bc:b4:08:f1:ff:b1:3d:ce:85:66:c5:14:ff:1d:a6:78: d4:93:e5:19:32:61:1b:e5:60:2c:c2:73:50:e4:bc:7d: 8f:40:38:da:c7:63:08:64:1f:8f:6a:1b:a6:81:29:9f Fingerprint (SHA-256): 85:79:34:8D:D2:77:6F:27:E9:54:46:6D:29:C2:1E:E0:A5:20:36:7C:6F:86:92:AB:C0:E2:7B:D8:5E:4A:C1:D9 Fingerprint (SHA1): 7B:C6:67:CB:2C:CB:E5:42:E3:D4:07:31:EC:58:4B:1C:B9:45:82:2A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #822: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171450 (0x1ee2ab3a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:16:24 2015 Not After : Mon May 18 21:16:24 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:f3:01:42:1c:5d:bb:12:a1:02:e0:d7:fd:62:0c:a5: 37:09:39:cd:2c:7a:b8:4e:98:0d:24:4c:ed:9c:e3:0f: 71:0a:47:45:42:57:70:18:79:6c:c4:50:c9:96:5a:46: d5:91:92:5c:2d:45:f5:df:f8:fd:9e:ef:f7:16:e5:d7: ca:43:07:01:f4:92:ec:07:8f:9e:80:91:9e:de:e4:14: f5:2b:4f:d3:99:78:ff:9e:b3:60:b1:1d:20:cb:d9:c4: 71:d9:2a:a3:56:3f:56:52:54:9c:15:cf:8c:b3:c7:85: 05:9f:9a:86:0a:9c:f8:56:4c:9c:7c:9e:c8:6d:75:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:ea:81:f6:ba:28:f9:1f:d4:de:37:bc:0c:74:5f:51: 40:12:19:f0:2d:a3:5f:66:73:68:b8:98:60:16:15:69: 66:3b:bb:95:43:f7:9f:a9:c7:42:f3:6a:ac:b0:cf:ec: d5:ea:ec:56:93:e0:dc:f2:8c:53:74:b4:d7:c6:05:34: 2e:6e:26:cd:dd:b9:f8:63:e1:ea:04:20:dd:79:bf:69: bc:b4:08:f1:ff:b1:3d:ce:85:66:c5:14:ff:1d:a6:78: d4:93:e5:19:32:61:1b:e5:60:2c:c2:73:50:e4:bc:7d: 8f:40:38:da:c7:63:08:64:1f:8f:6a:1b:a6:81:29:9f Fingerprint (SHA-256): 85:79:34:8D:D2:77:6F:27:E9:54:46:6D:29:C2:1E:E0:A5:20:36:7C:6F:86:92:AB:C0:E2:7B:D8:5E:4A:C1:D9 Fingerprint (SHA1): 7B:C6:67:CB:2C:CB:E5:42:E3:D4:07:31:EC:58:4B:1C:B9:45:82:2A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #823: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #824: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171455 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #825: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #826: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #827: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171456 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #828: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #829: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #830: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171457 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #831: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #832: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #833: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171458 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #834: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #835: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #836: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171459 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #837: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #838: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #839: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171460 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #840: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #841: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #842: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171461 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #843: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #844: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #845: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171462 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #846: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #847: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #848: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171463 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #849: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #850: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #851: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #852: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518171464 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #853: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #854: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518171465 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #855: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #856: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518171466 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #857: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #858: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #859: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #860: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #861: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518171467 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #862: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #863: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518171468 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #864: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #865: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518171469 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #866: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #867: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #868: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #869: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #870: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518171470 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #871: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #872: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518171471 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #873: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #874: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518171472 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #875: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #876: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #877: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #878: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #879: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518171473 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #880: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #881: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518171474 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #882: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #883: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518171475 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #884: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #885: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #886: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #887: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #888: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518171476 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #889: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #890: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #891: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #892: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171477 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #893: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #894: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171455 (0x1ee2ab3f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 21:16:52 2015 Not After : Mon May 18 21:16:52 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:94:e5:e1:5d:8e:37:fc:63:05:ea:3d:57:c2:75:fa: 83:dc:c0:0c:aa:47:32:72:3d:2d:1f:03:a7:27:b0:d3: e0:de:ef:7c:3a:6b:cf:b6:d7:4e:73:12:6a:9f:15:e0: 40:17:86:a3:a2:dd:54:19:e9:cc:44:32:78:fe:e4:3d: d0:17:bc:3f:1f:df:fa:29:df:94:96:f1:74:cf:ac:86: eb:4d:4b:bc:36:32:c1:8b:84:22:c4:98:7b:e3:67:55: 8a:d5:1f:75:cd:57:6b:30:d3:f6:ba:d9:f6:36:42:85: 9d:84:f1:8f:65:2c:52:82:86:b5:aa:af:15:98:61:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 45:b9:6f:ef:5f:eb:05:f8:d4:80:65:f7:d4:ba:87:fc: 73:19:91:fd:0e:41:bb:a5:fd:f3:e6:e4:53:1c:fe:74: 27:96:f7:cd:6a:5e:8d:50:ce:3a:e6:d6:0d:55:bd:21: 54:bc:c5:88:b7:aa:68:39:23:ce:06:f2:00:52:65:66: 57:5f:a9:f3:1f:a9:e3:7f:c3:5e:e8:8b:59:27:5b:66: e5:66:57:d4:4b:e3:2d:66:ef:e3:7f:97:3a:04:f9:01: 76:08:29:8c:cd:70:52:21:88:34:0b:43:f5:79:12:d9: bc:0b:6b:db:b9:fb:23:8b:43:38:43:df:1d:8a:6d:38 Fingerprint (SHA-256): E4:ED:A2:22:E6:46:CC:38:4F:63:DF:00:ED:EE:5A:63:42:34:F0:A4:C8:9D:97:3A:56:1F:B0:0E:7F:5C:53:6B Fingerprint (SHA1): 90:C7:78:73:BE:B5:C6:19:74:70:6C:E4:9B:A6:54:95:B3:AE:60:D0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #895: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171456 (0x1ee2ab40) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 21:16:54 2015 Not After : Mon May 18 21:16:54 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:c2:d8:5a:11:6b:63:18:73:73:64:b6:5f:ac:c4:9f: 1a:4c:9b:8d:bd:60:24:eb:bf:7c:e3:5a:85:4e:5a:dd: 02:f9:59:69:82:41:d9:28:cb:89:8b:39:e7:e6:05:34: 44:48:b0:92:b3:23:c8:52:0d:70:10:b7:8e:33:65:66: 49:66:8e:3b:9c:06:a0:5e:64:15:5d:c1:b7:1e:b1:87: 88:98:8e:0a:82:4b:db:cc:0a:53:71:41:9d:01:f0:68: bd:da:07:67:d7:ed:1a:03:82:99:c4:24:8b:e0:57:2e: 77:b6:f3:70:71:e3:6e:99:10:19:69:4b:18:85:0b:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:4d:c1:52:0d:27:cc:7c:2a:d2:d4:a9:eb:55:32:95: 35:4f:db:31:15:0a:37:9c:fd:72:69:fb:59:8a:08:a9: 98:da:97:83:78:5a:1a:ea:5f:7e:86:be:58:bb:cb:48: 48:09:ab:f5:ae:ea:c3:e7:dd:10:5b:b3:a9:2d:53:b8: 0f:fb:06:12:51:9d:74:d9:8f:01:d5:c2:87:f1:a9:86: 62:2a:08:e3:11:f8:9c:9d:9a:6b:15:41:2a:f8:bc:ab: 18:63:0a:37:37:d0:86:f6:ce:8c:09:b6:fa:c1:bd:97: 8c:f9:be:bb:8a:b8:a3:85:f2:36:34:cc:f0:13:19:6b Fingerprint (SHA-256): 5E:2F:E2:15:C6:35:17:B2:9B:EA:3B:BA:38:C1:8C:66:B7:48:94:A4:17:D5:51:E7:FB:A3:70:A5:90:5F:C2:5B Fingerprint (SHA1): 05:30:8D:62:B3:7D:E2:AA:F0:63:56:00:31:E3:F4:34:57:99:22:2B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #896: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171457 (0x1ee2ab41) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 21:16:57 2015 Not After : Mon May 18 21:16:57 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:09:dc:fc:5b:8f:af:a3:93:d2:ea:73:44:18:26:83: 08:95:33:32:4b:e9:1f:92:c2:23:44:eb:3e:c4:4b:f7: f7:cf:52:d1:3d:05:8f:f4:ee:c9:29:a1:71:d6:77:c1: de:0b:5d:99:35:04:cf:35:e7:12:23:d8:f7:90:6d:db: b4:f2:b9:84:7c:05:26:df:b5:0a:48:6e:66:40:98:3d: fa:29:b3:ba:c3:e8:e3:e9:f6:c1:4e:75:30:ac:af:24: 1d:68:8d:e3:01:e0:ba:42:b8:6f:f2:96:5d:e2:6e:03: c5:28:0f:a5:af:7a:ae:1d:6f:f0:7e:1e:64:56:d1:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a5:dc:6e:f7:dd:91:3e:dc:2d:b3:9b:e3:5e:4e:43:2f: fd:be:69:ef:3f:68:6f:db:ec:29:f2:97:d9:d3:9a:ab: 30:bf:e9:fc:1b:d4:70:cd:d0:fd:77:ae:98:5b:09:8d: 8b:bc:af:a6:98:d6:da:31:7c:36:fe:a7:57:b0:02:a8: ab:18:80:ac:18:86:91:66:4e:bd:0c:0b:37:1e:c0:0c: 7f:77:e4:13:d9:0c:80:64:e7:06:05:e7:87:3c:06:14: 7e:c7:2d:ab:76:be:ac:d7:46:3a:44:44:1c:37:0f:11: 14:4a:c4:66:44:6c:09:54:25:2a:d7:e6:7b:b8:0d:aa Fingerprint (SHA-256): E1:32:EE:C9:4D:E5:F9:27:3E:36:A3:61:D6:3A:9B:18:EC:2A:6C:F3:CA:71:07:5D:87:30:73:FF:29:71:5D:42 Fingerprint (SHA1): 2E:9B:46:04:1A:AD:17:0A:5F:25:EE:39:A4:00:8F:66:FC:5C:FD:BD Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #897: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171458 (0x1ee2ab42) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 21:17:00 2015 Not After : Mon May 18 21:17:00 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:53:18:db:cb:e9:db:c7:43:87:ca:60:c5:67:d6:e7: 38:57:4e:92:4d:ac:53:fa:87:a7:d5:78:d4:51:c4:3d: 4d:e8:a3:cf:88:0d:91:99:17:a7:6d:e6:c5:fe:cc:4e: 75:ea:db:45:58:e3:7c:ad:c7:f6:51:18:d4:99:c4:22: 56:4b:64:ba:f4:ac:a1:9b:98:8a:d5:67:a0:53:41:1a: 24:71:70:15:cb:29:fa:04:6c:bb:f3:5d:d9:48:12:83: 51:e7:c5:2e:34:c7:44:da:6e:a2:ca:20:3e:49:59:e1: 1a:70:88:1d:fb:bf:9b:5b:39:57:66:01:18:5a:8d:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0a:83:f1:e5:e9:07:6c:34:43:12:bf:5a:b4:17:b0:83: 6d:f7:16:15:bb:fb:8a:da:b9:35:8f:65:d5:56:7e:7a: ec:57:b0:05:17:f5:ab:a3:cd:4a:aa:c9:2e:ed:1d:07: 50:1b:da:70:0b:84:c2:bf:c2:c2:9c:2f:20:a0:ba:db: ed:99:af:f9:4c:87:66:0e:f0:c5:76:5e:12:8d:af:b3: 53:c7:1e:66:2c:bc:5f:3a:1d:e9:0d:d5:7f:32:b2:6c: c5:a8:7d:b5:af:a8:2a:98:93:89:b1:a6:ac:60:5c:38: 37:4f:9c:37:c5:b2:c0:4d:fe:5c:46:44:d6:0d:68:a1 Fingerprint (SHA-256): D7:9F:6D:5C:13:23:6B:FC:C8:13:B4:B6:85:5E:A5:44:86:9C:33:FF:9F:D1:E0:36:66:A7:70:25:A4:1F:F9:6D Fingerprint (SHA1): 8F:D0:C4:3C:77:AB:69:64:80:84:50:A2:AA:60:28:06:9C:19:62:06 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #898: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171459 (0x1ee2ab43) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 21:17:02 2015 Not After : Mon May 18 21:17:02 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:3e:81:60:2a:6a:1f:7b:c3:d8:72:71:55:9b:bd:a7: 04:f1:b4:d0:ac:32:73:d6:ef:07:0e:87:ff:a8:a3:8a: 0b:90:63:be:be:a6:2c:37:3e:43:af:19:d8:64:96:ba: 1d:f8:e3:40:ab:7b:a0:7a:1b:38:e8:11:3b:7c:9f:52: 28:79:cd:58:74:b1:5a:02:ec:6a:4f:2c:79:6a:d7:b1: 9d:d5:95:79:15:3b:38:7e:13:ed:44:f7:bc:10:d1:88: 69:20:b9:dc:d7:11:32:75:f4:a5:fd:04:6c:49:e2:77: a3:d8:8f:d5:9f:e0:b7:35:cc:0f:82:f0:4e:82:76:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:91:75:95:f0:54:a7:ef:30:8b:e9:6a:b4:6b:92:f5: 1f:56:1e:c9:eb:34:fa:8f:21:4d:fb:61:ac:ae:1d:51: 6e:b0:23:41:e0:d7:6b:96:be:54:7b:d6:29:59:42:e4: b1:62:ec:2c:7f:5f:7f:93:1a:4e:54:12:98:2a:49:7f: c5:32:ff:8c:f3:01:83:6c:96:be:26:b7:0f:e4:ef:04: 92:95:bb:63:68:3c:56:60:22:1a:66:4c:1c:68:c0:1c: f4:8c:c6:97:0f:10:5b:06:7b:f4:ee:da:72:29:02:ab: 4c:66:b4:55:91:ef:cf:f2:9b:93:30:0f:c5:81:7b:db Fingerprint (SHA-256): E1:04:4D:4C:9F:2F:5F:AD:26:32:EB:AA:3B:DF:18:8F:02:A7:29:77:BA:87:13:78:1B:54:C1:58:85:B7:A8:98 Fingerprint (SHA1): C7:B7:BB:E6:FA:EF:7D:16:C6:CE:CA:DD:9D:BC:A0:1E:FC:7B:76:B3 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #899: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171460 (0x1ee2ab44) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 21:17:04 2015 Not After : Mon May 18 21:17:04 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:45:0c:1d:29:40:1c:64:0b:89:46:58:cd:5a:15:95: 06:91:ff:a8:6a:23:aa:f2:fa:e0:09:6e:6d:43:2e:f5: 45:aa:2f:4e:91:9c:22:86:80:5a:dd:90:7e:5b:16:31: 4a:24:86:b0:4a:c6:de:df:ea:fa:25:26:ba:76:67:9a: fe:4b:bd:87:16:9e:e8:c7:44:5d:89:d2:01:d9:3d:15: 5b:03:fc:dd:b4:74:f2:74:f3:2f:b4:e9:5b:48:57:5f: 73:a3:25:63:1f:be:cd:a5:ad:4c:f9:7f:27:35:cd:9b: eb:5e:86:22:25:50:ce:2d:bb:d0:9b:a7:15:7a:a4:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: aa:ac:9d:24:e3:81:96:75:0a:b3:31:e1:a9:ae:c2:03: 1a:14:17:85:8c:31:fe:f2:00:19:c6:19:4e:e5:4b:cb: 52:40:46:9c:5c:44:52:3e:e2:97:9b:a6:62:c5:69:bf: dc:ee:3b:67:09:35:ab:b0:37:df:3a:e4:24:75:f0:c4: 09:7e:19:0f:68:8d:83:8d:49:7a:c2:51:25:6a:6c:97: c8:8d:98:cf:c7:a2:89:d6:f0:8e:2a:5b:9b:14:b1:8c: a1:69:e1:c2:1d:45:5c:10:21:f6:6e:0e:00:82:c6:31: 40:15:7c:06:42:7e:76:e0:9a:f8:fb:43:8b:1c:ac:cc Fingerprint (SHA-256): B1:5A:44:08:5F:8D:33:8B:62:22:0A:F1:8B:84:0D:1C:FF:66:AA:A7:EA:BD:15:AE:86:DF:64:A4:19:C8:FE:1D Fingerprint (SHA1): 8C:E0:2C:05:C3:28:CF:ED:6D:30:9C:8A:6B:B9:78:75:5C:C0:19:DB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #900: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171461 (0x1ee2ab45) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 21:17:07 2015 Not After : Mon May 18 21:17:07 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:bc:36:39:53:4d:1b:18:16:c0:3c:61:65:ab:d9:4b: 04:62:87:9f:a2:fa:af:61:7d:aa:da:95:3d:e6:18:8f: 02:af:b0:c7:5c:e0:ad:73:42:3f:da:b8:dd:57:0b:3c: cd:8e:83:73:77:bb:1b:c2:85:55:75:6c:79:fb:8e:ae: f9:cd:e1:65:69:65:0d:09:1d:78:cd:1a:71:33:2c:01: 6b:c5:ae:83:43:b2:c4:36:99:67:1e:dc:14:21:0e:82: 08:88:65:0a:53:84:5b:0c:03:1b:65:ce:90:ef:36:40: 9e:45:d0:7a:48:78:60:17:d1:36:18:4e:01:80:b4:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d4:d5:c8:cd:ce:0a:ae:dc:bd:91:54:37:de:20:b7:91: 0c:c1:bd:3b:4f:d2:89:b4:04:6b:c8:00:99:9e:78:e1: ec:4a:9a:2d:55:f2:c3:91:47:26:3c:3b:8f:a2:bc:f7: 0c:e4:19:fc:91:c3:06:23:9a:ac:f7:6c:17:36:36:b0: c0:34:a0:50:85:de:b6:77:a2:8a:12:d2:18:04:15:0c: 67:0a:0d:da:8f:fd:49:68:31:73:bb:16:bf:9e:83:a8: 3e:26:78:8a:56:65:24:76:8e:be:1a:d5:0f:c1:15:5e: fa:4a:16:40:e0:3c:c5:e9:a0:b8:9c:d8:9c:f3:a2:66 Fingerprint (SHA-256): 38:98:FD:B9:FA:60:EF:04:18:ED:9F:EA:FB:DB:1E:E9:FF:84:2A:19:A9:8A:A3:DD:C2:73:C6:6E:1F:FF:90:99 Fingerprint (SHA1): 7D:06:1D:C2:30:FE:1D:5F:1D:88:21:88:9C:BC:51:6D:AA:44:97:1A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #901: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171462 (0x1ee2ab46) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 21:17:10 2015 Not After : Mon May 18 21:17:10 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:a7:25:c6:f4:20:74:de:bf:69:be:04:d4:13:e4:69: e3:9c:d7:21:4d:0f:20:ef:71:4a:fd:25:d0:d9:fa:2c: c9:cc:26:c7:24:fd:69:81:e2:98:b6:73:b1:8f:e1:63: c6:8f:1a:4a:ff:24:1e:69:48:b9:4d:1f:a1:46:35:a8: 49:91:65:32:c8:6b:b5:6d:4d:03:34:e7:50:7e:1a:78: 0d:7f:a0:4a:10:60:e0:ab:34:e2:74:75:4a:6b:5d:20: e8:e5:d1:56:21:28:4c:24:e1:b6:83:5c:23:3e:a3:d2: 46:12:d2:18:dd:3b:f7:ae:e8:1c:74:d6:10:a8:55:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:fa:f9:b6:b9:b7:38:9d:cf:b5:ca:a9:bc:3d:01:0a: 5c:63:40:80:9f:79:a9:44:9c:fc:57:c8:42:59:90:ce: e9:c5:0c:88:bd:ad:7a:e0:66:87:d1:c0:6f:15:1c:db: b3:3d:71:f7:79:b1:f1:d2:f6:af:7e:68:7c:42:c8:03: 01:8f:fe:07:7a:ce:04:e0:90:7d:c3:e3:3a:e1:5f:6a: 66:23:37:97:e1:83:14:fc:2a:1b:62:d3:7c:2f:52:64: a9:f2:24:25:07:15:7f:58:18:4c:04:fc:55:81:b2:90: 75:b5:f0:af:e3:a7:a8:51:85:8e:62:d5:e8:fe:42:f5 Fingerprint (SHA-256): 6A:CE:2C:7E:FB:8E:A5:CD:CC:E2:81:48:9A:77:E8:BD:0F:72:8F:AD:1B:21:E0:3B:2C:15:92:E1:14:0B:56:4E Fingerprint (SHA1): F6:C6:E7:8F:DE:E1:ED:68:16:26:6E:1F:25:26:9C:BD:6F:4D:81:9C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #902: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171463 (0x1ee2ab47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 21:17:12 2015 Not After : Mon May 18 21:17:12 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:12:78:ac:9a:02:26:17:b3:8a:34:c4:34:8b:42:6b: 10:24:d3:2a:b6:77:52:2d:43:9a:36:90:00:0d:48:9e: fc:30:b3:25:53:70:79:0c:49:85:d8:19:b6:c0:a8:6d: da:a7:54:36:4a:cd:48:50:89:99:62:65:ea:1d:47:40: aa:6a:fe:f2:3d:b3:29:fb:0e:00:98:30:84:a4:b3:b8: 73:a6:ea:d5:cd:ec:c7:1c:02:81:99:15:d7:72:31:1e: 12:e1:fb:b7:69:b2:7c:4c:34:7d:84:91:8d:70:34:da: fc:ca:c3:a5:38:5e:a7:d4:11:6c:f7:d4:ac:ab:74:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 22:c4:35:a4:2b:28:48:25:97:10:e3:31:d5:15:48:17: 51:d2:0e:5a:79:c5:dc:7b:1e:c8:77:89:45:00:70:bf: e7:86:5d:81:b8:ad:38:4e:6e:4e:71:33:55:8d:4d:7e: 19:f4:c0:01:e7:c0:8b:63:bf:0f:ed:ca:a0:b1:df:f1: 40:99:e8:d9:ce:10:45:e3:94:9f:29:71:54:42:9a:45: 73:59:4b:a5:93:59:4c:a0:a7:11:3e:a6:7f:63:a4:2c: cd:c4:b7:8b:62:d6:c0:6d:aa:5a:d1:20:68:82:36:84: b6:c9:84:3c:fb:2f:1c:8c:1c:67:d0:13:1d:16:47:27 Fingerprint (SHA-256): 29:CD:36:1D:CD:0E:11:B9:85:5F:CD:8B:04:9A:30:36:8E:FF:8A:7F:0A:98:23:7C:38:3E:9B:61:BA:39:3D:86 Fingerprint (SHA1): 86:05:F6:FC:9A:D4:DF:BE:27:A5:ED:16:63:27:69:6F:1D:1C:AB:F3 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #903: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #904: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171478 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #905: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #906: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #907: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #908: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171479 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #909: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #910: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #911: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #912: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171480 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #913: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #914: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #915: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #916: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171481 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #917: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #918: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #919: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171478 (0x1ee2ab56) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:17:50 2015 Not After : Mon May 18 21:17:50 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:44:38:a5:17:f6:94:b9:d7:b0:d5:31:c5:06:46:4c: 80:c4:7f:a0:b0:c1:70:d6:54:61:4a:28:c7:eb:c9:e3: 73:6c:2e:63:75:bc:d3:1a:88:42:58:ef:16:8a:cd:6c: eb:a5:ff:ca:92:59:7e:e7:3f:40:82:7c:2e:15:fb:13: d9:0b:ad:2f:ac:92:b9:f6:29:b6:fa:e3:6b:0d:65:9b: d2:ec:4c:0f:d0:3b:50:aa:db:7c:3e:08:8b:9c:92:81: 6b:43:90:b4:f7:39:bb:63:f6:cf:39:8e:9f:38:34:0e: 69:5c:60:9e:b2:78:06:64:61:ff:ea:1b:c7:4f:39:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:6d:a7:c3:e8:2c:16:09:6f:e3:4b:9a:5d:e5:1d:80: fb:4b:59:b8:2a:8d:6d:ac:88:e5:43:53:04:67:38:ef: 07:95:61:51:0f:1c:35:d4:30:29:a1:18:eb:63:23:74: 66:74:50:aa:d3:df:a0:e4:2f:d2:36:75:07:03:3e:f8: ab:2c:6f:d5:16:f9:93:5a:85:80:94:9b:4d:2d:fc:b2: 30:2d:54:05:41:72:1b:f5:56:ad:f7:ac:58:8e:31:5b: 1e:50:b4:bf:26:91:fb:ef:4b:e5:96:b0:65:35:9a:4f: b7:91:2e:79:99:39:7c:f1:4d:60:12:3f:80:ae:81:fd Fingerprint (SHA-256): 27:1C:25:C6:DA:53:E4:BD:6F:F0:54:EF:B5:57:21:58:B9:8B:31:BF:3F:59:AD:78:13:E2:F6:3A:8C:86:45:D4 Fingerprint (SHA1): F6:AE:4B:06:6F:DA:9A:A7:CB:66:B6:4A:3C:D9:5E:4B:F0:24:F3:10 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #920: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #921: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171479 (0x1ee2ab57) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:17:53 2015 Not After : Mon May 18 21:17:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:fa:1e:6e:ea:53:18:d2:a5:a3:94:f9:1a:00:65:b5: c4:21:3d:b1:b6:41:93:5f:1b:c8:11:ca:4f:ef:d1:0c: f5:0b:69:e4:89:5b:57:77:ef:15:f4:6a:60:d7:f0:82: 92:f5:ae:19:a4:a1:aa:8b:c3:d6:da:fd:2f:66:90:4f: 92:f4:e0:c8:85:da:4b:64:83:f7:51:de:73:e6:dc:06: a5:4c:31:e5:2e:4a:4c:14:eb:07:60:3c:33:11:10:9b: a5:eb:90:58:8f:cc:a0:b1:41:ff:f2:cc:91:db:0a:5d: a6:7a:67:43:2c:cc:bc:95:e7:f0:59:b3:c8:36:2f:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:29:b8:05:e0:fb:a8:d6:98:4e:e4:0b:18:cc:f3:e2: a1:3c:f1:f9:77:e6:72:8d:bb:cc:5b:43:f9:30:4b:8c: b2:5d:3d:e7:6b:5b:e6:7d:89:0c:7b:5a:a7:11:c7:62: b4:a2:cc:2a:5e:ec:39:63:7f:ac:88:e9:0d:ce:00:8e: a9:ca:37:b3:66:5d:ee:a6:b2:90:89:e4:fd:36:6e:af: ea:53:e7:b9:f8:25:0f:74:86:6d:ee:44:ec:d3:0e:4d: ad:60:8f:01:1a:73:91:a7:10:13:86:cb:69:a1:56:ab: 05:0d:af:48:db:7d:56:a9:6d:a4:5a:0d:e0:29:78:c3 Fingerprint (SHA-256): 76:4F:9E:6D:CD:CB:FB:C8:3D:D0:54:B7:2B:00:44:6A:BB:E9:BE:A4:F3:1C:C6:8F:52:97:2E:B8:0E:0B:F6:AC Fingerprint (SHA1): AB:C3:F5:D1:AE:AB:C1:96:1E:40:71:14:88:CA:07:6A:CA:87:60:15 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #922: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #923: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171480 (0x1ee2ab58) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:17:55 2015 Not After : Mon May 18 21:17:55 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:21:63:93:6d:08:64:d7:14:8f:62:c0:bf:b6:50:c5: e8:35:46:2d:b2:49:7c:1f:59:62:f2:a0:82:89:9a:1b: 16:ec:fa:9d:a0:b3:f8:a1:7b:86:8b:78:18:f5:7f:fb: 6b:e1:3d:7c:8f:4c:5f:fd:d7:9d:06:ed:ad:09:74:a3: 26:26:ac:93:ea:01:c1:44:d6:a4:df:57:9a:b9:0f:b3: ac:53:f1:60:f1:f7:2c:99:61:35:f8:ef:3c:34:5b:b5: d4:cd:e6:dc:da:02:d2:44:e6:c0:e2:5f:6d:94:30:e3: 9a:d0:43:42:c3:2c:8a:b8:96:39:62:65:d7:a9:4c:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:16:a8:4b:65:6a:b1:ae:e8:72:ae:6a:40:73:19:76: 84:6c:6d:4e:62:1b:bf:76:7d:ff:d4:50:4e:7e:ac:f3: ef:04:69:b4:0d:4b:ce:e9:57:87:96:f1:a2:da:92:3f: 1b:12:ab:34:2e:32:9b:d7:d3:dd:f4:95:db:2a:14:33: ef:ba:96:a1:2d:b0:5c:33:16:0e:a3:42:9a:b0:60:51: 31:03:4e:96:cb:bc:f3:4a:f8:60:0d:a6:6e:47:08:f1: 23:f9:4c:7b:16:2b:72:ca:6e:c7:37:01:b5:63:7e:b8: 06:ba:50:34:42:0c:49:69:55:61:48:24:7e:71:f0:37 Fingerprint (SHA-256): 6B:50:CA:6B:F1:68:8A:E8:35:A2:48:10:FD:88:E6:16:E0:D3:30:A8:4D:61:68:9E:02:50:06:7E:AA:7E:75:48 Fingerprint (SHA1): C5:BE:BA:43:45:83:77:BD:74:7C:5D:CD:94:8F:48:74:8B:E8:E3:3E Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #924: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #925: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #926: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #927: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #928: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171478 (0x1ee2ab56) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:17:50 2015 Not After : Mon May 18 21:17:50 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:44:38:a5:17:f6:94:b9:d7:b0:d5:31:c5:06:46:4c: 80:c4:7f:a0:b0:c1:70:d6:54:61:4a:28:c7:eb:c9:e3: 73:6c:2e:63:75:bc:d3:1a:88:42:58:ef:16:8a:cd:6c: eb:a5:ff:ca:92:59:7e:e7:3f:40:82:7c:2e:15:fb:13: d9:0b:ad:2f:ac:92:b9:f6:29:b6:fa:e3:6b:0d:65:9b: d2:ec:4c:0f:d0:3b:50:aa:db:7c:3e:08:8b:9c:92:81: 6b:43:90:b4:f7:39:bb:63:f6:cf:39:8e:9f:38:34:0e: 69:5c:60:9e:b2:78:06:64:61:ff:ea:1b:c7:4f:39:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:6d:a7:c3:e8:2c:16:09:6f:e3:4b:9a:5d:e5:1d:80: fb:4b:59:b8:2a:8d:6d:ac:88:e5:43:53:04:67:38:ef: 07:95:61:51:0f:1c:35:d4:30:29:a1:18:eb:63:23:74: 66:74:50:aa:d3:df:a0:e4:2f:d2:36:75:07:03:3e:f8: ab:2c:6f:d5:16:f9:93:5a:85:80:94:9b:4d:2d:fc:b2: 30:2d:54:05:41:72:1b:f5:56:ad:f7:ac:58:8e:31:5b: 1e:50:b4:bf:26:91:fb:ef:4b:e5:96:b0:65:35:9a:4f: b7:91:2e:79:99:39:7c:f1:4d:60:12:3f:80:ae:81:fd Fingerprint (SHA-256): 27:1C:25:C6:DA:53:E4:BD:6F:F0:54:EF:B5:57:21:58:B9:8B:31:BF:3F:59:AD:78:13:E2:F6:3A:8C:86:45:D4 Fingerprint (SHA1): F6:AE:4B:06:6F:DA:9A:A7:CB:66:B6:4A:3C:D9:5E:4B:F0:24:F3:10 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #929: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #930: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171479 (0x1ee2ab57) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:17:53 2015 Not After : Mon May 18 21:17:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:fa:1e:6e:ea:53:18:d2:a5:a3:94:f9:1a:00:65:b5: c4:21:3d:b1:b6:41:93:5f:1b:c8:11:ca:4f:ef:d1:0c: f5:0b:69:e4:89:5b:57:77:ef:15:f4:6a:60:d7:f0:82: 92:f5:ae:19:a4:a1:aa:8b:c3:d6:da:fd:2f:66:90:4f: 92:f4:e0:c8:85:da:4b:64:83:f7:51:de:73:e6:dc:06: a5:4c:31:e5:2e:4a:4c:14:eb:07:60:3c:33:11:10:9b: a5:eb:90:58:8f:cc:a0:b1:41:ff:f2:cc:91:db:0a:5d: a6:7a:67:43:2c:cc:bc:95:e7:f0:59:b3:c8:36:2f:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:29:b8:05:e0:fb:a8:d6:98:4e:e4:0b:18:cc:f3:e2: a1:3c:f1:f9:77:e6:72:8d:bb:cc:5b:43:f9:30:4b:8c: b2:5d:3d:e7:6b:5b:e6:7d:89:0c:7b:5a:a7:11:c7:62: b4:a2:cc:2a:5e:ec:39:63:7f:ac:88:e9:0d:ce:00:8e: a9:ca:37:b3:66:5d:ee:a6:b2:90:89:e4:fd:36:6e:af: ea:53:e7:b9:f8:25:0f:74:86:6d:ee:44:ec:d3:0e:4d: ad:60:8f:01:1a:73:91:a7:10:13:86:cb:69:a1:56:ab: 05:0d:af:48:db:7d:56:a9:6d:a4:5a:0d:e0:29:78:c3 Fingerprint (SHA-256): 76:4F:9E:6D:CD:CB:FB:C8:3D:D0:54:B7:2B:00:44:6A:BB:E9:BE:A4:F3:1C:C6:8F:52:97:2E:B8:0E:0B:F6:AC Fingerprint (SHA1): AB:C3:F5:D1:AE:AB:C1:96:1E:40:71:14:88:CA:07:6A:CA:87:60:15 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #931: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #932: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171480 (0x1ee2ab58) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:17:55 2015 Not After : Mon May 18 21:17:55 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:21:63:93:6d:08:64:d7:14:8f:62:c0:bf:b6:50:c5: e8:35:46:2d:b2:49:7c:1f:59:62:f2:a0:82:89:9a:1b: 16:ec:fa:9d:a0:b3:f8:a1:7b:86:8b:78:18:f5:7f:fb: 6b:e1:3d:7c:8f:4c:5f:fd:d7:9d:06:ed:ad:09:74:a3: 26:26:ac:93:ea:01:c1:44:d6:a4:df:57:9a:b9:0f:b3: ac:53:f1:60:f1:f7:2c:99:61:35:f8:ef:3c:34:5b:b5: d4:cd:e6:dc:da:02:d2:44:e6:c0:e2:5f:6d:94:30:e3: 9a:d0:43:42:c3:2c:8a:b8:96:39:62:65:d7:a9:4c:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:16:a8:4b:65:6a:b1:ae:e8:72:ae:6a:40:73:19:76: 84:6c:6d:4e:62:1b:bf:76:7d:ff:d4:50:4e:7e:ac:f3: ef:04:69:b4:0d:4b:ce:e9:57:87:96:f1:a2:da:92:3f: 1b:12:ab:34:2e:32:9b:d7:d3:dd:f4:95:db:2a:14:33: ef:ba:96:a1:2d:b0:5c:33:16:0e:a3:42:9a:b0:60:51: 31:03:4e:96:cb:bc:f3:4a:f8:60:0d:a6:6e:47:08:f1: 23:f9:4c:7b:16:2b:72:ca:6e:c7:37:01:b5:63:7e:b8: 06:ba:50:34:42:0c:49:69:55:61:48:24:7e:71:f0:37 Fingerprint (SHA-256): 6B:50:CA:6B:F1:68:8A:E8:35:A2:48:10:FD:88:E6:16:E0:D3:30:A8:4D:61:68:9E:02:50:06:7E:AA:7E:75:48 Fingerprint (SHA1): C5:BE:BA:43:45:83:77:BD:74:7C:5D:CD:94:8F:48:74:8B:E8:E3:3E Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #933: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #934: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #935: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171482 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #936: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #937: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #938: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #939: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171483 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #940: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #941: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #942: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #943: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171484 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #944: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #945: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #946: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #947: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518171485 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #948: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #949: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #950: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #951: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518171486 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #952: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #953: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #954: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171482 (0x1ee2ab5a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:15 2015 Not After : Mon May 18 21:18:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:18:f2:20:e6:ce:5a:fa:81:da:7c:b9:ee:69:84:74: cb:ea:70:58:bc:13:64:b7:14:e0:74:7f:60:8e:3f:8d: 47:d0:6c:77:03:7c:d4:0f:c6:94:df:e4:f4:af:c4:0c: 12:33:b1:7a:12:7c:3c:6c:ff:ab:e5:9a:71:47:c4:75: 5f:14:db:ce:d4:9c:04:7d:43:e1:51:e4:7f:80:be:f4: b3:89:1c:fc:ca:09:bc:19:63:20:57:a2:83:02:7e:7e: 66:e4:14:11:d0:fb:5c:e2:bf:d8:b7:e2:cf:c0:81:a3: 53:98:32:3a:3f:d4:ab:0d:4b:dd:f6:92:98:88:3b:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:43:07:37:87:32:72:3c:f9:42:65:14:48:59:90:9b: 6c:1f:6f:58:06:59:ce:39:8d:96:f5:2b:2f:a5:ad:f3: 80:fc:7d:9c:d9:5d:61:05:94:fc:ac:bd:56:3d:fa:7e: 4f:91:92:96:91:8a:f8:ae:17:da:45:f4:5a:f1:77:aa: 15:1e:9a:11:b6:74:b9:7e:5c:82:f0:24:71:e2:bf:3a: 37:d6:a5:0d:af:54:bc:7f:ee:de:c7:b2:93:ae:a9:3a: 15:16:d0:ab:bd:08:92:44:4c:f3:49:2f:7e:11:05:7a: c4:80:af:66:c8:02:ab:80:a9:22:7a:57:de:43:4d:a0 Fingerprint (SHA-256): 0F:6D:AA:6B:8D:34:0A:62:84:1C:E0:C8:A8:0D:DB:89:05:67:EE:9F:38:4D:94:20:73:FB:91:D6:48:06:E8:8D Fingerprint (SHA1): FA:C9:30:60:99:D7:FF:0B:1A:F8:EE:96:60:B3:20:3E:20:97:9C:A7 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #955: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #956: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171483 (0x1ee2ab5b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:17 2015 Not After : Mon May 18 21:18:17 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:44:13:36:da:ee:8e:95:8f:5f:f7:ad:0b:ca:d8:70: 81:56:97:52:0e:ab:85:ed:fc:bc:0e:3d:42:01:28:0c: 0f:f2:96:df:c0:f1:d9:2e:9e:61:92:74:8f:ac:88:7b: b3:8d:60:74:c1:68:48:b4:98:3a:76:e8:0d:7a:b9:5b: 39:aa:95:5f:be:60:00:a7:4c:af:58:c5:98:91:5f:be: 41:d5:41:70:a7:ee:5c:a6:c3:a8:c7:51:ea:55:bf:b8: 33:b3:d1:6a:b1:a8:93:c3:ee:38:b5:30:03:ae:58:0e: c0:e5:1d:b4:8a:d1:a8:70:51:43:c9:34:eb:45:f8:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:b9:f7:23:7d:b5:f6:d2:51:1a:4c:6f:ea:4f:2b:c3: 41:a4:14:2e:f1:86:17:63:01:fa:fe:d0:0b:23:bd:9d: d3:cc:ef:9c:08:bb:d5:15:e1:06:be:5e:47:08:c9:49: f1:38:82:bf:be:93:ee:d9:8b:88:52:fb:32:d1:4b:19: a5:16:ca:1a:45:f1:d3:55:dd:12:6d:3d:4c:66:4b:27: 21:71:99:ed:22:f7:65:79:52:14:1a:86:f4:21:46:ce: ee:46:14:7f:0c:03:ef:21:34:54:fc:ff:dd:60:5c:9d: fd:41:f5:e2:f7:12:1f:c4:39:b5:bf:92:e9:63:3b:32 Fingerprint (SHA-256): C8:B8:81:D4:C0:61:3F:F5:C0:B9:DF:E1:86:02:92:09:1F:7B:F8:20:B4:C3:6A:F3:89:0E:4A:56:C8:DA:05:51 Fingerprint (SHA1): AF:FF:03:62:F3:3B:39:1A:20:7F:37:1E:E2:71:76:6F:3D:33:60:09 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #957: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #958: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171484 (0x1ee2ab5c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:18:21 2015 Not After : Mon May 18 21:18:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:ba:df:67:7a:b4:b8:34:09:c7:b0:1d:b7:2f:64:5c: 70:4c:2f:6d:44:e5:40:d1:7a:64:62:89:54:02:f5:47: ea:a4:88:be:2a:07:a4:77:17:c6:72:a4:05:b0:b2:da: da:04:26:2f:f5:2f:90:11:88:fc:7b:29:29:3d:5f:b1: f6:16:58:c2:2b:9d:49:ca:45:7c:d4:0f:c1:4c:7a:e2: 4e:01:e1:fc:f8:b9:69:b5:f3:3f:c9:4e:98:63:1e:b3: e3:f0:ee:f7:71:d5:d5:33:f3:ce:87:40:f5:a5:15:ea: c5:ae:f9:74:a6:86:ab:c7:3b:a1:35:2e:08:6a:bc:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:43:a3:87:54:e4:df:f4:0f:10:84:05:ea:08:92:fe: b3:59:af:3a:69:78:a5:93:2a:cb:77:20:1f:5d:6b:bb: 11:43:9f:41:41:f2:cc:52:92:40:3a:8c:3b:04:d6:34: 0d:70:cd:3c:de:eb:c6:68:dc:14:91:1b:d0:95:48:bf: fa:a7:6d:fb:a1:2e:85:60:c9:2d:a9:5c:dc:4b:80:5b: 28:fd:c2:88:ff:35:8e:06:e0:3a:ac:9c:c5:9b:25:83: 9e:28:0d:52:f4:31:29:fd:ee:53:45:48:d6:23:00:7b: 1d:f0:e9:40:6c:a3:dd:91:0a:46:ae:8f:3f:b9:ba:58 Fingerprint (SHA-256): 09:23:DC:D2:3E:27:2E:2E:C5:46:A2:2A:B8:FC:6C:68:E6:0B:CA:12:4A:90:BC:68:6B:78:D6:67:8B:56:84:BE Fingerprint (SHA1): 20:40:5D:1F:88:D0:09:A9:B3:4C:2D:74:52:0E:FC:18:13:F7:85:A6 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #959: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #960: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #961: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #962: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #963: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171482 (0x1ee2ab5a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:15 2015 Not After : Mon May 18 21:18:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:18:f2:20:e6:ce:5a:fa:81:da:7c:b9:ee:69:84:74: cb:ea:70:58:bc:13:64:b7:14:e0:74:7f:60:8e:3f:8d: 47:d0:6c:77:03:7c:d4:0f:c6:94:df:e4:f4:af:c4:0c: 12:33:b1:7a:12:7c:3c:6c:ff:ab:e5:9a:71:47:c4:75: 5f:14:db:ce:d4:9c:04:7d:43:e1:51:e4:7f:80:be:f4: b3:89:1c:fc:ca:09:bc:19:63:20:57:a2:83:02:7e:7e: 66:e4:14:11:d0:fb:5c:e2:bf:d8:b7:e2:cf:c0:81:a3: 53:98:32:3a:3f:d4:ab:0d:4b:dd:f6:92:98:88:3b:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:43:07:37:87:32:72:3c:f9:42:65:14:48:59:90:9b: 6c:1f:6f:58:06:59:ce:39:8d:96:f5:2b:2f:a5:ad:f3: 80:fc:7d:9c:d9:5d:61:05:94:fc:ac:bd:56:3d:fa:7e: 4f:91:92:96:91:8a:f8:ae:17:da:45:f4:5a:f1:77:aa: 15:1e:9a:11:b6:74:b9:7e:5c:82:f0:24:71:e2:bf:3a: 37:d6:a5:0d:af:54:bc:7f:ee:de:c7:b2:93:ae:a9:3a: 15:16:d0:ab:bd:08:92:44:4c:f3:49:2f:7e:11:05:7a: c4:80:af:66:c8:02:ab:80:a9:22:7a:57:de:43:4d:a0 Fingerprint (SHA-256): 0F:6D:AA:6B:8D:34:0A:62:84:1C:E0:C8:A8:0D:DB:89:05:67:EE:9F:38:4D:94:20:73:FB:91:D6:48:06:E8:8D Fingerprint (SHA1): FA:C9:30:60:99:D7:FF:0B:1A:F8:EE:96:60:B3:20:3E:20:97:9C:A7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #964: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #965: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171483 (0x1ee2ab5b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:17 2015 Not After : Mon May 18 21:18:17 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:44:13:36:da:ee:8e:95:8f:5f:f7:ad:0b:ca:d8:70: 81:56:97:52:0e:ab:85:ed:fc:bc:0e:3d:42:01:28:0c: 0f:f2:96:df:c0:f1:d9:2e:9e:61:92:74:8f:ac:88:7b: b3:8d:60:74:c1:68:48:b4:98:3a:76:e8:0d:7a:b9:5b: 39:aa:95:5f:be:60:00:a7:4c:af:58:c5:98:91:5f:be: 41:d5:41:70:a7:ee:5c:a6:c3:a8:c7:51:ea:55:bf:b8: 33:b3:d1:6a:b1:a8:93:c3:ee:38:b5:30:03:ae:58:0e: c0:e5:1d:b4:8a:d1:a8:70:51:43:c9:34:eb:45:f8:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:b9:f7:23:7d:b5:f6:d2:51:1a:4c:6f:ea:4f:2b:c3: 41:a4:14:2e:f1:86:17:63:01:fa:fe:d0:0b:23:bd:9d: d3:cc:ef:9c:08:bb:d5:15:e1:06:be:5e:47:08:c9:49: f1:38:82:bf:be:93:ee:d9:8b:88:52:fb:32:d1:4b:19: a5:16:ca:1a:45:f1:d3:55:dd:12:6d:3d:4c:66:4b:27: 21:71:99:ed:22:f7:65:79:52:14:1a:86:f4:21:46:ce: ee:46:14:7f:0c:03:ef:21:34:54:fc:ff:dd:60:5c:9d: fd:41:f5:e2:f7:12:1f:c4:39:b5:bf:92:e9:63:3b:32 Fingerprint (SHA-256): C8:B8:81:D4:C0:61:3F:F5:C0:B9:DF:E1:86:02:92:09:1F:7B:F8:20:B4:C3:6A:F3:89:0E:4A:56:C8:DA:05:51 Fingerprint (SHA1): AF:FF:03:62:F3:3B:39:1A:20:7F:37:1E:E2:71:76:6F:3D:33:60:09 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #966: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #967: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171484 (0x1ee2ab5c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:18:21 2015 Not After : Mon May 18 21:18:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:ba:df:67:7a:b4:b8:34:09:c7:b0:1d:b7:2f:64:5c: 70:4c:2f:6d:44:e5:40:d1:7a:64:62:89:54:02:f5:47: ea:a4:88:be:2a:07:a4:77:17:c6:72:a4:05:b0:b2:da: da:04:26:2f:f5:2f:90:11:88:fc:7b:29:29:3d:5f:b1: f6:16:58:c2:2b:9d:49:ca:45:7c:d4:0f:c1:4c:7a:e2: 4e:01:e1:fc:f8:b9:69:b5:f3:3f:c9:4e:98:63:1e:b3: e3:f0:ee:f7:71:d5:d5:33:f3:ce:87:40:f5:a5:15:ea: c5:ae:f9:74:a6:86:ab:c7:3b:a1:35:2e:08:6a:bc:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:43:a3:87:54:e4:df:f4:0f:10:84:05:ea:08:92:fe: b3:59:af:3a:69:78:a5:93:2a:cb:77:20:1f:5d:6b:bb: 11:43:9f:41:41:f2:cc:52:92:40:3a:8c:3b:04:d6:34: 0d:70:cd:3c:de:eb:c6:68:dc:14:91:1b:d0:95:48:bf: fa:a7:6d:fb:a1:2e:85:60:c9:2d:a9:5c:dc:4b:80:5b: 28:fd:c2:88:ff:35:8e:06:e0:3a:ac:9c:c5:9b:25:83: 9e:28:0d:52:f4:31:29:fd:ee:53:45:48:d6:23:00:7b: 1d:f0:e9:40:6c:a3:dd:91:0a:46:ae:8f:3f:b9:ba:58 Fingerprint (SHA-256): 09:23:DC:D2:3E:27:2E:2E:C5:46:A2:2A:B8:FC:6C:68:E6:0B:CA:12:4A:90:BC:68:6B:78:D6:67:8B:56:84:BE Fingerprint (SHA1): 20:40:5D:1F:88:D0:09:A9:B3:4C:2D:74:52:0E:FC:18:13:F7:85:A6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #968: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #969: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171482 (0x1ee2ab5a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:15 2015 Not After : Mon May 18 21:18:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:18:f2:20:e6:ce:5a:fa:81:da:7c:b9:ee:69:84:74: cb:ea:70:58:bc:13:64:b7:14:e0:74:7f:60:8e:3f:8d: 47:d0:6c:77:03:7c:d4:0f:c6:94:df:e4:f4:af:c4:0c: 12:33:b1:7a:12:7c:3c:6c:ff:ab:e5:9a:71:47:c4:75: 5f:14:db:ce:d4:9c:04:7d:43:e1:51:e4:7f:80:be:f4: b3:89:1c:fc:ca:09:bc:19:63:20:57:a2:83:02:7e:7e: 66:e4:14:11:d0:fb:5c:e2:bf:d8:b7:e2:cf:c0:81:a3: 53:98:32:3a:3f:d4:ab:0d:4b:dd:f6:92:98:88:3b:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:43:07:37:87:32:72:3c:f9:42:65:14:48:59:90:9b: 6c:1f:6f:58:06:59:ce:39:8d:96:f5:2b:2f:a5:ad:f3: 80:fc:7d:9c:d9:5d:61:05:94:fc:ac:bd:56:3d:fa:7e: 4f:91:92:96:91:8a:f8:ae:17:da:45:f4:5a:f1:77:aa: 15:1e:9a:11:b6:74:b9:7e:5c:82:f0:24:71:e2:bf:3a: 37:d6:a5:0d:af:54:bc:7f:ee:de:c7:b2:93:ae:a9:3a: 15:16:d0:ab:bd:08:92:44:4c:f3:49:2f:7e:11:05:7a: c4:80:af:66:c8:02:ab:80:a9:22:7a:57:de:43:4d:a0 Fingerprint (SHA-256): 0F:6D:AA:6B:8D:34:0A:62:84:1C:E0:C8:A8:0D:DB:89:05:67:EE:9F:38:4D:94:20:73:FB:91:D6:48:06:E8:8D Fingerprint (SHA1): FA:C9:30:60:99:D7:FF:0B:1A:F8:EE:96:60:B3:20:3E:20:97:9C:A7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #970: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171482 (0x1ee2ab5a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:15 2015 Not After : Mon May 18 21:18:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:18:f2:20:e6:ce:5a:fa:81:da:7c:b9:ee:69:84:74: cb:ea:70:58:bc:13:64:b7:14:e0:74:7f:60:8e:3f:8d: 47:d0:6c:77:03:7c:d4:0f:c6:94:df:e4:f4:af:c4:0c: 12:33:b1:7a:12:7c:3c:6c:ff:ab:e5:9a:71:47:c4:75: 5f:14:db:ce:d4:9c:04:7d:43:e1:51:e4:7f:80:be:f4: b3:89:1c:fc:ca:09:bc:19:63:20:57:a2:83:02:7e:7e: 66:e4:14:11:d0:fb:5c:e2:bf:d8:b7:e2:cf:c0:81:a3: 53:98:32:3a:3f:d4:ab:0d:4b:dd:f6:92:98:88:3b:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:43:07:37:87:32:72:3c:f9:42:65:14:48:59:90:9b: 6c:1f:6f:58:06:59:ce:39:8d:96:f5:2b:2f:a5:ad:f3: 80:fc:7d:9c:d9:5d:61:05:94:fc:ac:bd:56:3d:fa:7e: 4f:91:92:96:91:8a:f8:ae:17:da:45:f4:5a:f1:77:aa: 15:1e:9a:11:b6:74:b9:7e:5c:82:f0:24:71:e2:bf:3a: 37:d6:a5:0d:af:54:bc:7f:ee:de:c7:b2:93:ae:a9:3a: 15:16:d0:ab:bd:08:92:44:4c:f3:49:2f:7e:11:05:7a: c4:80:af:66:c8:02:ab:80:a9:22:7a:57:de:43:4d:a0 Fingerprint (SHA-256): 0F:6D:AA:6B:8D:34:0A:62:84:1C:E0:C8:A8:0D:DB:89:05:67:EE:9F:38:4D:94:20:73:FB:91:D6:48:06:E8:8D Fingerprint (SHA1): FA:C9:30:60:99:D7:FF:0B:1A:F8:EE:96:60:B3:20:3E:20:97:9C:A7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #971: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171483 (0x1ee2ab5b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:17 2015 Not After : Mon May 18 21:18:17 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:44:13:36:da:ee:8e:95:8f:5f:f7:ad:0b:ca:d8:70: 81:56:97:52:0e:ab:85:ed:fc:bc:0e:3d:42:01:28:0c: 0f:f2:96:df:c0:f1:d9:2e:9e:61:92:74:8f:ac:88:7b: b3:8d:60:74:c1:68:48:b4:98:3a:76:e8:0d:7a:b9:5b: 39:aa:95:5f:be:60:00:a7:4c:af:58:c5:98:91:5f:be: 41:d5:41:70:a7:ee:5c:a6:c3:a8:c7:51:ea:55:bf:b8: 33:b3:d1:6a:b1:a8:93:c3:ee:38:b5:30:03:ae:58:0e: c0:e5:1d:b4:8a:d1:a8:70:51:43:c9:34:eb:45:f8:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:b9:f7:23:7d:b5:f6:d2:51:1a:4c:6f:ea:4f:2b:c3: 41:a4:14:2e:f1:86:17:63:01:fa:fe:d0:0b:23:bd:9d: d3:cc:ef:9c:08:bb:d5:15:e1:06:be:5e:47:08:c9:49: f1:38:82:bf:be:93:ee:d9:8b:88:52:fb:32:d1:4b:19: a5:16:ca:1a:45:f1:d3:55:dd:12:6d:3d:4c:66:4b:27: 21:71:99:ed:22:f7:65:79:52:14:1a:86:f4:21:46:ce: ee:46:14:7f:0c:03:ef:21:34:54:fc:ff:dd:60:5c:9d: fd:41:f5:e2:f7:12:1f:c4:39:b5:bf:92:e9:63:3b:32 Fingerprint (SHA-256): C8:B8:81:D4:C0:61:3F:F5:C0:B9:DF:E1:86:02:92:09:1F:7B:F8:20:B4:C3:6A:F3:89:0E:4A:56:C8:DA:05:51 Fingerprint (SHA1): AF:FF:03:62:F3:3B:39:1A:20:7F:37:1E:E2:71:76:6F:3D:33:60:09 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #972: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171483 (0x1ee2ab5b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:18:17 2015 Not After : Mon May 18 21:18:17 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:44:13:36:da:ee:8e:95:8f:5f:f7:ad:0b:ca:d8:70: 81:56:97:52:0e:ab:85:ed:fc:bc:0e:3d:42:01:28:0c: 0f:f2:96:df:c0:f1:d9:2e:9e:61:92:74:8f:ac:88:7b: b3:8d:60:74:c1:68:48:b4:98:3a:76:e8:0d:7a:b9:5b: 39:aa:95:5f:be:60:00:a7:4c:af:58:c5:98:91:5f:be: 41:d5:41:70:a7:ee:5c:a6:c3:a8:c7:51:ea:55:bf:b8: 33:b3:d1:6a:b1:a8:93:c3:ee:38:b5:30:03:ae:58:0e: c0:e5:1d:b4:8a:d1:a8:70:51:43:c9:34:eb:45:f8:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:b9:f7:23:7d:b5:f6:d2:51:1a:4c:6f:ea:4f:2b:c3: 41:a4:14:2e:f1:86:17:63:01:fa:fe:d0:0b:23:bd:9d: d3:cc:ef:9c:08:bb:d5:15:e1:06:be:5e:47:08:c9:49: f1:38:82:bf:be:93:ee:d9:8b:88:52:fb:32:d1:4b:19: a5:16:ca:1a:45:f1:d3:55:dd:12:6d:3d:4c:66:4b:27: 21:71:99:ed:22:f7:65:79:52:14:1a:86:f4:21:46:ce: ee:46:14:7f:0c:03:ef:21:34:54:fc:ff:dd:60:5c:9d: fd:41:f5:e2:f7:12:1f:c4:39:b5:bf:92:e9:63:3b:32 Fingerprint (SHA-256): C8:B8:81:D4:C0:61:3F:F5:C0:B9:DF:E1:86:02:92:09:1F:7B:F8:20:B4:C3:6A:F3:89:0E:4A:56:C8:DA:05:51 Fingerprint (SHA1): AF:FF:03:62:F3:3B:39:1A:20:7F:37:1E:E2:71:76:6F:3D:33:60:09 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #973: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171484 (0x1ee2ab5c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:18:21 2015 Not After : Mon May 18 21:18:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:ba:df:67:7a:b4:b8:34:09:c7:b0:1d:b7:2f:64:5c: 70:4c:2f:6d:44:e5:40:d1:7a:64:62:89:54:02:f5:47: ea:a4:88:be:2a:07:a4:77:17:c6:72:a4:05:b0:b2:da: da:04:26:2f:f5:2f:90:11:88:fc:7b:29:29:3d:5f:b1: f6:16:58:c2:2b:9d:49:ca:45:7c:d4:0f:c1:4c:7a:e2: 4e:01:e1:fc:f8:b9:69:b5:f3:3f:c9:4e:98:63:1e:b3: e3:f0:ee:f7:71:d5:d5:33:f3:ce:87:40:f5:a5:15:ea: c5:ae:f9:74:a6:86:ab:c7:3b:a1:35:2e:08:6a:bc:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:43:a3:87:54:e4:df:f4:0f:10:84:05:ea:08:92:fe: b3:59:af:3a:69:78:a5:93:2a:cb:77:20:1f:5d:6b:bb: 11:43:9f:41:41:f2:cc:52:92:40:3a:8c:3b:04:d6:34: 0d:70:cd:3c:de:eb:c6:68:dc:14:91:1b:d0:95:48:bf: fa:a7:6d:fb:a1:2e:85:60:c9:2d:a9:5c:dc:4b:80:5b: 28:fd:c2:88:ff:35:8e:06:e0:3a:ac:9c:c5:9b:25:83: 9e:28:0d:52:f4:31:29:fd:ee:53:45:48:d6:23:00:7b: 1d:f0:e9:40:6c:a3:dd:91:0a:46:ae:8f:3f:b9:ba:58 Fingerprint (SHA-256): 09:23:DC:D2:3E:27:2E:2E:C5:46:A2:2A:B8:FC:6C:68:E6:0B:CA:12:4A:90:BC:68:6B:78:D6:67:8B:56:84:BE Fingerprint (SHA1): 20:40:5D:1F:88:D0:09:A9:B3:4C:2D:74:52:0E:FC:18:13:F7:85:A6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #974: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171484 (0x1ee2ab5c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:18:21 2015 Not After : Mon May 18 21:18:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:ba:df:67:7a:b4:b8:34:09:c7:b0:1d:b7:2f:64:5c: 70:4c:2f:6d:44:e5:40:d1:7a:64:62:89:54:02:f5:47: ea:a4:88:be:2a:07:a4:77:17:c6:72:a4:05:b0:b2:da: da:04:26:2f:f5:2f:90:11:88:fc:7b:29:29:3d:5f:b1: f6:16:58:c2:2b:9d:49:ca:45:7c:d4:0f:c1:4c:7a:e2: 4e:01:e1:fc:f8:b9:69:b5:f3:3f:c9:4e:98:63:1e:b3: e3:f0:ee:f7:71:d5:d5:33:f3:ce:87:40:f5:a5:15:ea: c5:ae:f9:74:a6:86:ab:c7:3b:a1:35:2e:08:6a:bc:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:43:a3:87:54:e4:df:f4:0f:10:84:05:ea:08:92:fe: b3:59:af:3a:69:78:a5:93:2a:cb:77:20:1f:5d:6b:bb: 11:43:9f:41:41:f2:cc:52:92:40:3a:8c:3b:04:d6:34: 0d:70:cd:3c:de:eb:c6:68:dc:14:91:1b:d0:95:48:bf: fa:a7:6d:fb:a1:2e:85:60:c9:2d:a9:5c:dc:4b:80:5b: 28:fd:c2:88:ff:35:8e:06:e0:3a:ac:9c:c5:9b:25:83: 9e:28:0d:52:f4:31:29:fd:ee:53:45:48:d6:23:00:7b: 1d:f0:e9:40:6c:a3:dd:91:0a:46:ae:8f:3f:b9:ba:58 Fingerprint (SHA-256): 09:23:DC:D2:3E:27:2E:2E:C5:46:A2:2A:B8:FC:6C:68:E6:0B:CA:12:4A:90:BC:68:6B:78:D6:67:8B:56:84:BE Fingerprint (SHA1): 20:40:5D:1F:88:D0:09:A9:B3:4C:2D:74:52:0E:FC:18:13:F7:85:A6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #975: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #976: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171487 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #977: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #978: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #979: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #980: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171488 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #981: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #982: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #983: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #984: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171489 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #985: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #986: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #987: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #988: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518171490 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #989: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #990: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #991: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #992: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518171491 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #993: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #994: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #995: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #996: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518171492 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #997: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #998: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #999: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1000: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518171493 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1001: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1002: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1003: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1004: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1005: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1006: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1007: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171487 (0x1ee2ab5f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:18:44 2015 Not After : Mon May 18 21:18:44 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:51:22:81:bc:ea:1a:c4:2a:90:c4:1f:5b:7f:e2:0a: bd:b6:1a:28:58:c0:bd:6e:0e:6f:e7:a7:2a:2a:74:d0: b5:90:1e:22:d2:37:bc:72:b0:30:79:ce:64:77:6b:14: 16:1a:cc:fa:24:b4:42:b3:3c:01:c5:f4:f7:e2:47:e5: cb:66:7d:f4:bd:ec:61:fb:3c:d9:13:37:34:de:28:d7: 7f:90:08:ba:0b:af:6c:e1:c7:cd:19:5a:02:ff:f9:18: 37:41:83:8f:67:77:6a:07:35:0d:98:d9:df:0c:d7:5f: bc:d4:7c:e2:fe:e3:c3:26:37:21:4a:94:76:af:ec:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 30:87:7a:b3:64:f2:10:df:05:41:d3:72:09:af:e0:09: 78:80:28:8e:1e:91:64:93:ce:61:b0:29:3c:9e:b9:e1: fb:30:fe:f7:45:34:b1:c4:af:aa:69:9a:36:ab:87:12: 5f:cb:6b:be:e2:68:6e:d1:1a:9a:3e:1e:eb:7f:1e:8a: 4b:03:92:d8:f6:be:db:a1:df:ca:29:d8:e6:ff:7b:e9: e9:7c:bf:ad:a8:e5:2e:47:72:00:24:96:d9:2b:17:9b: a7:d2:29:9c:84:b3:a9:37:1f:d0:c8:b8:40:1c:31:48: fd:be:69:a5:1c:ee:f9:4b:86:77:1c:32:24:46:e0:f4 Fingerprint (SHA-256): AD:8C:B4:09:FA:45:A2:79:49:4E:EB:96:D1:8E:BE:FC:43:57:54:0E:5C:5A:1C:4A:43:66:60:E6:87:C9:69:B5 Fingerprint (SHA1): DE:70:1F:66:38:05:F0:6B:2C:20:5A:D9:BA:D1:E6:70:D8:B7:D5:70 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1008: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1009: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1010: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1011: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171487 (0x1ee2ab5f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:18:44 2015 Not After : Mon May 18 21:18:44 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:51:22:81:bc:ea:1a:c4:2a:90:c4:1f:5b:7f:e2:0a: bd:b6:1a:28:58:c0:bd:6e:0e:6f:e7:a7:2a:2a:74:d0: b5:90:1e:22:d2:37:bc:72:b0:30:79:ce:64:77:6b:14: 16:1a:cc:fa:24:b4:42:b3:3c:01:c5:f4:f7:e2:47:e5: cb:66:7d:f4:bd:ec:61:fb:3c:d9:13:37:34:de:28:d7: 7f:90:08:ba:0b:af:6c:e1:c7:cd:19:5a:02:ff:f9:18: 37:41:83:8f:67:77:6a:07:35:0d:98:d9:df:0c:d7:5f: bc:d4:7c:e2:fe:e3:c3:26:37:21:4a:94:76:af:ec:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 30:87:7a:b3:64:f2:10:df:05:41:d3:72:09:af:e0:09: 78:80:28:8e:1e:91:64:93:ce:61:b0:29:3c:9e:b9:e1: fb:30:fe:f7:45:34:b1:c4:af:aa:69:9a:36:ab:87:12: 5f:cb:6b:be:e2:68:6e:d1:1a:9a:3e:1e:eb:7f:1e:8a: 4b:03:92:d8:f6:be:db:a1:df:ca:29:d8:e6:ff:7b:e9: e9:7c:bf:ad:a8:e5:2e:47:72:00:24:96:d9:2b:17:9b: a7:d2:29:9c:84:b3:a9:37:1f:d0:c8:b8:40:1c:31:48: fd:be:69:a5:1c:ee:f9:4b:86:77:1c:32:24:46:e0:f4 Fingerprint (SHA-256): AD:8C:B4:09:FA:45:A2:79:49:4E:EB:96:D1:8E:BE:FC:43:57:54:0E:5C:5A:1C:4A:43:66:60:E6:87:C9:69:B5 Fingerprint (SHA1): DE:70:1F:66:38:05:F0:6B:2C:20:5A:D9:BA:D1:E6:70:D8:B7:D5:70 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1012: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1013: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1014: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171494 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1015: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1016: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1017: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1018: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171495 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1019: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1020: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1021: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1022: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518171496 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1023: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1024: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1025: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1026: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518171497 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1027: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1028: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1029: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1030: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518171498 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1031: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1032: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1033: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1034: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518171499 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1035: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1036: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1037: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1038: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518171500 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1039: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1040: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1041: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1042: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518171501 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1043: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1044: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1045: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1046: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518171502 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1047: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1048: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1049: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1050: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518171503 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1051: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1052: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1053: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1054: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518171504 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1055: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1056: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1057: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1058: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518171505 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1059: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1060: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1061: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1062: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518171506 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1063: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1064: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1065: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1066: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518171507 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1067: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1068: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1069: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1070: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518171508 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1071: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1072: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1073: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1074: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518171509 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1075: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1076: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1077: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1078: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518171510 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1079: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1080: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1081: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1082: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518171511 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1083: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1084: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1085: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1086: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518171512 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1087: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1088: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1089: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1090: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518171513 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1091: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1092: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1093: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1094: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518171514 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1095: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1096: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1097: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1098: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518171515 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1099: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1100: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1101: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1102: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518171516 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1103: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1104: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1105: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1106: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518171517 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1107: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1108: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1109: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1110: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518171518 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1111: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1112: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1113: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1114: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518171519 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1115: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1116: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1117: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1118: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518171520 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1119: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1120: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1121: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1122: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518171521 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1123: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1124: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1125: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1126: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518171522 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1127: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1128: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1129: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1130: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518171523 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1131: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1132: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1133: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1134: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1135: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1136: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1137: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1138: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1139: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1140: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1141: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1142: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1143: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1144: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1145: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1146: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1147: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1148: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1149: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1150: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1151: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1152: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1153: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1154: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1155: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171494 (0x1ee2ab66) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:19:13 2015 Not After : Mon May 18 21:19:13 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:fb:91:4e:c8:bc:45:67:80:7a:a2:19:8b:31:09:25: a0:23:33:a5:b5:cf:00:63:7b:07:ea:2e:50:f1:83:fa: 83:1c:2b:be:0a:da:70:87:65:36:d4:30:e7:21:a6:f2: c1:14:dd:09:9c:76:42:c4:ae:db:20:6e:66:74:3d:7e: 0d:4d:f7:dd:7d:4c:64:3c:80:28:6f:73:bd:fa:f4:8d: 82:9b:09:9f:2d:70:14:4a:c7:02:e3:6c:66:95:9a:24: 62:bd:95:f7:a2:c5:be:a3:d1:ba:3c:f9:3b:df:08:ae: 87:99:f5:6d:8a:8e:f6:fe:49:1e:30:07:b9:bd:e8:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:df:15:f4:f4:ea:af:b4:e2:bd:61:07:26:09:b2:14: 84:1e:c5:7c:bd:98:43:b8:b1:8b:27:c4:07:33:b4:5c: a4:a2:66:47:8b:ab:25:55:47:13:74:8a:0a:e8:ee:d0: 61:23:bb:16:dd:88:05:1c:48:1e:d5:47:22:b7:e4:14: d2:00:aa:72:0b:85:da:8d:10:f5:85:c7:1f:b5:f4:42: 02:e3:f9:e5:5e:29:f3:f1:9d:97:2c:4e:bd:b7:c4:2e: 7c:2d:ae:97:f0:45:1a:9e:d3:26:19:02:16:fe:3b:d1: 54:a3:c8:54:b9:c0:7e:e5:5b:93:4c:2f:19:4a:4c:6e Fingerprint (SHA-256): 9E:92:FE:D5:71:55:1B:A9:65:33:C9:CB:98:55:28:07:3C:B4:12:F3:17:18:C2:BF:C7:AB:3D:C5:AF:42:93:5A Fingerprint (SHA1): F1:A0:0A:1C:AB:19:1D:01:37:2F:D7:C4:FE:CF:55:29:6F:D6:78:23 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1156: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1157: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1158: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171524 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1159: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1160: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1161: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1162: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518171525 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1163: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1164: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1165: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1166: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518171526 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1167: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1168: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1169: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1170: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518171527 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1171: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1172: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1173: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1174: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518171528 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1175: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1176: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1177: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1178: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518171529 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1179: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1180: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1181: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1182: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518171530 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1183: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1184: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1185: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171524 (0x1ee2ab84) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:03 2015 Not After : Mon May 18 21:21:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ec:fe:47:7b:3a:d6:f7:35:c8:3f:d5:9d:ee:c3:fc:76: 51:3f:90:cd:7a:06:86:70:f2:3b:e5:e0:e6:1b:fd:cd: 3c:f7:6a:f1:80:db:05:aa:6a:57:67:bb:64:de:dc:7b: 6c:8d:54:aa:a5:8c:cb:91:c9:91:b6:a6:21:46:ed:6a: 70:72:4b:19:74:d1:7e:05:f8:e3:fa:e9:c2:e7:2a:3a: 45:81:67:a7:84:7f:6a:87:94:6c:8d:34:55:97:ec:26: e8:29:f1:32:33:a7:0c:a4:f9:4e:32:70:05:43:a8:33: de:fd:41:ff:1d:c7:02:1b:31:c9:0b:2c:3a:45:2f:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 12:25:5d:0a:2b:31:5a:78:e3:0c:32:99:70:9b:d0:82: d3:7b:e1:af:c6:e8:bd:7a:be:42:1c:00:b3:f2:11:95: c0:ed:65:99:e0:7b:e5:a0:23:96:e2:ca:4b:cf:5f:b0: 49:17:ba:10:f1:c4:52:22:80:24:af:16:fd:36:0b:e2: eb:94:62:89:81:1a:a5:df:12:f6:ec:19:14:78:a5:e0: 20:16:48:4e:89:08:a5:cb:82:41:8f:18:50:5b:b3:fc: 43:31:14:04:a2:0f:1f:87:67:22:f1:c0:57:45:37:42: f3:d4:3c:c6:af:89:b8:0a:cd:b6:fe:e2:41:c4:35:9b Fingerprint (SHA-256): BB:9A:6D:A2:62:2C:07:4F:60:EC:BE:D6:AD:99:23:41:8D:B4:90:3F:4D:E2:41:67:8F:D3:6B:61:7F:21:24:B3 Fingerprint (SHA1): 21:D2:4C:64:8B:DC:21:76:31:EA:7B:01:2E:05:D5:25:64:A8:45:79 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1186: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1187: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1188: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1189: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171524 (0x1ee2ab84) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:03 2015 Not After : Mon May 18 21:21:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ec:fe:47:7b:3a:d6:f7:35:c8:3f:d5:9d:ee:c3:fc:76: 51:3f:90:cd:7a:06:86:70:f2:3b:e5:e0:e6:1b:fd:cd: 3c:f7:6a:f1:80:db:05:aa:6a:57:67:bb:64:de:dc:7b: 6c:8d:54:aa:a5:8c:cb:91:c9:91:b6:a6:21:46:ed:6a: 70:72:4b:19:74:d1:7e:05:f8:e3:fa:e9:c2:e7:2a:3a: 45:81:67:a7:84:7f:6a:87:94:6c:8d:34:55:97:ec:26: e8:29:f1:32:33:a7:0c:a4:f9:4e:32:70:05:43:a8:33: de:fd:41:ff:1d:c7:02:1b:31:c9:0b:2c:3a:45:2f:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 12:25:5d:0a:2b:31:5a:78:e3:0c:32:99:70:9b:d0:82: d3:7b:e1:af:c6:e8:bd:7a:be:42:1c:00:b3:f2:11:95: c0:ed:65:99:e0:7b:e5:a0:23:96:e2:ca:4b:cf:5f:b0: 49:17:ba:10:f1:c4:52:22:80:24:af:16:fd:36:0b:e2: eb:94:62:89:81:1a:a5:df:12:f6:ec:19:14:78:a5:e0: 20:16:48:4e:89:08:a5:cb:82:41:8f:18:50:5b:b3:fc: 43:31:14:04:a2:0f:1f:87:67:22:f1:c0:57:45:37:42: f3:d4:3c:c6:af:89:b8:0a:cd:b6:fe:e2:41:c4:35:9b Fingerprint (SHA-256): BB:9A:6D:A2:62:2C:07:4F:60:EC:BE:D6:AD:99:23:41:8D:B4:90:3F:4D:E2:41:67:8F:D3:6B:61:7F:21:24:B3 Fingerprint (SHA1): 21:D2:4C:64:8B:DC:21:76:31:EA:7B:01:2E:05:D5:25:64:A8:45:79 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1190: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1191: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1192: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1193: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171531 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1194: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1195: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1196: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1197: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171532 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1198: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1199: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1200: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1201: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171533 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1202: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1203: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1204: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1205: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171534 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1206: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1207: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1208: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1209: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1210: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1211: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171531 (0x1ee2ab8b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:28 2015 Not After : Mon May 18 21:21:28 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:ae:08:6c:0e:20:bc:03:fc:db:1e:81:92:10:80:7c: ef:8e:2e:5e:cf:83:8c:10:6d:20:38:44:24:ea:ba:d0: 9e:a6:aa:82:f2:62:a3:17:d4:c5:15:26:e7:84:ee:2d: a8:1b:c4:27:8f:90:7b:83:38:a5:d0:5d:64:b7:48:f5: 22:a4:da:bd:14:66:d8:23:a3:79:14:c7:2b:28:b0:c6: df:2c:dc:18:27:cf:0b:5a:fb:85:3b:b9:81:5f:d7:87: 20:0d:13:a8:2c:e5:78:ec:99:fd:31:34:9b:9b:e6:e7: e3:6a:4a:be:6a:ae:2b:87:78:79:e2:b1:14:29:fc:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a2:b3:8f:38:aa:5f:d7:63:42:7f:79:40:64:c2:8b:8a: 93:16:df:af:75:3b:bf:37:6d:61:8c:30:77:5e:03:6e: 97:0e:6b:b1:45:d8:10:7c:e1:d3:e3:a5:81:98:81:39: c7:73:a9:ad:c4:4b:3d:c3:79:22:20:17:33:ff:96:06: da:e1:8c:f0:fb:29:3b:58:12:71:04:03:0a:64:c4:94: af:a7:ea:14:72:3d:4e:52:31:9b:65:c1:8c:4a:ad:49: 02:82:af:6e:3c:f2:55:54:34:24:3a:63:71:c4:df:0e: 44:82:a4:1a:50:6c:b2:43:cb:d7:90:e2:7a:1a:0e:69 Fingerprint (SHA-256): F3:85:57:87:CD:B7:D4:DD:C2:2E:11:E0:24:B2:57:AD:06:58:0C:F3:48:8A:01:D8:EF:20:09:28:55:DA:37:AE Fingerprint (SHA1): 6E:83:29:C1:E5:A1:E9:7B:B0:7C:C2:28:52:78:68:D3:BE:7A:C8:24 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1212: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1213: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1214: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171532 (0x1ee2ab8c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:32 2015 Not After : Mon May 18 21:21:32 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:52:47:28:33:e4:22:a8:91:d9:f4:47:d7:93:01:2e: b4:f4:44:5e:37:28:22:9f:ab:89:d8:89:76:78:dc:6f: 9a:16:07:1f:98:95:db:7e:62:89:ea:74:25:6e:34:e1: e4:9e:e3:06:38:ae:83:ae:72:60:e2:49:dd:24:e2:ef: 89:d2:b4:91:9f:61:dd:bd:85:c4:74:23:b0:74:73:22: 4b:11:b8:f9:9b:d0:7a:9d:a3:aa:42:d0:b7:41:28:b7: 39:ce:86:b7:a3:78:33:ea:50:5e:f8:cb:ae:9b:c6:f2: 19:5e:4f:a4:77:3d:78:5d:19:b4:01:f4:64:14:3f:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:0c:9f:59:ff:27:a2:f8:7d:c7:2f:09:c0:fd:b4:5b: ce:a4:7b:82:79:31:36:ab:78:79:71:8a:80:b9:9f:75: f0:10:dd:08:40:c7:dd:ff:98:76:2b:63:08:9f:38:c2: 3b:3f:cd:40:ff:27:ac:0d:dc:03:bd:fa:b6:bb:41:a1: a2:fb:5d:9e:ca:05:31:68:df:b1:a1:68:2e:4b:60:14: e5:5a:a6:0a:49:5a:58:e3:c9:91:fa:94:54:d3:99:f5: 02:f3:a5:2c:8f:8c:7a:e9:8a:e7:2c:f1:68:96:ac:d8: db:33:8e:fa:58:81:d3:43:0b:67:a6:c2:a7:63:ad:75 Fingerprint (SHA-256): D1:4C:BC:CE:85:80:1C:B4:BA:C2:77:47:E0:14:94:42:61:BD:F7:98:8C:7F:02:32:F9:93:3B:E9:6B:07:4B:2C Fingerprint (SHA1): E1:E1:84:43:CC:87:B1:08:ED:96:1A:8F:5F:9D:64:E4:77:A2:7D:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1215: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1216: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171533 (0x1ee2ab8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:21:35 2015 Not After : Mon May 18 21:21:35 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:72:54:37:3b:70:06:17:fe:8d:95:a1:51:1d:60:59: 9a:ae:62:62:36:45:93:f5:0c:9c:43:d6:56:2d:9d:34: 3f:72:3d:3d:aa:e6:86:5c:88:91:90:3e:0d:42:54:46: 2d:50:9c:27:ab:d0:41:d9:60:fa:4e:b1:2b:2f:6d:31: 12:fb:09:a1:f3:da:49:e3:1f:ce:dc:44:73:9b:a9:17: 87:7a:25:43:b6:ae:35:1a:07:a6:f6:e7:a2:5e:4c:3a: 6c:de:43:50:10:6d:2d:8e:3c:54:ff:f3:ed:50:df:26: af:50:0a:62:34:1d:b6:89:83:c2:5c:96:c8:f5:99:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b2:f6:41:a7:34:3d:4e:c1:3f:2d:b2:43:f8:0a:ea:65: 0a:34:98:7c:13:a8:f7:2b:27:c9:ba:76:5c:a3:b9:8c: bb:d0:5e:4a:c8:6f:5c:7b:29:50:67:86:05:7d:26:76: 0d:91:55:73:3c:ac:ed:5c:b5:ed:f3:eb:76:ab:8d:af: f7:ad:13:5e:38:67:b2:93:ad:ba:0d:ab:af:1e:64:1f: 05:00:71:d8:81:71:73:35:0f:79:f8:0e:84:d1:a7:d9: 9c:65:08:a7:f8:83:39:1f:23:60:c6:91:c6:6b:60:a6: ff:67:ca:46:2b:66:c7:51:70:88:b8:6e:c3:d6:19:c8 Fingerprint (SHA-256): 38:C8:08:4A:3E:D1:8E:30:19:E2:82:F0:5B:FD:ED:AB:76:F7:42:A9:91:AE:27:05:E1:62:D6:37:28:D4:69:2B Fingerprint (SHA1): C3:FF:B4:E5:34:1B:9A:8B:DA:3B:5F:E4:5F:C7:08:6B:7A:0F:0C:45 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1217: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1218: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171535 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1219: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1220: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1221: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1222: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171536 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1223: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1224: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1225: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1226: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171537 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1227: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1228: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1229: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1230: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518171538 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1231: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1232: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1233: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1234: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518171539 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1235: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1236: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1237: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1238: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1239: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1240: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #1241: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171535 (0x1ee2ab8f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:46 2015 Not After : Mon May 18 21:21:46 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:ee:ac:d7:4f:47:0b:30:c9:80:08:4a:44:b8:94:45: 91:b8:92:d2:c7:87:86:fe:6d:e2:0a:90:27:b8:db:2d: bf:af:03:6c:bc:31:c7:95:ba:78:40:50:59:f5:bc:8f: b8:b8:4b:97:4e:be:4a:f4:af:fb:a1:76:64:12:ee:e7: ec:ab:6c:59:2e:05:bf:78:95:63:54:64:92:cf:27:c8: e3:cb:c7:b2:7d:b8:a9:10:5a:09:ee:7d:85:95:2b:74: 1b:b4:68:bd:4f:b0:b2:28:31:10:13:47:9d:20:d0:29: 85:d4:35:a9:13:db:b6:1c:6b:34:94:38:77:81:7a:bf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:a9:53:f0:2a:05:d7:c8:54:72:85:eb:fd:fa:2c:47: 84:f0:0c:b2:92:4a:15:d6:03:89:84:e0:06:16:88:d0: 4a:c4:cb:20:df:d7:f6:0a:ac:f0:c0:b2:34:bc:0c:dd: 93:af:c8:1b:b4:6c:51:26:7d:fe:11:97:f6:67:a9:89: f6:8f:63:94:16:cb:60:d5:42:cc:a1:e5:72:da:54:83: 06:76:ae:b8:aa:cf:41:be:e3:0c:24:6a:79:a9:8e:77: 44:19:98:61:af:9a:19:d8:1b:81:9e:70:24:a9:16:63: 62:71:9f:3d:73:b3:e1:73:8d:4f:e5:83:3e:33:d2:f5 Fingerprint (SHA-256): 6E:64:D3:7B:D3:2F:DF:DF:6F:80:8E:58:23:D6:57:82:82:38:01:95:CB:E2:18:A5:D8:30:C3:7E:9A:14:2E:67 Fingerprint (SHA1): F9:D7:1B:1D:A8:10:6C:F0:E5:EF:35:E5:0F:58:9F:DC:20:19:64:D4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1242: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1243: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171536 (0x1ee2ab90) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:21:49 2015 Not After : Mon May 18 21:21:49 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:fb:be:64:66:39:72:f1:3f:1c:2f:3b:42:5b:05:4e: 11:52:2e:35:3a:7e:fb:98:f9:75:96:19:a9:64:aa:2e: 70:d9:a3:2f:ba:f0:f8:e5:f9:84:b4:61:93:56:79:e0: 61:b7:fc:29:c1:9d:48:b5:ab:45:cb:fe:12:c8:1b:7d: 32:4d:d6:15:1c:59:1b:71:e0:47:23:bd:07:c8:ba:ac: b7:3b:1d:12:2f:cd:c3:f9:58:e5:5d:fd:59:21:78:21: 8a:b3:42:3e:29:b2:44:93:86:94:d9:20:7f:e7:54:b7: 83:01:71:f0:d9:72:8a:70:92:1e:32:be:55:15:c0:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:00:cd:54:3b:0a:b1:e7:ff:9a:ad:77:3a:ab:df:46: 62:51:1c:f3:9a:9a:97:2b:a6:c4:fc:cd:45:c5:a0:72: a6:e5:f1:20:7e:f8:38:c4:df:ca:89:bc:45:26:54:56: a9:5c:4a:15:b7:d7:bc:92:ed:2f:29:38:30:53:c5:90: 73:cb:8e:2d:95:ae:63:97:63:f6:d1:42:ba:49:2c:cb: 59:92:f6:26:0e:1a:48:e3:25:b0:59:87:94:bd:2d:e1: 46:f0:5d:9f:c4:a7:b5:2d:64:dc:77:48:74:5c:49:5d: fd:91:ee:bf:b0:86:0c:c1:fe:95:0b:4d:04:0c:26:97 Fingerprint (SHA-256): EA:67:A0:60:EA:CD:06:9A:F0:CC:6E:3A:89:51:28:C9:15:64:7A:E3:DD:A7:17:29:05:74:06:26:0B:D8:DE:EF Fingerprint (SHA1): 51:24:B8:AD:E9:46:37:9A:B8:63:84:AD:B5:8E:0D:69:EA:82:5C:26 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1244: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1245: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1246: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171537 (0x1ee2ab91) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:21:53 2015 Not After : Mon May 18 21:21:53 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:2d:fa:6b:79:d7:8c:17:0b:02:60:b8:7c:06:eb:68: 23:c9:8b:71:5e:e6:e3:a3:69:48:71:cd:80:09:98:a3: e4:6f:75:1f:96:1c:8f:19:d4:92:01:63:ab:c9:c7:c0: 74:12:60:3d:c4:b7:69:f9:9d:38:48:28:de:75:a2:7f: 28:65:6d:1d:d9:e5:d8:d1:a1:c0:6b:43:84:14:e5:58: a8:15:40:9a:b3:ef:93:d5:7e:60:3e:00:e9:a0:6b:f9: 7e:46:88:58:23:d8:c5:08:a2:9d:ab:cd:a5:fc:34:3f: 4f:16:0a:52:5b:92:84:67:36:b8:f0:45:dc:64:d3:57 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:e5:ce:46:43:af:00:1d:e1:3f:78:fb:e3:8d:0e:55: ec:68:3a:e1:47:fc:6f:61:ad:6a:f4:4e:12:df:24:25: eb:fb:16:88:09:f0:84:5b:a8:c5:07:a0:d4:dc:93:b1: 78:9a:1c:ba:6b:91:d0:aa:fd:7c:06:b7:ec:e7:78:fa: 05:2e:41:53:f4:70:71:2d:2e:19:af:e5:7a:d0:93:72: fd:ca:fa:a9:55:01:e0:1d:bb:00:6f:f3:ac:79:e4:0e: 08:74:5a:9a:39:63:6b:75:c9:af:c9:2e:56:89:5d:b1: 2c:6d:9e:5f:ea:0c:36:48:97:f1:50:4d:cd:70:fc:c5 Fingerprint (SHA-256): 32:84:54:AE:7E:09:26:FA:7A:90:B3:18:8D:D7:05:D7:E4:08:56:50:CC:1C:15:F0:53:FB:DE:CB:79:86:60:43 Fingerprint (SHA1): C8:6D:6D:29:D4:39:E6:28:24:96:F1:76:F7:1F:E0:1C:ED:4E:C1:41 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1247: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1248: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171540 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1249: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1250: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1251: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1252: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171541 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1253: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1254: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1255: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1256: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171542 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518171449.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1257: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1258: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1259: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1260: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171543 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1261: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1262: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #1263: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171540 (0x1ee2ab94) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:22:08 2015 Not After : Mon May 18 21:22:08 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ed:e9:f2:f4:79:b8:3c:e5:22:b1:67:c6:f1:53:ec:d2: 7e:e0:fc:3c:a5:05:ce:48:c9:97:1d:ce:70:5b:87:06: ec:c9:54:5e:af:9e:b8:4a:2d:ed:3f:8f:19:db:f2:a3: 9f:62:11:08:d3:f4:e2:18:91:86:fe:ef:e8:88:a0:3d: 97:bf:2a:db:1c:c1:21:31:86:73:0f:d1:1b:70:80:85: 38:80:58:9e:aa:57:ad:4f:80:bf:0d:4e:1e:b1:bc:b1: 04:2c:17:4b:d3:ec:02:58:bc:ef:1d:bd:ec:37:51:be: 16:45:83:fd:e8:89:fd:15:9b:7d:22:b9:79:1d:ec:1f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1b:c8:67:b6:db:d4:c5:c4:ba:32:3e:58:f5:01:46:ad: 6f:af:06:36:e0:22:79:50:b4:5e:5a:2d:65:a4:57:94: f3:d9:03:85:c5:bf:68:7b:f2:e0:7c:ad:ae:50:d5:91: 10:b4:2a:80:0e:50:dc:3c:e8:5d:3c:4f:ad:00:0b:b9: 2f:3b:19:3c:57:cf:02:5b:35:02:6a:a1:0e:fb:85:e8: 4f:b6:93:10:01:85:0e:0a:ac:25:47:49:b8:e6:92:ff: 37:20:9d:6c:a0:bc:5a:b3:c0:06:8e:6b:c9:9b:81:3a: b4:69:d1:86:69:ce:e4:7b:54:a8:00:b3:03:65:b1:04 Fingerprint (SHA-256): AD:60:B6:92:86:6B:A9:CF:8A:C0:E5:BA:7E:A7:A0:0A:99:AC:CA:57:01:C8:B1:20:74:8C:5B:4F:31:D9:76:F6 Fingerprint (SHA1): 0B:72:E5:0F:E0:22:D7:C0:21:74:B0:C6:1F:52:EA:93:76:53:AE:A4 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1264: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1265: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171544 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1266: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1267: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1268: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171545 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1269: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1270: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1271: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1272: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171546 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1273: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1274: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171547 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1275: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1276: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1277: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1278: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1279: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171548 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518171450.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1280: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1281: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1282: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1283: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171549 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1284: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1285: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1286: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1287: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171545 (0x1ee2ab99) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:26 2015 Not After : Mon May 18 21:22:26 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:37:14:69:23:b7:d5:56:2e:15:10:f8:72:7e:25:76: bb:26:dc:0a:e6:97:c6:37:e6:f3:33:f7:0e:60:de:29: 34:ad:31:41:7e:cd:9d:96:a1:62:f6:38:66:fe:68:1e: 90:b4:f9:ee:8a:5e:05:af:2d:38:66:16:39:13:7b:0c: 8f:b5:fa:fe:14:2d:32:b0:29:54:56:21:c0:bd:75:e6: df:9e:ef:30:6d:45:a9:7d:af:3c:b5:d5:6c:46:24:fe: 25:2b:84:df:e1:5e:56:73:5e:e3:ea:22:2d:ae:ba:32: 55:0e:5c:08:a3:8f:55:f3:ad:e2:65:5c:0c:24:2a:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:d4:9b:fb:3b:af:f6:ba:b1:e6:63:87:96:93:93:08: f4:cd:8f:3f:ea:fb:29:19:ee:0c:9b:23:20:7d:c7:75: e5:65:49:c9:e2:da:41:f5:62:ca:2e:fe:ee:ec:d1:e9: 01:fd:e4:cb:3d:8a:b1:76:36:e3:d1:93:c9:2b:ed:a4: 6a:d8:2b:b4:f9:c0:ca:45:d1:39:70:b1:f9:7b:e0:46: 69:e6:9c:4f:e3:87:ed:59:a4:f4:40:05:99:b3:99:16: ff:65:04:e8:7c:11:68:f0:7f:b5:b3:e4:fe:e8:65:b6: 88:59:19:ba:f4:8c:d5:a5:4a:42:f7:0e:60:73:2e:4d Fingerprint (SHA-256): 21:78:77:D4:F6:B7:DF:5D:E6:2A:9D:3D:23:1B:DF:B6:B5:09:86:C2:AB:2B:60:67:6F:BF:2C:4A:AE:CB:3E:35 Fingerprint (SHA1): F8:8E:3C:55:E3:72:44:65:3F:85:1F:17:23:81:87:D9:D4:0C:F9:2A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1288: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171545 (0x1ee2ab99) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:26 2015 Not After : Mon May 18 21:22:26 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:37:14:69:23:b7:d5:56:2e:15:10:f8:72:7e:25:76: bb:26:dc:0a:e6:97:c6:37:e6:f3:33:f7:0e:60:de:29: 34:ad:31:41:7e:cd:9d:96:a1:62:f6:38:66:fe:68:1e: 90:b4:f9:ee:8a:5e:05:af:2d:38:66:16:39:13:7b:0c: 8f:b5:fa:fe:14:2d:32:b0:29:54:56:21:c0:bd:75:e6: df:9e:ef:30:6d:45:a9:7d:af:3c:b5:d5:6c:46:24:fe: 25:2b:84:df:e1:5e:56:73:5e:e3:ea:22:2d:ae:ba:32: 55:0e:5c:08:a3:8f:55:f3:ad:e2:65:5c:0c:24:2a:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:d4:9b:fb:3b:af:f6:ba:b1:e6:63:87:96:93:93:08: f4:cd:8f:3f:ea:fb:29:19:ee:0c:9b:23:20:7d:c7:75: e5:65:49:c9:e2:da:41:f5:62:ca:2e:fe:ee:ec:d1:e9: 01:fd:e4:cb:3d:8a:b1:76:36:e3:d1:93:c9:2b:ed:a4: 6a:d8:2b:b4:f9:c0:ca:45:d1:39:70:b1:f9:7b:e0:46: 69:e6:9c:4f:e3:87:ed:59:a4:f4:40:05:99:b3:99:16: ff:65:04:e8:7c:11:68:f0:7f:b5:b3:e4:fe:e8:65:b6: 88:59:19:ba:f4:8c:d5:a5:4a:42:f7:0e:60:73:2e:4d Fingerprint (SHA-256): 21:78:77:D4:F6:B7:DF:5D:E6:2A:9D:3D:23:1B:DF:B6:B5:09:86:C2:AB:2B:60:67:6F:BF:2C:4A:AE:CB:3E:35 Fingerprint (SHA1): F8:8E:3C:55:E3:72:44:65:3F:85:1F:17:23:81:87:D9:D4:0C:F9:2A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1289: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1290: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171550 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1291: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1292: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1293: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171551 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1294: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1295: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1296: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1297: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171552 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1298: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1299: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171553 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1300: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1301: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1302: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1303: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1304: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171554 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518171451.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1305: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1306: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1307: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1308: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171555 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1309: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1310: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1311: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1312: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518171556 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518171452.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1313: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1314: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1315: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1316: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171557 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1317: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1318: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1319: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1320: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171551 (0x1ee2ab9f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:45 2015 Not After : Mon May 18 21:22:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:30:74:2a:f2:31:99:38:d6:cb:73:b8:f1:76:a0:5c: 48:e1:bf:b1:90:e8:f7:08:d8:a6:25:cb:9e:43:66:fb: 97:22:13:a7:f4:1d:07:c8:5e:a9:68:05:e8:73:35:70: 92:b5:95:50:19:d1:a1:92:ce:17:4b:b2:8b:ca:5d:75: 78:0f:86:31:df:27:65:54:e7:f0:71:69:d4:2c:d5:ee: ee:f3:f1:80:47:2d:4f:37:28:ac:f8:ab:e1:9d:53:25: 12:33:0b:30:96:90:17:93:e3:57:1a:9d:db:86:7f:d6: 99:98:f3:8a:65:fa:1d:b2:1c:37:64:a8:d7:c2:f3:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:1d:e9:6c:80:29:3d:73:e9:d9:4d:fd:e8:c0:e4:84: 1b:80:01:82:7b:74:3f:b1:79:5d:dd:f3:83:d6:1d:ae: 4f:3c:51:f9:9b:62:71:e2:46:4a:3e:f1:e2:a6:5f:1c: 82:24:fc:11:fd:c3:62:72:9e:b6:0f:a0:89:e2:bc:65: c6:6e:42:ec:47:d5:84:f8:26:8d:31:1d:4c:30:7d:63: 6c:fb:89:fd:ce:cc:fd:3e:d7:38:86:ed:4a:53:29:97: 8b:68:e3:e0:7a:03:4c:af:3c:a5:40:4a:01:30:9b:45: 28:26:c4:16:d2:d6:d8:e4:50:7c:d3:56:b6:f6:c2:53 Fingerprint (SHA-256): 6D:E3:35:36:5F:BE:31:3C:EC:AC:25:37:86:B9:96:C6:13:16:13:1C:CB:A7:4E:69:9B:C0:B4:03:BC:39:82:2D Fingerprint (SHA1): 5D:25:8D:87:FA:66:1F:75:AF:99:39:8A:9B:CF:A0:43:BC:B3:24:A4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1321: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171551 (0x1ee2ab9f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:45 2015 Not After : Mon May 18 21:22:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:30:74:2a:f2:31:99:38:d6:cb:73:b8:f1:76:a0:5c: 48:e1:bf:b1:90:e8:f7:08:d8:a6:25:cb:9e:43:66:fb: 97:22:13:a7:f4:1d:07:c8:5e:a9:68:05:e8:73:35:70: 92:b5:95:50:19:d1:a1:92:ce:17:4b:b2:8b:ca:5d:75: 78:0f:86:31:df:27:65:54:e7:f0:71:69:d4:2c:d5:ee: ee:f3:f1:80:47:2d:4f:37:28:ac:f8:ab:e1:9d:53:25: 12:33:0b:30:96:90:17:93:e3:57:1a:9d:db:86:7f:d6: 99:98:f3:8a:65:fa:1d:b2:1c:37:64:a8:d7:c2:f3:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:1d:e9:6c:80:29:3d:73:e9:d9:4d:fd:e8:c0:e4:84: 1b:80:01:82:7b:74:3f:b1:79:5d:dd:f3:83:d6:1d:ae: 4f:3c:51:f9:9b:62:71:e2:46:4a:3e:f1:e2:a6:5f:1c: 82:24:fc:11:fd:c3:62:72:9e:b6:0f:a0:89:e2:bc:65: c6:6e:42:ec:47:d5:84:f8:26:8d:31:1d:4c:30:7d:63: 6c:fb:89:fd:ce:cc:fd:3e:d7:38:86:ed:4a:53:29:97: 8b:68:e3:e0:7a:03:4c:af:3c:a5:40:4a:01:30:9b:45: 28:26:c4:16:d2:d6:d8:e4:50:7c:d3:56:b6:f6:c2:53 Fingerprint (SHA-256): 6D:E3:35:36:5F:BE:31:3C:EC:AC:25:37:86:B9:96:C6:13:16:13:1C:CB:A7:4E:69:9B:C0:B4:03:BC:39:82:2D Fingerprint (SHA1): 5D:25:8D:87:FA:66:1F:75:AF:99:39:8A:9B:CF:A0:43:BC:B3:24:A4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1322: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #1323: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171550 (0x1ee2ab9e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:22:42 2015 Not After : Mon May 18 21:22:42 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:b4:41:ef:48:09:3f:c1:a4:9a:3e:63:ef:80:8f:71: d8:c6:b1:f0:69:27:58:b8:39:8e:fe:0c:27:04:96:f6: 11:74:22:df:e2:45:ae:08:cc:c6:08:a4:58:cc:fc:39: 7b:73:53:f5:e2:07:09:8b:c5:c5:0b:c3:cf:60:96:62: 9f:fd:57:a0:f8:78:55:e9:53:6d:e1:4c:42:d1:3a:20: ef:fc:7b:cd:8e:48:fe:7a:34:8d:5c:39:00:4e:47:e3: fa:90:73:0e:5d:a5:e1:c2:1f:db:d5:65:9f:e5:ed:25: 70:ad:54:ab:77:35:9a:38:b3:52:bd:60:16:94:3e:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:80:a8:f3:0f:c4:5c:3e:8f:01:a9:4d:7a:af:5d:e8: e1:9d:71:2b:d7:52:f7:59:67:78:50:c9:8e:f5:dd:bc: 60:e1:77:dd:bf:10:0f:8f:7b:87:2f:d6:3a:49:b8:4d: bf:47:a9:3b:4d:69:2b:01:4c:b0:b4:20:2c:7b:0c:54: 12:8e:6b:0b:48:24:31:fd:5f:3c:64:a3:58:0c:b3:9e: 2b:bd:b6:87:b7:84:97:cd:d0:8f:48:88:01:5e:22:bb: 61:d7:75:a1:a5:1f:9e:bf:d2:6c:66:a6:6a:5e:ea:9b: 34:20:44:a3:b7:c6:99:ef:b6:c5:91:3e:53:f2:1f:5a Fingerprint (SHA-256): 73:24:F4:4A:86:8B:53:9A:87:7F:20:6E:7A:2A:A6:58:64:3E:EF:08:A4:07:B1:B6:BE:91:EC:BD:11:E4:A6:99 Fingerprint (SHA1): 69:ED:7C:B2:0C:FC:2D:8A:71:8B:95:34:BD:C2:48:2E:20:48:0D:07 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1324: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171551 (0x1ee2ab9f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:45 2015 Not After : Mon May 18 21:22:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:30:74:2a:f2:31:99:38:d6:cb:73:b8:f1:76:a0:5c: 48:e1:bf:b1:90:e8:f7:08:d8:a6:25:cb:9e:43:66:fb: 97:22:13:a7:f4:1d:07:c8:5e:a9:68:05:e8:73:35:70: 92:b5:95:50:19:d1:a1:92:ce:17:4b:b2:8b:ca:5d:75: 78:0f:86:31:df:27:65:54:e7:f0:71:69:d4:2c:d5:ee: ee:f3:f1:80:47:2d:4f:37:28:ac:f8:ab:e1:9d:53:25: 12:33:0b:30:96:90:17:93:e3:57:1a:9d:db:86:7f:d6: 99:98:f3:8a:65:fa:1d:b2:1c:37:64:a8:d7:c2:f3:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:1d:e9:6c:80:29:3d:73:e9:d9:4d:fd:e8:c0:e4:84: 1b:80:01:82:7b:74:3f:b1:79:5d:dd:f3:83:d6:1d:ae: 4f:3c:51:f9:9b:62:71:e2:46:4a:3e:f1:e2:a6:5f:1c: 82:24:fc:11:fd:c3:62:72:9e:b6:0f:a0:89:e2:bc:65: c6:6e:42:ec:47:d5:84:f8:26:8d:31:1d:4c:30:7d:63: 6c:fb:89:fd:ce:cc:fd:3e:d7:38:86:ed:4a:53:29:97: 8b:68:e3:e0:7a:03:4c:af:3c:a5:40:4a:01:30:9b:45: 28:26:c4:16:d2:d6:d8:e4:50:7c:d3:56:b6:f6:c2:53 Fingerprint (SHA-256): 6D:E3:35:36:5F:BE:31:3C:EC:AC:25:37:86:B9:96:C6:13:16:13:1C:CB:A7:4E:69:9B:C0:B4:03:BC:39:82:2D Fingerprint (SHA1): 5D:25:8D:87:FA:66:1F:75:AF:99:39:8A:9B:CF:A0:43:BC:B3:24:A4 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1325: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171551 (0x1ee2ab9f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:22:45 2015 Not After : Mon May 18 21:22:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:30:74:2a:f2:31:99:38:d6:cb:73:b8:f1:76:a0:5c: 48:e1:bf:b1:90:e8:f7:08:d8:a6:25:cb:9e:43:66:fb: 97:22:13:a7:f4:1d:07:c8:5e:a9:68:05:e8:73:35:70: 92:b5:95:50:19:d1:a1:92:ce:17:4b:b2:8b:ca:5d:75: 78:0f:86:31:df:27:65:54:e7:f0:71:69:d4:2c:d5:ee: ee:f3:f1:80:47:2d:4f:37:28:ac:f8:ab:e1:9d:53:25: 12:33:0b:30:96:90:17:93:e3:57:1a:9d:db:86:7f:d6: 99:98:f3:8a:65:fa:1d:b2:1c:37:64:a8:d7:c2:f3:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:1d:e9:6c:80:29:3d:73:e9:d9:4d:fd:e8:c0:e4:84: 1b:80:01:82:7b:74:3f:b1:79:5d:dd:f3:83:d6:1d:ae: 4f:3c:51:f9:9b:62:71:e2:46:4a:3e:f1:e2:a6:5f:1c: 82:24:fc:11:fd:c3:62:72:9e:b6:0f:a0:89:e2:bc:65: c6:6e:42:ec:47:d5:84:f8:26:8d:31:1d:4c:30:7d:63: 6c:fb:89:fd:ce:cc:fd:3e:d7:38:86:ed:4a:53:29:97: 8b:68:e3:e0:7a:03:4c:af:3c:a5:40:4a:01:30:9b:45: 28:26:c4:16:d2:d6:d8:e4:50:7c:d3:56:b6:f6:c2:53 Fingerprint (SHA-256): 6D:E3:35:36:5F:BE:31:3C:EC:AC:25:37:86:B9:96:C6:13:16:13:1C:CB:A7:4E:69:9B:C0:B4:03:BC:39:82:2D Fingerprint (SHA1): 5D:25:8D:87:FA:66:1F:75:AF:99:39:8A:9B:CF:A0:43:BC:B3:24:A4 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1326: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1327: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171558 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1328: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1329: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1330: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171559 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1331: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1332: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #1333: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1334: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518171560 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1335: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1336: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #1337: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1338: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518171561 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1339: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1340: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1341: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1342: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518171562 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1343: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1344: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518171563 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1345: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1346: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #1347: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1348: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1349: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171564 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1350: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1351: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1352: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1353: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518171565 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1354: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1355: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1356: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1357: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171566 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1358: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1359: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1360: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1361: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171567 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1362: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1363: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1364: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171558 (0x1ee2aba6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:23:10 2015 Not After : Mon May 18 21:23:10 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:33:ed:48:fe:8f:a0:7e:2d:a7:ec:bd:5c:31:ee:74: 31:bd:e5:99:17:19:5a:da:29:16:98:78:b0:24:35:85: 27:db:27:30:20:7e:8c:3d:04:5a:fc:b6:36:58:7c:97: bf:5f:31:c4:c7:f4:e1:22:a1:41:17:d6:7e:53:4f:d4: c7:cb:c9:a1:df:c8:a9:de:75:db:b1:35:0e:fe:35:a8: 17:f5:8b:d7:41:43:8b:5a:cf:82:fe:36:da:19:18:82: 8d:ab:42:6b:79:b1:48:d3:bc:db:b2:20:4f:8e:a7:07: ac:de:86:77:fa:ce:5a:44:7b:a9:45:dd:af:99:66:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 15:29:ed:e6:eb:09:b0:9a:3d:33:29:01:21:c5:4e:17: 2e:d6:22:34:78:ea:cd:2a:a7:c7:ba:b6:d6:31:37:9e: 8d:47:d3:59:1e:d4:e5:2f:90:4f:b6:10:d0:17:fe:77: 2d:c2:b9:25:1d:07:ca:9a:7e:50:67:66:2d:2b:c0:78: fb:7d:c1:d9:fe:00:5e:dc:5d:16:a2:d0:c4:aa:d6:56: 43:ef:f7:26:74:ac:85:bb:7e:56:41:fc:81:0c:df:36: 97:74:b3:5e:6f:d3:20:a0:15:5b:ab:77:dc:8b:5a:ed: 1c:04:69:15:e1:95:0d:ea:fb:bd:ad:f9:d8:d6:80:75 Fingerprint (SHA-256): 3B:0A:54:4D:79:46:0C:6E:6A:B4:27:3A:1D:7B:CB:EE:B4:31:83:65:6D:5F:EF:F8:4D:6D:9B:84:85:A1:34:83 Fingerprint (SHA1): FA:53:2E:4B:E8:78:0A:BC:3C:59:41:A5:05:0C:6F:1A:E2:0D:70:4E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #1365: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1366: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1367: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1368: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1369: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1370: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1371: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1372: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1373: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171559 (0x1ee2aba7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:23:13 2015 Not After : Mon May 18 21:23:13 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:8f:0f:87:95:14:7e:0f:23:3e:6d:44:d8:7f:6b:4f: bf:ef:bd:55:0e:6f:56:04:b1:d7:8f:ae:f3:9c:a5:9a: 95:d7:b5:77:6e:5e:83:a8:7f:f4:fc:86:5e:c7:32:bf: c0:6e:ea:33:e4:8b:cb:fc:3c:2d:12:5a:d1:ad:85:7b: 61:5c:6b:a8:5d:62:cb:2b:2f:dc:fe:5c:db:ba:67:0b: 86:ba:12:c9:f6:8a:2d:fb:24:c8:50:77:e3:19:99:a6: ec:1f:83:68:10:50:69:63:e9:5a:1f:e9:e4:8a:5e:06: 72:a6:65:81:9c:4c:40:6b:1b:4d:1c:e3:c1:42:23:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:6a:ac:54:1b:b4:90:0e:da:cb:44:91:44:1e:8a:8e: 54:f5:4e:73:b4:e5:88:d3:85:e8:55:19:69:5e:64:eb: b4:f3:dd:b7:a6:67:3f:bc:60:ff:ca:05:75:3a:79:61: 98:3f:21:ef:42:8b:7c:e2:dd:85:26:24:b8:8a:7e:e4: e5:c5:40:bc:35:2d:70:07:a6:ba:a7:c6:a6:bb:0d:5b: c7:c1:03:0d:06:dc:ff:e8:68:be:3e:87:e8:fb:bb:7f: c0:cb:bd:b8:e9:b1:c2:7c:72:3e:8e:8b:cb:e3:d7:83: 86:61:e5:41:07:f8:4d:cc:62:64:98:2e:e6:a0:fc:7f Fingerprint (SHA-256): B7:71:E1:32:FE:11:09:7F:95:C7:BE:16:81:3A:EA:8D:6C:A4:BF:9B:FD:E4:FE:CF:92:9B:D3:42:5C:18:9B:90 Fingerprint (SHA1): A8:99:23:D9:39:59:15:74:8B:DF:AB:F4:74:CC:0E:35:66:99:21:B8 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #1374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1380: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #1381: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #1382: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #1383: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #1384: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #1385: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #1386: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #1387: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1388: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1389: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1390: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1391: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1392: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171568 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1393: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1394: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1395: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1396: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171569 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1397: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1398: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1399: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1400: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171570 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1401: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1402: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1403: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1404: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518171571 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1405: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1406: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1407: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1408: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171572 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1409: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1410: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1411: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1412: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518171573 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1413: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1414: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1415: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1416: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518171574 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1417: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1418: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #1419: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1420: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518171575 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1421: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1422: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1423: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1424: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518171576 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1425: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1426: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1427: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171568 (0x1ee2abb0) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:23:56 2015 Not After : Mon May 18 21:23:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:48:b4:04:24:eb:34:35:90:7a:39:b0:81:e9:a8:87: 10:71:87:88:fb:52:1b:03:f9:52:8d:e1:25:36:a4:75: 35:00:dc:c5:17:c6:a5:c1:29:1b:66:0e:96:69:02:e5: fc:76:ea:41:9b:9b:8c:8f:4f:f7:32:06:60:3a:2f:5f: 9d:74:38:b7:7c:a1:ba:ed:1f:db:22:cc:15:b2:33:6e: 2a:27:d6:cb:5f:fe:49:2a:83:6a:d8:0c:ab:41:81:4e: a6:57:45:ab:1b:e4:8e:36:72:1e:0c:bf:70:e8:43:b8: 85:b2:fa:fd:2b:44:70:ee:b3:ea:9b:6a:e6:cb:71:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:91:b6:e4:07:ee:b2:d7:4b:5d:4a:37: 11:cc:9b:62:06:ee:fd:9a:44:02:15:00:b5:99:5d:9f: 37:7f:96:08:ae:f5:bc:4d:db:8a:89:46:b5:f9:0e:b8 Fingerprint (SHA-256): 52:5E:A3:20:15:3A:DE:84:FA:8D:22:5A:A3:34:0E:27:39:66:3E:F4:7B:37:CA:58:33:1A:14:7F:06:6F:A1:4C Fingerprint (SHA1): 76:BE:E6:F0:D3:EE:8E:05:81:C9:8E:11:D1:44:03:24:AF:01:57:F7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1428: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171568 (0x1ee2abb0) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:23:56 2015 Not After : Mon May 18 21:23:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:48:b4:04:24:eb:34:35:90:7a:39:b0:81:e9:a8:87: 10:71:87:88:fb:52:1b:03:f9:52:8d:e1:25:36:a4:75: 35:00:dc:c5:17:c6:a5:c1:29:1b:66:0e:96:69:02:e5: fc:76:ea:41:9b:9b:8c:8f:4f:f7:32:06:60:3a:2f:5f: 9d:74:38:b7:7c:a1:ba:ed:1f:db:22:cc:15:b2:33:6e: 2a:27:d6:cb:5f:fe:49:2a:83:6a:d8:0c:ab:41:81:4e: a6:57:45:ab:1b:e4:8e:36:72:1e:0c:bf:70:e8:43:b8: 85:b2:fa:fd:2b:44:70:ee:b3:ea:9b:6a:e6:cb:71:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:91:b6:e4:07:ee:b2:d7:4b:5d:4a:37: 11:cc:9b:62:06:ee:fd:9a:44:02:15:00:b5:99:5d:9f: 37:7f:96:08:ae:f5:bc:4d:db:8a:89:46:b5:f9:0e:b8 Fingerprint (SHA-256): 52:5E:A3:20:15:3A:DE:84:FA:8D:22:5A:A3:34:0E:27:39:66:3E:F4:7B:37:CA:58:33:1A:14:7F:06:6F:A1:4C Fingerprint (SHA1): 76:BE:E6:F0:D3:EE:8E:05:81:C9:8E:11:D1:44:03:24:AF:01:57:F7 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1429: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171568 (0x1ee2abb0) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:23:56 2015 Not After : Mon May 18 21:23:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:48:b4:04:24:eb:34:35:90:7a:39:b0:81:e9:a8:87: 10:71:87:88:fb:52:1b:03:f9:52:8d:e1:25:36:a4:75: 35:00:dc:c5:17:c6:a5:c1:29:1b:66:0e:96:69:02:e5: fc:76:ea:41:9b:9b:8c:8f:4f:f7:32:06:60:3a:2f:5f: 9d:74:38:b7:7c:a1:ba:ed:1f:db:22:cc:15:b2:33:6e: 2a:27:d6:cb:5f:fe:49:2a:83:6a:d8:0c:ab:41:81:4e: a6:57:45:ab:1b:e4:8e:36:72:1e:0c:bf:70:e8:43:b8: 85:b2:fa:fd:2b:44:70:ee:b3:ea:9b:6a:e6:cb:71:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:91:b6:e4:07:ee:b2:d7:4b:5d:4a:37: 11:cc:9b:62:06:ee:fd:9a:44:02:15:00:b5:99:5d:9f: 37:7f:96:08:ae:f5:bc:4d:db:8a:89:46:b5:f9:0e:b8 Fingerprint (SHA-256): 52:5E:A3:20:15:3A:DE:84:FA:8D:22:5A:A3:34:0E:27:39:66:3E:F4:7B:37:CA:58:33:1A:14:7F:06:6F:A1:4C Fingerprint (SHA1): 76:BE:E6:F0:D3:EE:8E:05:81:C9:8E:11:D1:44:03:24:AF:01:57:F7 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1430: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171568 (0x1ee2abb0) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:23:56 2015 Not After : Mon May 18 21:23:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 79:48:b4:04:24:eb:34:35:90:7a:39:b0:81:e9:a8:87: 10:71:87:88:fb:52:1b:03:f9:52:8d:e1:25:36:a4:75: 35:00:dc:c5:17:c6:a5:c1:29:1b:66:0e:96:69:02:e5: fc:76:ea:41:9b:9b:8c:8f:4f:f7:32:06:60:3a:2f:5f: 9d:74:38:b7:7c:a1:ba:ed:1f:db:22:cc:15:b2:33:6e: 2a:27:d6:cb:5f:fe:49:2a:83:6a:d8:0c:ab:41:81:4e: a6:57:45:ab:1b:e4:8e:36:72:1e:0c:bf:70:e8:43:b8: 85:b2:fa:fd:2b:44:70:ee:b3:ea:9b:6a:e6:cb:71:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2e:02:15:00:91:b6:e4:07:ee:b2:d7:4b:5d:4a:37: 11:cc:9b:62:06:ee:fd:9a:44:02:15:00:b5:99:5d:9f: 37:7f:96:08:ae:f5:bc:4d:db:8a:89:46:b5:f9:0e:b8 Fingerprint (SHA-256): 52:5E:A3:20:15:3A:DE:84:FA:8D:22:5A:A3:34:0E:27:39:66:3E:F4:7B:37:CA:58:33:1A:14:7F:06:6F:A1:4C Fingerprint (SHA1): 76:BE:E6:F0:D3:EE:8E:05:81:C9:8E:11:D1:44:03:24:AF:01:57:F7 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #1431: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1432: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1433: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1434: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1435: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1436: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1437: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1438: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1439: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1440: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1441: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1442: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1443: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1444: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1445: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1446: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #1447: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1448: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1449: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1450: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1451: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1452: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1453: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1454: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1455: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1456: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1457: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1458: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518212441Z nextupdate=20160518212441Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:24:41 2015 Next Update: Wed May 18 21:24:41 2016 CRL Extensions: chains.sh: #1459: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518212442Z nextupdate=20160518212442Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:24:42 2015 Next Update: Wed May 18 21:24:42 2016 CRL Extensions: chains.sh: #1460: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518212443Z nextupdate=20160518212443Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:24:43 2015 Next Update: Wed May 18 21:24:43 2016 CRL Extensions: chains.sh: #1461: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518212443Z nextupdate=20160518212443Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:24:43 2015 Next Update: Wed May 18 21:24:43 2016 CRL Extensions: chains.sh: #1462: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518212444Z addcert 14 20150518212444Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:24:44 2015 Next Update: Wed May 18 21:24:43 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 21:24:44 2015 CRL Extensions: chains.sh: #1463: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518212445Z addcert 15 20150518212445Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:24:45 2015 Next Update: Wed May 18 21:24:42 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 21:24:45 2015 CRL Extensions: chains.sh: #1464: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1465: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1466: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1467: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #1468: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #1469: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #1470: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #1471: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #1472: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #1473: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:24:21 2015 Not After : Mon May 18 21:24:21 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f3:3e:28:4f:74:95:bc:43:22:61:27:cf:e0:78:1c:17: db:1a:de:a6:02:9f:6b:60:6e:7e:84:db:97:54:ff:35: 23:e4:79:b2:30:f9:06:a4:27:a6:06:1a:26:1c:63:c4: e1:51:0c:18:62:82:62:44:d2:7f:22:90:ae:b9:b5:36: a8:cd:b3:23:4e:35:31:ec:8c:27:0c:94:ee:62:ba:a7: 88:95:5e:29:89:41:b2:1c:7f:4a:e1:ef:e3:ad:6e:c0: e0:75:7f:1e:af:ef:24:59:bb:c6:5e:94:c1:43:e4:77: f7:8e:cf:75:50:05:03:4b:e7:9c:44:2c:ce:78:ab:35 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:97:bf:92:34:71:64:92:dc:f7:9e:dc:33:f2:69:8f: 7e:7f:52:42:9b:98:7d:1e:7b:86:0f:df:75:85:de:b4: 21:cd:d2:29:16:11:65:e0:9e:4d:cc:65:1a:6c:40:ac: 4a:3e:52:1b:91:c5:24:b8:95:db:0a:b7:82:61:1c:0c: 85:a5:d7:39:6e:1e:79:fe:47:1e:67:1d:a0:41:0d:fb: 64:13:59:18:63:18:1e:34:63:c1:fc:f2:f4:78:df:55: 27:d4:e9:2c:d1:fb:2c:b6:24:9c:fd:56:a4:fa:09:32: 2f:72:2f:25:3e:b7:4f:b8:4a:67:04:1e:05:3e:0d:00 Fingerprint (SHA-256): 54:24:AC:51:D6:BF:24:0D:C8:B4:48:36:51:84:0E:AA:5E:42:B1:AA:19:3B:4B:4E:C9:37:D0:D1:19:FF:BD:FB Fingerprint (SHA1): 03:E9:4A:25:2D:EA:92:01:89:4A:FB:0A:C6:89:59:10:3F:F6:B6:EA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1474: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1475: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:24:21 2015 Not After : Mon May 18 21:24:21 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f3:3e:28:4f:74:95:bc:43:22:61:27:cf:e0:78:1c:17: db:1a:de:a6:02:9f:6b:60:6e:7e:84:db:97:54:ff:35: 23:e4:79:b2:30:f9:06:a4:27:a6:06:1a:26:1c:63:c4: e1:51:0c:18:62:82:62:44:d2:7f:22:90:ae:b9:b5:36: a8:cd:b3:23:4e:35:31:ec:8c:27:0c:94:ee:62:ba:a7: 88:95:5e:29:89:41:b2:1c:7f:4a:e1:ef:e3:ad:6e:c0: e0:75:7f:1e:af:ef:24:59:bb:c6:5e:94:c1:43:e4:77: f7:8e:cf:75:50:05:03:4b:e7:9c:44:2c:ce:78:ab:35 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:97:bf:92:34:71:64:92:dc:f7:9e:dc:33:f2:69:8f: 7e:7f:52:42:9b:98:7d:1e:7b:86:0f:df:75:85:de:b4: 21:cd:d2:29:16:11:65:e0:9e:4d:cc:65:1a:6c:40:ac: 4a:3e:52:1b:91:c5:24:b8:95:db:0a:b7:82:61:1c:0c: 85:a5:d7:39:6e:1e:79:fe:47:1e:67:1d:a0:41:0d:fb: 64:13:59:18:63:18:1e:34:63:c1:fc:f2:f4:78:df:55: 27:d4:e9:2c:d1:fb:2c:b6:24:9c:fd:56:a4:fa:09:32: 2f:72:2f:25:3e:b7:4f:b8:4a:67:04:1e:05:3e:0d:00 Fingerprint (SHA-256): 54:24:AC:51:D6:BF:24:0D:C8:B4:48:36:51:84:0E:AA:5E:42:B1:AA:19:3B:4B:4E:C9:37:D0:D1:19:FF:BD:FB Fingerprint (SHA1): 03:E9:4A:25:2D:EA:92:01:89:4A:FB:0A:C6:89:59:10:3F:F6:B6:EA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1476: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1477: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1478: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171577 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1479: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1480: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1481: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1482: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518171578 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1483: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1484: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1485: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171468.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1486: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171453.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1487: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1488: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1489: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171468.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1490: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518171579 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1491: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1492: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1493: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171468.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1494: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171454.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1495: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1496: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1497: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1498: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518171580 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1499: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1500: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1501: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171468.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1502: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171455.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1503: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1504: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1505: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171468.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1506: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171456.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1507: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1508: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518212519Z nextupdate=20160518212519Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:25:19 2015 Next Update: Wed May 18 21:25:19 2016 CRL Extensions: chains.sh: #1509: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518212520Z nextupdate=20160518212520Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:25:20 2015 Next Update: Wed May 18 21:25:20 2016 CRL Extensions: chains.sh: #1510: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518212521Z nextupdate=20160518212521Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:25:21 2015 Next Update: Wed May 18 21:25:21 2016 CRL Extensions: chains.sh: #1511: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518212521Z nextupdate=20160518212521Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:25:21 2015 Next Update: Wed May 18 21:25:21 2016 CRL Extensions: chains.sh: #1512: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518212522Z addcert 20 20150518212522Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:25:22 2015 Next Update: Wed May 18 21:25:20 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:25:22 2015 CRL Extensions: chains.sh: #1513: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518212523Z addcert 40 20150518212523Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:25:23 2015 Next Update: Wed May 18 21:25:20 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:25:22 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 21:25:23 2015 CRL Extensions: chains.sh: #1514: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1515: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1516: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1517: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171577 (0x1ee2abb9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:24:56 2015 Not After : Mon May 18 21:24:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:d6:5a:1d:82:3d:d3:96:b8:2c:57:cc:3d:c7:c8:5d: cd:66:9a:ed:aa:09:f9:7d:35:7a:c1:db:39:96:9d:1c: 05:ba:0d:e4:26:96:ab:01:69:3e:85:12:1a:4f:d7:80: 83:75:3e:fc:c1:ee:ac:bd:35:52:35:6e:d4:00:c1:09: 5c:77:3c:55:8e:70:ca:45:22:0c:04:e0:56:da:31:82: 12:af:f7:31:5e:b1:d3:83:bc:98:90:76:b6:c2:44:93: 77:cb:22:81:6c:48:a9:10:d6:24:8f:db:2b:b3:16:5b: a9:02:9b:19:ae:2c:05:19:cd:59:a9:0d:20:c4:d5:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:8d:05:3b:26:b9:3d:d3:29:da:69:dd:06:e7:00:4c: 03:1f:62:38:5d:ca:54:2d:45:90:be:cd:19:48:7a:b5: 65:32:dd:78:19:ef:c6:9f:6e:7f:cb:21:2e:6e:41:a1: 2d:22:e5:34:ab:95:ec:7f:f3:d9:5a:d7:6f:3a:30:6b: 31:8d:13:12:09:7c:40:cb:c9:af:33:ab:3b:17:a6:ea: 07:7a:28:26:7a:56:5e:e8:fe:f0:6e:69:2d:27:bd:50: 6e:a0:db:b0:c2:07:ea:11:52:50:19:c2:f5:2d:a3:e1: 86:96:fb:3c:f9:95:b2:a6:d7:12:0a:c3:91:5d:8d:45 Fingerprint (SHA-256): 90:FA:6A:8F:F7:41:D1:5F:1B:62:A5:43:D9:BA:60:93:95:45:BB:F6:42:EE:8F:20:EE:2A:3F:40:9F:C4:44:FE Fingerprint (SHA1): 99:70:FA:12:A9:F1:1A:9D:2B:6D:16:7B:7E:A7:63:F8:1F:D7:E9:7A Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1518: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1519: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171577 (0x1ee2abb9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:24:56 2015 Not After : Mon May 18 21:24:56 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:d6:5a:1d:82:3d:d3:96:b8:2c:57:cc:3d:c7:c8:5d: cd:66:9a:ed:aa:09:f9:7d:35:7a:c1:db:39:96:9d:1c: 05:ba:0d:e4:26:96:ab:01:69:3e:85:12:1a:4f:d7:80: 83:75:3e:fc:c1:ee:ac:bd:35:52:35:6e:d4:00:c1:09: 5c:77:3c:55:8e:70:ca:45:22:0c:04:e0:56:da:31:82: 12:af:f7:31:5e:b1:d3:83:bc:98:90:76:b6:c2:44:93: 77:cb:22:81:6c:48:a9:10:d6:24:8f:db:2b:b3:16:5b: a9:02:9b:19:ae:2c:05:19:cd:59:a9:0d:20:c4:d5:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:8d:05:3b:26:b9:3d:d3:29:da:69:dd:06:e7:00:4c: 03:1f:62:38:5d:ca:54:2d:45:90:be:cd:19:48:7a:b5: 65:32:dd:78:19:ef:c6:9f:6e:7f:cb:21:2e:6e:41:a1: 2d:22:e5:34:ab:95:ec:7f:f3:d9:5a:d7:6f:3a:30:6b: 31:8d:13:12:09:7c:40:cb:c9:af:33:ab:3b:17:a6:ea: 07:7a:28:26:7a:56:5e:e8:fe:f0:6e:69:2d:27:bd:50: 6e:a0:db:b0:c2:07:ea:11:52:50:19:c2:f5:2d:a3:e1: 86:96:fb:3c:f9:95:b2:a6:d7:12:0a:c3:91:5d:8d:45 Fingerprint (SHA-256): 90:FA:6A:8F:F7:41:D1:5F:1B:62:A5:43:D9:BA:60:93:95:45:BB:F6:42:EE:8F:20:EE:2A:3F:40:9F:C4:44:FE Fingerprint (SHA1): 99:70:FA:12:A9:F1:1A:9D:2B:6D:16:7B:7E:A7:63:F8:1F:D7:E9:7A Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1520: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1521: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1522: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171581 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1523: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1524: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1525: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1526: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171582 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1527: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1528: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1529: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1530: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171583 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1531: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1532: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1533: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1534: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518171584 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1535: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1536: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #1537: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171585 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1538: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #1539: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #1540: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1541: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518171586 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1542: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1543: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1544: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1545: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518171587 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1546: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1547: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #1548: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #1549: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #1550: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171581 (0x1ee2abbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:25:31 2015 Not After : Mon May 18 21:25:31 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1f:80:12:2b:bd:ae:67:80:be:6c:21:62:bd:fc:86: b2:a6:f5:77:da:08:62:6f:ac:45:5a:87:94:40:c6:2d: fc:25:4e:71:ba:c5:2e:46:ea:c6:19:c2:ea:11:b8:9d: 34:44:6d:53:e2:f2:76:3f:ce:07:e2:9d:f6:21:48:ff: 16:1b:f5:6b:59:7a:88:4a:a0:2e:82:ca:14:61:f9:db: d0:f3:0a:8d:16:83:09:ad:29:ef:b6:10:56:66:9e:7b: b8:6d:5a:93:fc:1f:d8:45:bb:31:70:9a:21:21:f0:0c: 34:b5:a1:2a:ac:7b:91:37:5b:a8:37:78:35:ce:70:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:f4:ae:13:1e:13:42:1a:2e:7d:ed:96:e3:b2:07:ba: e5:64:a9:a0:4e:42:b2:21:07:6f:50:e6:6f:a9:f2:4f: f5:ee:a2:e2:9f:a2:70:8a:9f:bd:ab:70:3e:b7:0b:4e: e4:95:09:f7:21:d7:57:7c:d5:ab:27:70:e0:69:e6:ef: 33:02:f1:80:c1:0e:65:60:37:fe:30:0a:25:cd:d9:73: a1:f1:71:47:eb:87:09:4c:15:3a:52:bd:88:2f:88:cc: 76:5f:74:81:7c:1e:3a:b6:14:98:88:02:0a:c5:0f:be: 81:00:9f:0d:85:9e:04:4c:ac:34:ea:3e:31:39:26:7b Fingerprint (SHA-256): 33:CA:3C:72:A1:F1:F4:04:6D:E7:D7:D2:16:47:61:DE:51:C5:DE:22:F9:02:3F:AE:E1:68:20:CA:91:80:88:A1 Fingerprint (SHA1): 31:E1:51:CE:87:B9:A6:4F:46:C8:3E:BD:61:92:77:7D:14:50:95:F4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1551: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171583 (0x1ee2abbf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:25:38 2015 Not After : Mon May 18 21:25:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:1b:7e:da:4e:bd:00:08:8e:5e:c4:a5:cf:00:68:80: 9b:89:df:ca:28:e9:14:00:b6:1a:73:26:a8:22:c2:77: 1f:f2:77:53:45:c7:20:91:10:bf:87:80:b7:bd:a5:d1: 6c:e2:f1:53:bc:f2:9e:fa:cf:d7:dd:b2:32:96:ab:8b: 69:8d:73:90:7b:7d:3d:9f:ae:31:c5:00:b4:b1:c9:68: a0:0d:7c:3a:f0:59:0b:5a:e0:e5:a0:df:bd:4e:c5:0b: 05:16:df:e8:35:7b:d3:86:51:ee:4a:ba:d8:a9:f0:b8: a9:6e:c5:b6:1a:62:2a:ff:4b:86:bb:04:4d:29:a6:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:f3:9c:e8:40:13:7d:0e:df:65:c4:34:5b:10:d9:34: d0:15:8e:0d:9f:61:5d:cd:b9:04:17:7a:36:6b:a6:d9: 1a:d5:b4:89:56:3c:f3:c5:a9:a0:81:79:37:d1:17:0a: e5:66:98:e3:0e:2e:c9:3a:1e:ad:07:c1:15:b6:8b:73: 5f:c8:a8:bc:33:d2:9d:ba:f6:3a:b0:09:57:91:d0:8c: 36:ed:92:ff:c9:67:62:98:10:95:6f:63:fe:35:87:21: ae:8e:a8:44:be:c7:72:2d:c2:f9:28:57:27:12:f5:24: 6e:33:39:da:13:1a:31:26:68:0a:53:b9:ce:42:fb:21 Fingerprint (SHA-256): 24:03:D5:43:E6:55:A2:B1:4A:40:6C:6C:60:5F:C9:4E:29:61:FA:F7:B6:A6:64:66:EF:5A:1E:70:40:74:6A:E5 Fingerprint (SHA1): 98:3E:73:78:96:CB:5A:7E:C1:69:DC:D3:66:B3:CC:2E:4E:F5:9D:3F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1552: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171581 (0x1ee2abbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:25:31 2015 Not After : Mon May 18 21:25:31 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1f:80:12:2b:bd:ae:67:80:be:6c:21:62:bd:fc:86: b2:a6:f5:77:da:08:62:6f:ac:45:5a:87:94:40:c6:2d: fc:25:4e:71:ba:c5:2e:46:ea:c6:19:c2:ea:11:b8:9d: 34:44:6d:53:e2:f2:76:3f:ce:07:e2:9d:f6:21:48:ff: 16:1b:f5:6b:59:7a:88:4a:a0:2e:82:ca:14:61:f9:db: d0:f3:0a:8d:16:83:09:ad:29:ef:b6:10:56:66:9e:7b: b8:6d:5a:93:fc:1f:d8:45:bb:31:70:9a:21:21:f0:0c: 34:b5:a1:2a:ac:7b:91:37:5b:a8:37:78:35:ce:70:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:f4:ae:13:1e:13:42:1a:2e:7d:ed:96:e3:b2:07:ba: e5:64:a9:a0:4e:42:b2:21:07:6f:50:e6:6f:a9:f2:4f: f5:ee:a2:e2:9f:a2:70:8a:9f:bd:ab:70:3e:b7:0b:4e: e4:95:09:f7:21:d7:57:7c:d5:ab:27:70:e0:69:e6:ef: 33:02:f1:80:c1:0e:65:60:37:fe:30:0a:25:cd:d9:73: a1:f1:71:47:eb:87:09:4c:15:3a:52:bd:88:2f:88:cc: 76:5f:74:81:7c:1e:3a:b6:14:98:88:02:0a:c5:0f:be: 81:00:9f:0d:85:9e:04:4c:ac:34:ea:3e:31:39:26:7b Fingerprint (SHA-256): 33:CA:3C:72:A1:F1:F4:04:6D:E7:D7:D2:16:47:61:DE:51:C5:DE:22:F9:02:3F:AE:E1:68:20:CA:91:80:88:A1 Fingerprint (SHA1): 31:E1:51:CE:87:B9:A6:4F:46:C8:3E:BD:61:92:77:7D:14:50:95:F4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1553: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #1554: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171581 (0x1ee2abbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:25:31 2015 Not After : Mon May 18 21:25:31 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1f:80:12:2b:bd:ae:67:80:be:6c:21:62:bd:fc:86: b2:a6:f5:77:da:08:62:6f:ac:45:5a:87:94:40:c6:2d: fc:25:4e:71:ba:c5:2e:46:ea:c6:19:c2:ea:11:b8:9d: 34:44:6d:53:e2:f2:76:3f:ce:07:e2:9d:f6:21:48:ff: 16:1b:f5:6b:59:7a:88:4a:a0:2e:82:ca:14:61:f9:db: d0:f3:0a:8d:16:83:09:ad:29:ef:b6:10:56:66:9e:7b: b8:6d:5a:93:fc:1f:d8:45:bb:31:70:9a:21:21:f0:0c: 34:b5:a1:2a:ac:7b:91:37:5b:a8:37:78:35:ce:70:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:f4:ae:13:1e:13:42:1a:2e:7d:ed:96:e3:b2:07:ba: e5:64:a9:a0:4e:42:b2:21:07:6f:50:e6:6f:a9:f2:4f: f5:ee:a2:e2:9f:a2:70:8a:9f:bd:ab:70:3e:b7:0b:4e: e4:95:09:f7:21:d7:57:7c:d5:ab:27:70:e0:69:e6:ef: 33:02:f1:80:c1:0e:65:60:37:fe:30:0a:25:cd:d9:73: a1:f1:71:47:eb:87:09:4c:15:3a:52:bd:88:2f:88:cc: 76:5f:74:81:7c:1e:3a:b6:14:98:88:02:0a:c5:0f:be: 81:00:9f:0d:85:9e:04:4c:ac:34:ea:3e:31:39:26:7b Fingerprint (SHA-256): 33:CA:3C:72:A1:F1:F4:04:6D:E7:D7:D2:16:47:61:DE:51:C5:DE:22:F9:02:3F:AE:E1:68:20:CA:91:80:88:A1 Fingerprint (SHA1): 31:E1:51:CE:87:B9:A6:4F:46:C8:3E:BD:61:92:77:7D:14:50:95:F4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1555: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171583 (0x1ee2abbf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:25:38 2015 Not After : Mon May 18 21:25:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:1b:7e:da:4e:bd:00:08:8e:5e:c4:a5:cf:00:68:80: 9b:89:df:ca:28:e9:14:00:b6:1a:73:26:a8:22:c2:77: 1f:f2:77:53:45:c7:20:91:10:bf:87:80:b7:bd:a5:d1: 6c:e2:f1:53:bc:f2:9e:fa:cf:d7:dd:b2:32:96:ab:8b: 69:8d:73:90:7b:7d:3d:9f:ae:31:c5:00:b4:b1:c9:68: a0:0d:7c:3a:f0:59:0b:5a:e0:e5:a0:df:bd:4e:c5:0b: 05:16:df:e8:35:7b:d3:86:51:ee:4a:ba:d8:a9:f0:b8: a9:6e:c5:b6:1a:62:2a:ff:4b:86:bb:04:4d:29:a6:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:f3:9c:e8:40:13:7d:0e:df:65:c4:34:5b:10:d9:34: d0:15:8e:0d:9f:61:5d:cd:b9:04:17:7a:36:6b:a6:d9: 1a:d5:b4:89:56:3c:f3:c5:a9:a0:81:79:37:d1:17:0a: e5:66:98:e3:0e:2e:c9:3a:1e:ad:07:c1:15:b6:8b:73: 5f:c8:a8:bc:33:d2:9d:ba:f6:3a:b0:09:57:91:d0:8c: 36:ed:92:ff:c9:67:62:98:10:95:6f:63:fe:35:87:21: ae:8e:a8:44:be:c7:72:2d:c2:f9:28:57:27:12:f5:24: 6e:33:39:da:13:1a:31:26:68:0a:53:b9:ce:42:fb:21 Fingerprint (SHA-256): 24:03:D5:43:E6:55:A2:B1:4A:40:6C:6C:60:5F:C9:4E:29:61:FA:F7:B6:A6:64:66:EF:5A:1E:70:40:74:6A:E5 Fingerprint (SHA1): 98:3E:73:78:96:CB:5A:7E:C1:69:DC:D3:66:B3:CC:2E:4E:F5:9D:3F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1556: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #1557: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #1558: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #1559: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171581 (0x1ee2abbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:25:31 2015 Not After : Mon May 18 21:25:31 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1f:80:12:2b:bd:ae:67:80:be:6c:21:62:bd:fc:86: b2:a6:f5:77:da:08:62:6f:ac:45:5a:87:94:40:c6:2d: fc:25:4e:71:ba:c5:2e:46:ea:c6:19:c2:ea:11:b8:9d: 34:44:6d:53:e2:f2:76:3f:ce:07:e2:9d:f6:21:48:ff: 16:1b:f5:6b:59:7a:88:4a:a0:2e:82:ca:14:61:f9:db: d0:f3:0a:8d:16:83:09:ad:29:ef:b6:10:56:66:9e:7b: b8:6d:5a:93:fc:1f:d8:45:bb:31:70:9a:21:21:f0:0c: 34:b5:a1:2a:ac:7b:91:37:5b:a8:37:78:35:ce:70:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:f4:ae:13:1e:13:42:1a:2e:7d:ed:96:e3:b2:07:ba: e5:64:a9:a0:4e:42:b2:21:07:6f:50:e6:6f:a9:f2:4f: f5:ee:a2:e2:9f:a2:70:8a:9f:bd:ab:70:3e:b7:0b:4e: e4:95:09:f7:21:d7:57:7c:d5:ab:27:70:e0:69:e6:ef: 33:02:f1:80:c1:0e:65:60:37:fe:30:0a:25:cd:d9:73: a1:f1:71:47:eb:87:09:4c:15:3a:52:bd:88:2f:88:cc: 76:5f:74:81:7c:1e:3a:b6:14:98:88:02:0a:c5:0f:be: 81:00:9f:0d:85:9e:04:4c:ac:34:ea:3e:31:39:26:7b Fingerprint (SHA-256): 33:CA:3C:72:A1:F1:F4:04:6D:E7:D7:D2:16:47:61:DE:51:C5:DE:22:F9:02:3F:AE:E1:68:20:CA:91:80:88:A1 Fingerprint (SHA1): 31:E1:51:CE:87:B9:A6:4F:46:C8:3E:BD:61:92:77:7D:14:50:95:F4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1560: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171585 (0x1ee2abc1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:25:43 2015 Not After : Mon May 18 21:25:43 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:ed:09:ac:ac:d1:77:c4:4d:9b:97:a7:fb:f9:df:ce: 2f:38:26:18:74:ce:3a:e4:1d:9d:a3:78:17:3c:8b:a2: aa:e2:65:73:34:90:83:ff:43:de:bd:ee:eb:b9:fb:d7: 6c:fb:e0:4b:d3:a8:ec:f5:d7:9a:d0:ac:0d:c1:d8:3e: c6:ac:14:dc:7a:42:5b:61:c8:b3:18:22:ff:11:fb:f8: 07:41:a6:4d:79:45:fa:a6:11:a6:12:26:df:da:b0:92: ff:33:0f:0a:12:0d:97:88:81:5d:90:a2:fc:73:03:4c: ac:d5:15:c1:d4:31:62:ad:7b:e9:2e:92:70:88:2f:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 27:2d:9e:d9:a0:47:ed:a6:13:f2:49:76:18:dc:d7:84: 4f:67:e7:25:c6:e1:c8:4e:28:c1:68:1d:1a:e5:fd:ed: b5:b6:a4:96:84:18:8c:e9:ef:ec:9d:9b:6f:f4:9c:6a: 41:d1:62:68:c7:79:a4:71:00:e3:27:87:56:f0:04:12: 8d:0d:5e:58:44:48:51:27:ce:31:27:43:a7:63:61:d0: 52:0c:6d:c3:45:54:63:07:e7:99:b8:62:c3:83:9f:73: 28:78:82:2b:6a:0e:3a:0a:a8:35:cf:f0:79:98:ec:41: 8b:08:e3:8c:0f:55:7a:f6:e1:3e:49:99:6e:3a:ff:71 Fingerprint (SHA-256): 6E:F4:1F:2B:5E:DB:56:97:C2:70:72:F3:E5:50:E0:93:F5:9C:FE:13:F5:86:08:19:74:84:82:90:F7:8B:CC:FA Fingerprint (SHA1): A6:45:0B:53:EE:DC:09:B4:20:F8:62:F0:06:04:08:44:9B:2E:C5:3D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #1561: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171581 (0x1ee2abbd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:25:31 2015 Not After : Mon May 18 21:25:31 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1f:80:12:2b:bd:ae:67:80:be:6c:21:62:bd:fc:86: b2:a6:f5:77:da:08:62:6f:ac:45:5a:87:94:40:c6:2d: fc:25:4e:71:ba:c5:2e:46:ea:c6:19:c2:ea:11:b8:9d: 34:44:6d:53:e2:f2:76:3f:ce:07:e2:9d:f6:21:48:ff: 16:1b:f5:6b:59:7a:88:4a:a0:2e:82:ca:14:61:f9:db: d0:f3:0a:8d:16:83:09:ad:29:ef:b6:10:56:66:9e:7b: b8:6d:5a:93:fc:1f:d8:45:bb:31:70:9a:21:21:f0:0c: 34:b5:a1:2a:ac:7b:91:37:5b:a8:37:78:35:ce:70:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:f4:ae:13:1e:13:42:1a:2e:7d:ed:96:e3:b2:07:ba: e5:64:a9:a0:4e:42:b2:21:07:6f:50:e6:6f:a9:f2:4f: f5:ee:a2:e2:9f:a2:70:8a:9f:bd:ab:70:3e:b7:0b:4e: e4:95:09:f7:21:d7:57:7c:d5:ab:27:70:e0:69:e6:ef: 33:02:f1:80:c1:0e:65:60:37:fe:30:0a:25:cd:d9:73: a1:f1:71:47:eb:87:09:4c:15:3a:52:bd:88:2f:88:cc: 76:5f:74:81:7c:1e:3a:b6:14:98:88:02:0a:c5:0f:be: 81:00:9f:0d:85:9e:04:4c:ac:34:ea:3e:31:39:26:7b Fingerprint (SHA-256): 33:CA:3C:72:A1:F1:F4:04:6D:E7:D7:D2:16:47:61:DE:51:C5:DE:22:F9:02:3F:AE:E1:68:20:CA:91:80:88:A1 Fingerprint (SHA1): 31:E1:51:CE:87:B9:A6:4F:46:C8:3E:BD:61:92:77:7D:14:50:95:F4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1562: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #1563: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #1564: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #1565: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #1566: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #1567: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171586 (0x1ee2abc2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:25:47 2015 Not After : Mon May 18 21:25:47 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:9d:90:20:bf:8b:a8:77:d3:4c:8c:00:2e:a6:02:a5: da:56:bc:a4:12:8d:2b:23:ea:21:3b:a9:96:79:65:45: 43:3d:dc:de:07:74:7d:76:97:ca:4e:33:74:17:1f:c9: 33:85:cf:44:b8:e3:a4:41:38:08:0d:5b:59:9e:ee:33: dc:ca:34:40:09:5a:92:49:de:04:35:a4:83:9a:de:a9: 62:5c:ed:2e:d4:10:1d:28:4a:24:f6:3b:c2:cf:b8:e2: 7d:bc:47:00:9a:9c:aa:82:15:5b:98:f5:0b:fd:98:9f: 7d:e0:91:a1:9d:a5:df:a0:71:0e:9c:bc:45:c9:36:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:de:49:2d:ac:58:24:13:74:7e:63:a5:e0:81:95:43: 8e:ce:00:f0:33:87:f8:02:bb:1c:3c:4b:28:a7:71:78: 59:d5:9a:50:4d:02:3f:70:df:34:0d:6b:24:b2:e8:aa: 9f:b2:c2:0a:29:8e:8e:8f:34:ea:40:c3:97:70:3e:cd: 0d:e6:a0:7d:fc:ef:23:42:cb:2f:01:1a:75:f3:03:1d: 57:4c:9b:72:88:7b:fa:20:ba:47:c8:52:73:af:c1:7e: b6:29:32:96:7b:50:4d:00:c9:88:c3:b0:19:79:68:03: e9:c3:95:42:16:52:34:9e:99:84:23:ce:31:f4:f7:69 Fingerprint (SHA-256): C0:00:C7:C6:28:2D:B7:D8:4C:ED:7B:2C:7D:BB:31:0F:53:AF:63:19:16:13:65:1E:17:BA:F6:12:4E:92:52:98 Fingerprint (SHA1): 6D:5C:82:0D:15:40:F3:3E:FE:FF:35:99:27:87:2D:FC:D3:37:47:0D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #1568: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #1569: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #1570: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #1571: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #1572: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1573: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1574: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1575: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1576: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1577: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1578: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1579: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1580: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1581: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1582: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1583: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1584: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1585: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1586: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #1587: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1588: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1589: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1590: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1591: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 2371 at Mon May 18 17:26:19 EDT 2015 kill -USR1 2371 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 2371 killed at Mon May 18 17:26:20 EDT 2015 httpserv starting at Mon May 18 17:26:20 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:26:20 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:26:25 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #1592: Waiting for Server - FAILED kill -0 17996 >/dev/null 2>/dev/null httpserv with PID 17996 found at Mon May 18 17:26:26 EDT 2015 httpserv with PID 17996 started at Mon May 18 17:26:26 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1593: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171588 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1594: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1595: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1596: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171589 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1597: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1598: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1599: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1600: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171590 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1601: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1602: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171591 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1603: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1604: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1605: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1606: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1607: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518171592 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1608: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1609: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1610: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #1611: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #1612: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171589 (0x1ee2abc5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:26:31 2015 Not After : Mon May 18 21:26:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:9b:eb:d3:ec:15:8d:78:c1:f8:99:58:a8:18:92:1e: dd:28:4b:3b:7b:05:f4:02:1f:d3:7d:7c:53:ab:a1:35: c6:2f:f3:85:99:3f:8b:df:49:6a:6d:d2:5f:b5:46:6c: f4:3f:da:55:52:59:7b:ae:f9:dc:62:f1:98:e9:27:82: ae:97:37:a5:9f:ca:00:1e:58:70:51:18:32:3f:f0:ca: 50:3e:1f:b7:05:48:4f:8a:dd:85:e7:51:67:a8:32:58: f5:ce:c8:c5:9a:77:0d:9d:ac:11:87:c5:0f:cd:e4:16: a3:b8:9a:bf:6b:17:41:14:76:6e:e7:98:7f:9d:49:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:b1:34:19:1d:46:20:10:45:66:c6:f6:d2:38:fc:98: 9c:2b:8d:f3:f0:b1:b7:2f:b7:b4:1f:70:a0:a1:e2:da: 32:05:45:c1:5f:e9:35:b9:69:7c:c1:d1:1f:27:53:6b: 28:3b:c3:70:91:8e:d8:2d:f5:48:09:2f:92:af:b0:2f: 6e:ea:eb:e0:87:17:b3:ed:5c:68:75:40:e5:1c:53:06: f7:04:ba:f0:55:c2:b4:af:ea:1a:5e:08:b3:7a:d1:3f: db:10:e6:dd:89:db:74:b2:87:e4:8f:c3:c3:e4:a7:74: 0d:bf:a4:a8:b0:dd:9d:ab:12:60:28:28:43:9b:fa:35 Fingerprint (SHA-256): 58:02:9B:A0:8F:96:BA:9D:28:DD:B5:AF:C7:2F:9E:27:9F:3D:DE:09:D8:CD:A9:E9:AD:D9:63:7B:18:8A:6C:EF Fingerprint (SHA1): 20:BC:E7:83:CC:D7:6C:86:22:1D:B2:DD:C0:BC:FF:AE:7C:89:D8:4F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1613: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171588 (0x1ee2abc4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:26:28 2015 Not After : Mon May 18 21:26:28 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:3b:b5:4a:83:a1:02:79:74:3f:51:6d:bd:79:eb:82: 50:a0:e2:2f:ec:a7:28:92:e7:10:68:2d:26:dc:d7:94: cd:a7:38:5f:1b:71:29:86:1d:5d:83:5d:45:d9:87:d2: 3a:fa:e8:2b:4b:a5:73:ee:4f:b9:1d:5f:91:44:65:75: b0:f4:68:f6:57:88:b9:f4:73:65:4f:77:d5:bd:f2:8c: 4e:17:15:d4:22:71:2b:af:c5:3d:01:fd:ca:a4:75:46: 6d:22:b6:7a:13:94:8a:2c:53:d3:3b:08:f9:7e:05:08: a3:17:cf:79:15:1d:db:99:6a:e7:5c:2d:57:c2:36:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:cb:24:cc:d8:3b:66:3a:0e:8a:fa:2d:6a:b0:e1:cf: 38:53:f1:4a:1c:cd:30:53:5c:1d:3c:ea:29:d9:ab:b5: bd:b1:a8:cc:d7:8f:76:d0:31:fd:9e:67:c4:22:1a:64: 56:ee:f9:c9:ea:de:8f:ee:c2:ed:17:62:1e:57:3d:51: 57:a8:40:73:9a:84:0d:42:87:90:55:68:28:fb:dd:a8: 70:f8:e7:74:d3:99:83:da:58:1b:a6:1b:18:94:d8:b0: 15:46:dc:71:df:46:d4:84:f7:a6:00:42:39:fa:44:f5: 6f:53:23:b3:c5:bc:e7:b3:5c:d9:12:5f:f0:1b:ef:ac Fingerprint (SHA-256): ED:E6:04:70:10:C5:E6:62:83:A4:2C:AE:0B:49:B7:FA:11:32:01:D4:08:92:82:7A:1D:FF:31:84:02:F0:36:8B Fingerprint (SHA1): C8:EE:21:9D:F2:5C:12:9F:C6:22:49:D2:76:C8:92:2E:E4:DD:FC:BF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1614: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1615: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #1616: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #1617: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171588 (0x1ee2abc4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:26:28 2015 Not After : Mon May 18 21:26:28 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:3b:b5:4a:83:a1:02:79:74:3f:51:6d:bd:79:eb:82: 50:a0:e2:2f:ec:a7:28:92:e7:10:68:2d:26:dc:d7:94: cd:a7:38:5f:1b:71:29:86:1d:5d:83:5d:45:d9:87:d2: 3a:fa:e8:2b:4b:a5:73:ee:4f:b9:1d:5f:91:44:65:75: b0:f4:68:f6:57:88:b9:f4:73:65:4f:77:d5:bd:f2:8c: 4e:17:15:d4:22:71:2b:af:c5:3d:01:fd:ca:a4:75:46: 6d:22:b6:7a:13:94:8a:2c:53:d3:3b:08:f9:7e:05:08: a3:17:cf:79:15:1d:db:99:6a:e7:5c:2d:57:c2:36:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:cb:24:cc:d8:3b:66:3a:0e:8a:fa:2d:6a:b0:e1:cf: 38:53:f1:4a:1c:cd:30:53:5c:1d:3c:ea:29:d9:ab:b5: bd:b1:a8:cc:d7:8f:76:d0:31:fd:9e:67:c4:22:1a:64: 56:ee:f9:c9:ea:de:8f:ee:c2:ed:17:62:1e:57:3d:51: 57:a8:40:73:9a:84:0d:42:87:90:55:68:28:fb:dd:a8: 70:f8:e7:74:d3:99:83:da:58:1b:a6:1b:18:94:d8:b0: 15:46:dc:71:df:46:d4:84:f7:a6:00:42:39:fa:44:f5: 6f:53:23:b3:c5:bc:e7:b3:5c:d9:12:5f:f0:1b:ef:ac Fingerprint (SHA-256): ED:E6:04:70:10:C5:E6:62:83:A4:2C:AE:0B:49:B7:FA:11:32:01:D4:08:92:82:7A:1D:FF:31:84:02:F0:36:8B Fingerprint (SHA1): C8:EE:21:9D:F2:5C:12:9F:C6:22:49:D2:76:C8:92:2E:E4:DD:FC:BF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1618: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171589 (0x1ee2abc5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:26:31 2015 Not After : Mon May 18 21:26:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:9b:eb:d3:ec:15:8d:78:c1:f8:99:58:a8:18:92:1e: dd:28:4b:3b:7b:05:f4:02:1f:d3:7d:7c:53:ab:a1:35: c6:2f:f3:85:99:3f:8b:df:49:6a:6d:d2:5f:b5:46:6c: f4:3f:da:55:52:59:7b:ae:f9:dc:62:f1:98:e9:27:82: ae:97:37:a5:9f:ca:00:1e:58:70:51:18:32:3f:f0:ca: 50:3e:1f:b7:05:48:4f:8a:dd:85:e7:51:67:a8:32:58: f5:ce:c8:c5:9a:77:0d:9d:ac:11:87:c5:0f:cd:e4:16: a3:b8:9a:bf:6b:17:41:14:76:6e:e7:98:7f:9d:49:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:b1:34:19:1d:46:20:10:45:66:c6:f6:d2:38:fc:98: 9c:2b:8d:f3:f0:b1:b7:2f:b7:b4:1f:70:a0:a1:e2:da: 32:05:45:c1:5f:e9:35:b9:69:7c:c1:d1:1f:27:53:6b: 28:3b:c3:70:91:8e:d8:2d:f5:48:09:2f:92:af:b0:2f: 6e:ea:eb:e0:87:17:b3:ed:5c:68:75:40:e5:1c:53:06: f7:04:ba:f0:55:c2:b4:af:ea:1a:5e:08:b3:7a:d1:3f: db:10:e6:dd:89:db:74:b2:87:e4:8f:c3:c3:e4:a7:74: 0d:bf:a4:a8:b0:dd:9d:ab:12:60:28:28:43:9b:fa:35 Fingerprint (SHA-256): 58:02:9B:A0:8F:96:BA:9D:28:DD:B5:AF:C7:2F:9E:27:9F:3D:DE:09:D8:CD:A9:E9:AD:D9:63:7B:18:8A:6C:EF Fingerprint (SHA1): 20:BC:E7:83:CC:D7:6C:86:22:1D:B2:DD:C0:BC:FF:AE:7C:89:D8:4F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1619: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #1620: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #1621: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1622: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1623: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1624: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171589 (0x1ee2abc5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:26:31 2015 Not After : Mon May 18 21:26:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:9b:eb:d3:ec:15:8d:78:c1:f8:99:58:a8:18:92:1e: dd:28:4b:3b:7b:05:f4:02:1f:d3:7d:7c:53:ab:a1:35: c6:2f:f3:85:99:3f:8b:df:49:6a:6d:d2:5f:b5:46:6c: f4:3f:da:55:52:59:7b:ae:f9:dc:62:f1:98:e9:27:82: ae:97:37:a5:9f:ca:00:1e:58:70:51:18:32:3f:f0:ca: 50:3e:1f:b7:05:48:4f:8a:dd:85:e7:51:67:a8:32:58: f5:ce:c8:c5:9a:77:0d:9d:ac:11:87:c5:0f:cd:e4:16: a3:b8:9a:bf:6b:17:41:14:76:6e:e7:98:7f:9d:49:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:b1:34:19:1d:46:20:10:45:66:c6:f6:d2:38:fc:98: 9c:2b:8d:f3:f0:b1:b7:2f:b7:b4:1f:70:a0:a1:e2:da: 32:05:45:c1:5f:e9:35:b9:69:7c:c1:d1:1f:27:53:6b: 28:3b:c3:70:91:8e:d8:2d:f5:48:09:2f:92:af:b0:2f: 6e:ea:eb:e0:87:17:b3:ed:5c:68:75:40:e5:1c:53:06: f7:04:ba:f0:55:c2:b4:af:ea:1a:5e:08:b3:7a:d1:3f: db:10:e6:dd:89:db:74:b2:87:e4:8f:c3:c3:e4:a7:74: 0d:bf:a4:a8:b0:dd:9d:ab:12:60:28:28:43:9b:fa:35 Fingerprint (SHA-256): 58:02:9B:A0:8F:96:BA:9D:28:DD:B5:AF:C7:2F:9E:27:9F:3D:DE:09:D8:CD:A9:E9:AD:D9:63:7B:18:8A:6C:EF Fingerprint (SHA1): 20:BC:E7:83:CC:D7:6C:86:22:1D:B2:DD:C0:BC:FF:AE:7C:89:D8:4F Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1625: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171589 (0x1ee2abc5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:26:31 2015 Not After : Mon May 18 21:26:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:9b:eb:d3:ec:15:8d:78:c1:f8:99:58:a8:18:92:1e: dd:28:4b:3b:7b:05:f4:02:1f:d3:7d:7c:53:ab:a1:35: c6:2f:f3:85:99:3f:8b:df:49:6a:6d:d2:5f:b5:46:6c: f4:3f:da:55:52:59:7b:ae:f9:dc:62:f1:98:e9:27:82: ae:97:37:a5:9f:ca:00:1e:58:70:51:18:32:3f:f0:ca: 50:3e:1f:b7:05:48:4f:8a:dd:85:e7:51:67:a8:32:58: f5:ce:c8:c5:9a:77:0d:9d:ac:11:87:c5:0f:cd:e4:16: a3:b8:9a:bf:6b:17:41:14:76:6e:e7:98:7f:9d:49:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:b1:34:19:1d:46:20:10:45:66:c6:f6:d2:38:fc:98: 9c:2b:8d:f3:f0:b1:b7:2f:b7:b4:1f:70:a0:a1:e2:da: 32:05:45:c1:5f:e9:35:b9:69:7c:c1:d1:1f:27:53:6b: 28:3b:c3:70:91:8e:d8:2d:f5:48:09:2f:92:af:b0:2f: 6e:ea:eb:e0:87:17:b3:ed:5c:68:75:40:e5:1c:53:06: f7:04:ba:f0:55:c2:b4:af:ea:1a:5e:08:b3:7a:d1:3f: db:10:e6:dd:89:db:74:b2:87:e4:8f:c3:c3:e4:a7:74: 0d:bf:a4:a8:b0:dd:9d:ab:12:60:28:28:43:9b:fa:35 Fingerprint (SHA-256): 58:02:9B:A0:8F:96:BA:9D:28:DD:B5:AF:C7:2F:9E:27:9F:3D:DE:09:D8:CD:A9:E9:AD:D9:63:7B:18:8A:6C:EF Fingerprint (SHA1): 20:BC:E7:83:CC:D7:6C:86:22:1D:B2:DD:C0:BC:FF:AE:7C:89:D8:4F Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1626: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #1627: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #1628: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1629: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1630: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1631: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171588 (0x1ee2abc4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:26:28 2015 Not After : Mon May 18 21:26:28 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:3b:b5:4a:83:a1:02:79:74:3f:51:6d:bd:79:eb:82: 50:a0:e2:2f:ec:a7:28:92:e7:10:68:2d:26:dc:d7:94: cd:a7:38:5f:1b:71:29:86:1d:5d:83:5d:45:d9:87:d2: 3a:fa:e8:2b:4b:a5:73:ee:4f:b9:1d:5f:91:44:65:75: b0:f4:68:f6:57:88:b9:f4:73:65:4f:77:d5:bd:f2:8c: 4e:17:15:d4:22:71:2b:af:c5:3d:01:fd:ca:a4:75:46: 6d:22:b6:7a:13:94:8a:2c:53:d3:3b:08:f9:7e:05:08: a3:17:cf:79:15:1d:db:99:6a:e7:5c:2d:57:c2:36:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:cb:24:cc:d8:3b:66:3a:0e:8a:fa:2d:6a:b0:e1:cf: 38:53:f1:4a:1c:cd:30:53:5c:1d:3c:ea:29:d9:ab:b5: bd:b1:a8:cc:d7:8f:76:d0:31:fd:9e:67:c4:22:1a:64: 56:ee:f9:c9:ea:de:8f:ee:c2:ed:17:62:1e:57:3d:51: 57:a8:40:73:9a:84:0d:42:87:90:55:68:28:fb:dd:a8: 70:f8:e7:74:d3:99:83:da:58:1b:a6:1b:18:94:d8:b0: 15:46:dc:71:df:46:d4:84:f7:a6:00:42:39:fa:44:f5: 6f:53:23:b3:c5:bc:e7:b3:5c:d9:12:5f:f0:1b:ef:ac Fingerprint (SHA-256): ED:E6:04:70:10:C5:E6:62:83:A4:2C:AE:0B:49:B7:FA:11:32:01:D4:08:92:82:7A:1D:FF:31:84:02:F0:36:8B Fingerprint (SHA1): C8:EE:21:9D:F2:5C:12:9F:C6:22:49:D2:76:C8:92:2E:E4:DD:FC:BF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1632: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171588 (0x1ee2abc4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:26:28 2015 Not After : Mon May 18 21:26:28 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:3b:b5:4a:83:a1:02:79:74:3f:51:6d:bd:79:eb:82: 50:a0:e2:2f:ec:a7:28:92:e7:10:68:2d:26:dc:d7:94: cd:a7:38:5f:1b:71:29:86:1d:5d:83:5d:45:d9:87:d2: 3a:fa:e8:2b:4b:a5:73:ee:4f:b9:1d:5f:91:44:65:75: b0:f4:68:f6:57:88:b9:f4:73:65:4f:77:d5:bd:f2:8c: 4e:17:15:d4:22:71:2b:af:c5:3d:01:fd:ca:a4:75:46: 6d:22:b6:7a:13:94:8a:2c:53:d3:3b:08:f9:7e:05:08: a3:17:cf:79:15:1d:db:99:6a:e7:5c:2d:57:c2:36:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:cb:24:cc:d8:3b:66:3a:0e:8a:fa:2d:6a:b0:e1:cf: 38:53:f1:4a:1c:cd:30:53:5c:1d:3c:ea:29:d9:ab:b5: bd:b1:a8:cc:d7:8f:76:d0:31:fd:9e:67:c4:22:1a:64: 56:ee:f9:c9:ea:de:8f:ee:c2:ed:17:62:1e:57:3d:51: 57:a8:40:73:9a:84:0d:42:87:90:55:68:28:fb:dd:a8: 70:f8:e7:74:d3:99:83:da:58:1b:a6:1b:18:94:d8:b0: 15:46:dc:71:df:46:d4:84:f7:a6:00:42:39:fa:44:f5: 6f:53:23:b3:c5:bc:e7:b3:5c:d9:12:5f:f0:1b:ef:ac Fingerprint (SHA-256): ED:E6:04:70:10:C5:E6:62:83:A4:2C:AE:0B:49:B7:FA:11:32:01:D4:08:92:82:7A:1D:FF:31:84:02:F0:36:8B Fingerprint (SHA1): C8:EE:21:9D:F2:5C:12:9F:C6:22:49:D2:76:C8:92:2E:E4:DD:FC:BF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1633: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #1634: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171593 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1635: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #1636: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #1637: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171594 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1638: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #1639: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #1640: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171595 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1641: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #1642: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #1643: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171596 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1644: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #1645: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #1646: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171597 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1647: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #1648: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #1649: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171598 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1650: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #1651: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #1652: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171599 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1653: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #1654: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #1655: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171600 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1656: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #1657: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #1658: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171601 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1659: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #1660: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #1661: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1662: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518171602 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1663: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1664: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518171603 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1665: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1666: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518171604 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1667: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1668: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #1669: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #1670: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1671: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518171605 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1672: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1673: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518171606 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1674: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1675: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518171607 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1676: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1677: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #1678: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #1679: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1680: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518171608 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1681: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1682: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518171609 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1683: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1684: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518171610 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1685: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1686: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #1687: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #1688: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1689: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518171611 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1690: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1691: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518171612 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1692: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1693: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518171613 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1694: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1695: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #1696: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1697: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1698: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518171614 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1699: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1700: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1701: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1702: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171615 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1703: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1704: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171593 (0x1ee2abc9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 21:26:59 2015 Not After : Mon May 18 21:26:59 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:89:e4:14:72:4c:65:f5:8b:6d:ae:d0:d8:d4:71:43: e6:bb:df:d8:61:46:d4:c7:43:d6:d2:03:c1:f2:ec:81: 0d:41:5f:dd:fe:11:db:88:3c:3f:00:7c:4d:47:d0:a0: 80:04:78:86:5e:f8:1f:d3:62:d9:c3:44:8e:75:0d:d8: d8:31:71:42:23:f2:38:82:ae:37:c1:17:77:3b:aa:94: 4a:62:ab:31:41:d4:80:7b:91:a6:c1:e6:30:1a:95:eb: 08:73:e7:48:32:6f:55:77:81:1e:b8:4a:8d:f1:77:fa: 33:d7:96:ed:63:af:39:d4:3b:17:21:2a:f4:35:5a:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 34:a6:d3:37:05:c3:46:e2:05:3a:ca:42:7c:60:db:f4: cb:9a:4a:8b:53:06:0b:df:d4:11:e1:b2:ac:7f:31:a2: 5d:5b:b7:6f:a5:54:1c:0d:f2:7f:d9:cb:a5:13:0d:45: 34:cf:03:4d:0e:10:80:0b:f6:d4:4e:a1:db:fe:2e:96: e4:3f:84:fd:93:86:92:0b:ad:3f:ca:bc:4e:c2:4c:aa: 8d:83:0a:1f:ad:11:ea:f2:eb:19:38:e2:89:11:1d:2d: 8b:4c:f0:e1:16:e9:f9:c7:1a:7f:ce:07:62:57:1a:c4: 9b:9e:44:a5:4c:6b:af:1b:0f:cc:27:01:cb:7c:30:50 Fingerprint (SHA-256): C5:E3:D0:56:A0:0D:24:DD:A8:7E:42:AD:9B:2B:B0:6C:64:91:3F:9E:65:79:AE:EE:D6:2D:5B:59:8F:84:8A:6F Fingerprint (SHA1): 56:5D:7D:12:64:94:A3:40:3E:85:38:86:0F:5F:02:D6:6A:A9:4C:70 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1705: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171594 (0x1ee2abca) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 21:27:01 2015 Not After : Mon May 18 21:27:01 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:f6:d2:92:cd:bd:ed:a1:bf:a3:2c:ea:5f:e5:88:f2: c2:13:08:21:11:84:37:2d:62:b9:14:0d:db:81:51:d8: 09:48:36:7d:9e:e5:68:1e:ba:98:11:be:07:e3:2b:db: 1b:50:f1:35:80:26:62:06:a2:ce:80:cb:41:8e:56:31: 1a:d7:60:01:7e:be:d9:01:0a:91:fc:f5:bb:40:ae:c7: d9:da:b2:51:ca:b3:29:c8:a4:c0:cc:ee:13:4c:5f:10: 0a:6b:b9:51:4d:6a:b6:00:b4:75:b7:b7:d9:28:dc:db: 51:73:06:67:61:93:37:c2:5f:ed:60:25:de:89:1d:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6a:10:88:be:a1:d1:f7:75:55:5d:28:bf:ae:c2:41:59: ee:06:2b:8c:65:ca:79:31:9b:cb:e7:19:cf:cd:6e:2c: f9:ec:30:5f:92:ec:34:42:9e:53:ab:0d:98:85:bc:e7: 6e:10:fb:af:80:ff:83:57:20:76:e8:2c:7f:46:e2:01: d4:8b:e1:7f:f0:06:67:ea:d9:b5:94:86:bf:d4:c4:ed: b5:b4:4d:14:89:ef:1c:15:df:6b:10:0f:e2:ba:ff:39: 02:d7:cc:ac:b3:f4:6b:3d:f4:e2:35:a8:37:24:ad:88: 75:93:d0:a6:81:2d:c7:bf:98:d4:85:c8:25:c2:be:d5 Fingerprint (SHA-256): 62:4F:A2:BB:65:8A:8E:58:43:E7:24:44:3B:75:54:F2:CB:E7:34:B2:9C:B5:B9:9D:C5:55:F3:8C:5C:67:04:06 Fingerprint (SHA1): D3:CB:FB:AC:A3:66:C4:C9:EA:3F:67:9C:06:D6:0C:42:33:92:42:0E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1706: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171595 (0x1ee2abcb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 21:27:04 2015 Not After : Mon May 18 21:27:04 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:66:1b:47:74:97:d6:35:2b:3a:e7:4c:b8:7a:d3:c4: 31:6f:0e:dd:e9:9a:7e:b4:a3:9c:4e:51:5b:a0:81:61: 0d:ac:d7:c1:6b:b7:29:ca:4c:43:7c:ab:57:cd:26:5d: 84:6f:cc:f4:29:36:7c:67:dc:35:4a:ee:1a:9b:06:a7: 1b:41:89:0e:3b:eb:6b:23:93:91:95:07:f5:9e:49:7e: 0a:8b:25:97:fa:34:a0:ef:6d:76:41:fc:1a:91:4b:0f: 23:0a:23:64:e2:6c:74:21:7d:ac:9d:4c:b2:b4:73:34: 30:c5:bb:9b:85:84:b9:ed:13:cb:e9:a1:1f:9b:49:e5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:a2:19:7b:52:b6:ae:2a:84:41:04:5c:db:de:ac:4b: 26:f7:98:c4:ea:e4:59:99:ef:e6:df:da:df:3c:55:4f: c6:3c:a5:d8:64:d9:6d:4e:ff:ad:de:1f:88:c1:67:68: 55:ae:c6:cf:a4:0a:4d:03:99:91:f4:c9:fb:d5:a5:bd: c8:0f:db:cb:9c:2a:d9:6d:e8:3b:d7:da:b7:b7:3d:9f: 84:ff:4b:f8:1a:07:81:66:1b:fa:7e:05:3a:64:a6:3c: eb:8a:25:35:47:c0:98:3e:65:18:d7:f3:99:13:6f:de: a3:f2:7f:a6:c3:fc:f0:d3:0a:8d:e7:69:32:71:e1:91 Fingerprint (SHA-256): 93:D9:F1:8C:91:D3:DE:0D:3D:B1:8C:6A:BF:19:95:34:2D:C1:93:49:11:BD:47:27:A0:91:DE:A0:1F:F7:58:D8 Fingerprint (SHA1): 95:F9:EE:B3:63:07:21:72:63:BB:24:35:E1:24:B5:62:DA:46:03:4D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1707: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171596 (0x1ee2abcc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 21:27:07 2015 Not After : Mon May 18 21:27:07 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:87:32:ac:96:0d:26:42:31:ad:39:de:c0:7c:0c:5c: 6e:31:2c:ea:57:ed:9c:0e:94:2c:20:e3:55:45:7b:14: 93:04:f6:d2:8e:e0:5d:8d:22:a9:e8:da:1b:1c:69:dd: 5f:e2:0f:b5:1a:cc:dc:d3:1e:1c:f8:32:6e:1a:88:9d: 44:3c:4f:eb:17:78:ab:fc:03:fe:91:06:13:bd:a2:19: 8e:20:8e:b7:f5:aa:ea:8d:2e:f2:22:e9:df:db:ff:34: a7:56:f5:c1:0c:3d:67:89:f8:42:b5:1c:65:46:c3:30: a8:33:a1:88:97:c3:da:47:23:6e:b2:0c:12:ec:1f:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:e0:ea:7b:4e:db:c6:e4:8f:2c:b5:ea:5f:22:89:e8: 1e:dd:38:c6:ed:1a:af:8b:4a:3d:45:b0:55:dd:95:29: b1:46:23:11:f8:6e:fb:12:4f:89:03:69:85:2b:07:d2: 3c:12:bd:76:bc:f5:c9:0c:8c:37:fd:e5:78:b8:84:a0: a8:b1:fb:d2:4f:67:ae:7c:ee:89:30:45:4e:e2:c9:1d: 22:2b:ed:09:5d:70:f6:73:58:e3:d7:84:bb:6a:3f:e3: 0b:be:45:a9:6d:e3:93:c9:43:fd:d9:4e:48:cd:0a:5b: 4b:d4:3a:0b:d6:93:bd:e1:7d:78:63:b5:5b:41:2b:cc Fingerprint (SHA-256): 4B:14:B7:8C:95:EC:BC:E2:18:24:BB:37:37:6E:29:16:C4:4C:A0:9D:7C:48:E0:A4:D1:A6:42:6B:39:F9:B4:76 Fingerprint (SHA1): 91:10:48:57:A2:2C:93:2F:C7:A3:77:34:2A:F2:29:02:50:56:E4:E1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1708: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171597 (0x1ee2abcd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 21:27:10 2015 Not After : Mon May 18 21:27:10 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f2:d0:77:48:69:58:9b:f5:ca:24:c4:bd:48:30:c2:30: d6:1b:3f:da:61:ec:db:7f:2d:c8:d5:33:c6:0b:e7:fb: c4:b9:3c:f7:d9:dc:16:24:91:32:10:25:df:4e:e7:5a: 3d:8f:65:15:10:6c:7c:b1:c0:32:a1:05:5a:c1:86:5a: 50:e2:3f:e4:b8:c1:d3:62:13:c4:d2:0c:16:82:c2:c9: 42:5a:5f:74:9a:b2:4f:03:29:3d:e7:71:00:d2:f8:47: bc:c2:71:de:21:67:af:a8:82:e7:25:65:77:59:3b:bc: 37:8d:e4:04:5b:bd:9b:e4:8d:a2:b5:4d:6f:0d:f0:33 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e9:f7:33:77:1e:8c:fc:c2:02:c2:20:d0:85:87:29:f0: 7f:f2:ca:e5:b0:87:65:f1:f5:e3:c0:00:71:aa:09:77: 4c:16:13:0b:f9:71:ff:37:80:6f:70:e9:28:69:3e:68: cd:d6:f2:8d:e3:3b:ce:1a:f1:93:1f:d9:e2:f2:b9:71: 81:d1:86:cb:7d:86:41:cf:22:c7:f9:4c:0d:ca:5a:88: 92:70:e1:7a:c4:ba:98:38:e1:71:81:05:e3:1d:16:62: db:40:ca:99:55:72:1c:fa:92:71:e0:10:19:ba:c8:23: bc:cb:3d:b6:67:dd:1a:ca:7a:84:9a:6c:a2:07:96:5a Fingerprint (SHA-256): 8C:2A:29:DA:7B:41:86:E4:36:4D:65:AD:DB:1E:39:93:90:60:4A:F2:4D:37:18:B7:27:23:35:00:96:4E:EF:03 Fingerprint (SHA1): CF:FF:5D:C3:F9:46:A4:61:9D:E5:C5:25:C6:B3:18:6C:8C:9D:D1:1D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1709: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171598 (0x1ee2abce) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 21:27:13 2015 Not After : Mon May 18 21:27:13 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:e1:bd:55:eb:4b:61:82:44:61:a6:c6:b4:f3:d7:da: 8d:5f:fc:57:c0:cd:90:f5:29:3c:38:a6:a4:eb:3f:09: 35:e5:5c:ff:3d:f6:25:c0:a3:21:d8:11:c6:27:1e:33: b2:18:74:f6:1a:75:77:c3:a3:47:3f:e9:ae:4b:15:7a: 5f:df:a5:06:ba:59:97:3b:63:f6:46:b5:79:31:3b:24: 14:f5:d1:71:b7:f7:b3:0b:cc:e1:89:1d:5d:48:2a:f5: 44:43:35:33:96:b4:84:b8:bb:a1:ee:d3:28:0e:d3:e0: 9f:41:3e:d3:9c:ee:81:98:3b:8d:62:87:c8:d0:49:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:51:d4:17:78:53:b9:55:d7:52:e3:09:8d:9b:6c:32: 55:a6:80:f4:9b:30:09:13:00:08:c7:14:f1:22:b5:44: d4:e5:58:50:03:26:7b:6b:df:e8:be:3d:9d:36:3a:b6: 29:00:6b:ba:3d:19:38:95:08:ed:06:d9:a5:07:ee:90: e5:25:a4:9b:cc:e1:9a:c1:a7:77:23:22:6d:eb:dd:86: ed:dd:9f:04:c6:be:ba:39:dd:1f:b9:9a:c3:4b:10:41: dc:12:ce:db:88:51:f1:0a:c7:34:68:14:75:19:81:2f: 3a:dc:25:c9:63:1d:b0:ef:59:15:7d:44:cd:4e:a2:80 Fingerprint (SHA-256): 2E:2D:07:6C:A6:4C:57:6D:1B:2C:6B:69:0D:DE:34:6B:F4:93:A3:30:4B:4A:A2:58:56:AA:EF:C3:D8:51:46:DF Fingerprint (SHA1): DE:F2:81:DB:6A:18:44:1F:2C:2A:8C:AD:7B:C2:CD:63:E9:98:AC:C5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1710: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171599 (0x1ee2abcf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 21:27:16 2015 Not After : Mon May 18 21:27:16 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:1c:ad:c5:20:60:03:ac:89:11:3b:46:8e:c5:54:21: 66:ec:5a:8d:cc:c0:90:0c:8e:db:0f:58:9a:76:20:ce: 14:0d:b2:ad:bc:09:4b:d6:bd:3f:e2:16:49:c2:f6:e4: d0:d3:50:c0:c9:86:99:c7:6d:15:1a:d1:c9:1d:5f:92: b7:b3:d1:9a:00:9d:02:ee:25:5c:04:c9:91:9f:73:2f: 87:13:dc:2c:12:42:21:73:92:f0:8b:16:5f:b7:b6:29: 1d:dc:66:d7:dd:c1:4d:f8:0f:52:16:b6:6e:88:fa:03: f0:56:59:d4:14:90:c7:03:e7:34:8b:a4:e8:6a:85:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:13:2c:f7:97:c5:c4:30:0d:fb:99:21:42:ce:9b:18: ee:55:bc:5d:c7:5f:6a:64:2d:b5:a0:5e:d2:70:8e:f1: 59:be:69:a6:c1:e2:b9:8d:47:07:cf:1d:07:bd:f8:ed: 2e:82:97:6f:af:d2:78:0a:7d:39:53:be:eb:7e:a1:33: 50:22:22:f8:8d:74:71:d9:ef:05:6c:58:d0:5a:bb:e0: fe:fc:25:b1:fe:05:a7:a7:b8:a5:98:f1:f3:f3:72:60: 1c:8d:fd:3c:ee:7a:22:16:22:f4:05:40:ef:32:fd:5c: 15:2f:b9:9a:e9:4a:03:e6:6e:73:8b:0d:7f:08:bb:18 Fingerprint (SHA-256): 3D:1B:44:B5:81:DB:16:DB:19:8A:CF:4D:DD:E1:1C:2A:B4:59:D4:47:02:65:47:E8:F6:D1:A3:0F:32:59:55:A5 Fingerprint (SHA1): 91:34:8C:50:8F:7E:5C:F2:F9:2F:6D:5F:62:81:61:16:A7:19:45:5F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1711: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171600 (0x1ee2abd0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 21:27:19 2015 Not After : Mon May 18 21:27:19 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b3:32:c9:4b:de:0b:28:a7:60:a7:24:83:67:60:66: 2d:90:3f:c4:4b:93:1f:6d:eb:bc:7e:71:42:9c:0c:ef: e9:b6:ee:bb:dd:06:48:0a:e3:e3:76:bf:72:ca:f2:0d: 43:b6:d3:54:ac:d2:71:5a:06:28:c6:93:cf:4e:e9:ca: 3c:e2:78:37:04:8c:93:79:8a:3e:fc:6e:09:0f:3b:60: 86:75:a0:3c:54:e9:ab:0d:13:6c:9f:e8:25:e5:80:33: 52:56:e4:64:36:87:b3:d3:9f:66:2b:53:1f:0e:6b:c0: 4c:bf:94:d5:a2:90:68:ef:85:19:17:71:5e:12:26:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b7:db:2b:68:d7:51:99:e9:45:de:aa:2e:28:ae:60:7e: 25:1f:be:84:b1:33:a9:fe:67:59:c8:38:ea:44:ca:08: 84:d8:55:5d:0e:08:16:82:9e:62:63:18:77:59:01:b4: 6a:25:ff:80:9c:c2:99:ed:d9:a7:7c:cd:36:b3:1e:b1: 3b:f5:52:20:bd:05:7a:0f:34:57:82:55:e2:9b:17:16: d1:67:c7:b3:7d:c6:2e:d3:f4:b9:28:65:cb:e0:8d:40: 48:6a:5a:7b:18:74:c7:a1:e7:2d:28:1d:30:4e:47:3f: 23:fc:8e:3a:f0:48:b4:0f:7c:71:fa:72:08:7c:70:a2 Fingerprint (SHA-256): B2:6C:2B:24:1E:76:16:6A:4F:F1:49:01:48:32:A2:3D:4C:20:5F:0E:C1:D2:B1:E8:50:5B:CE:D7:FF:93:B7:A3 Fingerprint (SHA1): BA:D7:3C:1D:E3:50:9B:D7:B5:88:39:91:B8:16:D1:9D:08:CD:5D:FD Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1712: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171601 (0x1ee2abd1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 21:27:22 2015 Not After : Mon May 18 21:27:22 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:30:0a:33:99:64:d7:9f:f6:82:d4:4b:44:ee:bb:00: dc:43:b6:b0:29:c9:57:ca:98:07:70:f4:0a:92:4f:ba: 69:06:67:eb:17:50:d2:17:d8:18:f5:7a:4a:c8:bb:21: 14:16:0f:fa:b0:d2:21:02:43:1f:3f:9a:ae:9c:81:83: 15:c8:75:bd:56:6f:e5:cf:3a:97:6b:1b:04:01:bb:19: db:59:b1:0e:0c:82:60:9f:ea:50:3f:a7:8c:a0:fd:e5: d4:ff:cb:79:5a:48:b7:0d:96:9d:40:35:ec:ee:b0:9e: df:5c:66:f4:c7:76:87:b9:2f:cb:1a:84:79:ed:9d:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:b0:cc:6b:5c:93:94:ce:78:e9:88:96:87:d4:7b:1a: 18:59:93:6b:71:b2:1c:c4:99:09:74:1d:0a:08:9a:e8: b6:eb:74:6f:dd:ca:d4:5d:9c:c0:ce:30:fc:84:44:7c: ac:30:1b:3b:16:e3:80:e8:a7:1e:8f:53:11:14:37:2a: bd:8a:51:c1:6b:29:b3:56:e8:95:a4:a5:46:b0:67:ec: 73:4e:25:f6:36:2c:d2:52:f3:bd:d9:6d:3b:09:b7:4e: 88:47:92:4c:51:fe:55:5d:b7:da:31:43:96:f6:cb:ef: 0d:d9:b6:0b:af:15:7d:c2:ab:b0:cb:86:e5:bf:9f:6b Fingerprint (SHA-256): F4:BE:88:92:D6:B7:A6:0C:2B:E0:24:41:6F:AD:51:8A:27:8D:86:F6:42:37:93:2B:93:19:F7:56:D2:49:88:7C Fingerprint (SHA1): 55:64:CC:5C:F9:B7:B5:5E:9B:7E:9D:D3:E6:BA:E9:D3:C5:1C:16:2A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1713: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1714: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171616 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1715: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1716: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1717: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1718: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171617 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1719: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1720: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1721: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1722: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171618 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1723: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1724: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1725: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1726: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171619 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1727: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1728: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1729: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171616 (0x1ee2abe0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:01 2015 Not After : Mon May 18 21:28:01 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:50:1f:80:38:0d:26:73:da:eb:35:f5:45:66:c1:bf: 05:19:ee:d8:3a:01:15:29:e5:86:b8:ef:20:8b:db:1b: 8b:5a:62:f2:72:8c:b2:74:99:7a:50:91:41:49:60:61: 32:9c:6e:68:d3:94:d6:c1:f4:63:2a:1d:97:f0:dd:0f: 6d:7e:04:92:41:85:6d:4e:d1:60:4c:c6:63:8c:f4:0c: da:a9:ab:24:93:40:61:9d:b3:53:94:7a:aa:da:6a:36: e2:69:20:ba:9e:12:da:14:46:16:0e:e7:6c:a8:f5:73: 98:ab:a5:9c:d2:1a:f8:ac:fa:fd:bb:fa:42:7a:0c:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:c7:83:0f:e7:de:cf:a2:32:29:83:72:08:0c:ce:3e: 23:10:97:e3:ae:10:28:41:4b:00:39:1e:9d:97:af:db: f6:6b:69:dc:1e:0f:11:40:f6:ca:9a:8b:4d:46:01:46: aa:8a:76:c5:e8:d4:6f:0d:d8:f8:48:e6:80:74:d1:60: 40:07:ed:2b:f1:ed:ec:90:a9:cb:d6:13:5b:96:cf:e8: e0:72:38:7f:4b:e9:0f:61:af:43:04:bc:b5:68:6a:27: 4a:9e:3e:44:bf:99:b9:8a:f2:ff:a9:a9:22:e1:cd:36: 46:bc:54:5d:a5:39:f3:09:0e:8e:ad:e5:a7:2e:aa:8a Fingerprint (SHA-256): DE:95:37:53:79:7E:70:62:05:63:13:D7:29:F3:E4:61:57:28:0F:2A:51:0C:CD:3A:54:F4:7A:EE:81:90:64:DE Fingerprint (SHA1): EA:07:91:67:A9:CA:CA:1E:F7:1D:4F:F0:6E:56:EC:5E:28:9D:CA:4D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1730: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1731: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171617 (0x1ee2abe1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:04 2015 Not After : Mon May 18 21:28:04 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:26:f0:7e:39:98:ca:e9:d4:ee:0f:0d:69:ba:09:46: 80:9f:c2:01:78:85:80:77:dd:0b:76:fe:70:49:05:f9: e4:67:3e:57:b5:6a:ae:aa:fb:ef:bb:b0:2e:34:83:9f: 02:a7:1d:36:09:0d:7e:fa:7e:e3:39:ab:26:4a:d4:88: e6:18:6a:f3:e8:34:8b:f3:4f:06:44:29:a7:4e:6e:e4: 80:f6:d5:a4:d8:dc:35:e9:fa:9e:48:c9:65:0d:7a:15: 49:2b:34:38:ae:50:96:df:2b:b5:af:72:a0:8f:64:11: d5:17:80:44:62:b0:12:1c:00:c9:78:a9:01:59:b7:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bb:21:2b:0b:04:b7:7e:a7:9b:10:3d:75:a7:50:4c:13: 03:6a:61:b5:17:e7:ff:66:3f:48:ce:1b:72:11:63:66: 18:5c:48:eb:6a:61:ee:07:47:3e:22:d4:47:ce:26:c7: 61:10:84:4f:ca:ca:de:6f:7a:38:63:1a:ac:7a:dd:80: 04:b0:50:b2:41:10:ef:7b:a5:5d:74:a0:e0:84:12:cc: d9:8e:d9:52:b6:5e:15:2f:33:0a:6b:9d:54:0c:7b:6c: 50:39:6e:80:a0:e2:9d:b2:1f:e1:0e:3f:3e:e3:23:6a: a4:87:3d:fb:45:c1:a0:45:15:0e:1e:1d:ac:09:b4:d1 Fingerprint (SHA-256): E9:FA:DF:A0:43:4D:17:4A:84:1F:D7:6F:E9:91:A7:0A:37:70:12:53:CB:7D:42:43:F8:02:07:1A:EA:D2:3E:5F Fingerprint (SHA1): 72:71:4C:00:AD:A4:33:55:51:76:AD:0B:E2:FE:35:42:74:BE:8C:FF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1732: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1733: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171618 (0x1ee2abe2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:08 2015 Not After : Mon May 18 21:28:08 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 95:ca:78:8b:c5:6a:2f:9b:5a:cd:3a:62:16:0a:95:cc: 6c:20:a4:c4:73:9e:83:2c:96:71:66:5e:bf:60:4c:2e: 2a:ab:0f:f2:33:c9:7d:f6:53:9a:fd:3e:a6:c6:53:74: 51:0c:f4:ec:a3:6f:63:8e:d3:90:22:3f:01:b4:3d:3e: fd:b0:6d:31:6a:b9:6c:e3:0e:a0:c2:50:6a:ce:b4:e8: a9:ab:e8:da:79:65:e8:e5:52:7d:24:99:23:1d:6a:3f: 03:be:21:43:f5:71:13:ab:36:36:8e:25:95:fa:6e:9d: 8d:82:f3:ae:5e:50:ef:c0:9c:eb:45:c9:89:3f:36:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:af:89:57:71:2a:34:5d:81:82:eb:e8:f4:87:66:8b: 11:69:a7:66:cc:84:79:30:f1:00:40:ec:83:35:4d:94: b4:3a:0b:b6:f5:61:32:90:8d:75:ba:ec:04:90:2c:20: 07:68:a3:4a:80:46:9d:d7:d8:f3:e0:9d:3f:01:55:e8: f7:fa:8d:c5:70:b5:04:03:62:b9:ae:8d:2b:9a:f6:6a: a7:4b:19:1e:66:d5:75:71:ad:53:cf:eb:2b:74:03:62: d8:cf:79:ce:32:18:8d:23:bb:c0:4b:f0:55:ee:cd:1e: f6:d8:22:85:bd:13:a6:e7:f9:b3:a7:f6:ea:03:07:05 Fingerprint (SHA-256): 07:85:E4:BC:D6:80:4A:E6:DB:36:BC:7B:0D:D8:30:15:27:0D:5C:84:7E:A0:77:0E:C5:35:DB:B1:9D:2E:A1:8F Fingerprint (SHA1): A6:56:F2:29:D2:C1:6F:6F:C7:90:C4:D4:36:A2:1E:72:91:EF:95:5D Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1734: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1735: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1736: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1737: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1738: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171616 (0x1ee2abe0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:01 2015 Not After : Mon May 18 21:28:01 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:50:1f:80:38:0d:26:73:da:eb:35:f5:45:66:c1:bf: 05:19:ee:d8:3a:01:15:29:e5:86:b8:ef:20:8b:db:1b: 8b:5a:62:f2:72:8c:b2:74:99:7a:50:91:41:49:60:61: 32:9c:6e:68:d3:94:d6:c1:f4:63:2a:1d:97:f0:dd:0f: 6d:7e:04:92:41:85:6d:4e:d1:60:4c:c6:63:8c:f4:0c: da:a9:ab:24:93:40:61:9d:b3:53:94:7a:aa:da:6a:36: e2:69:20:ba:9e:12:da:14:46:16:0e:e7:6c:a8:f5:73: 98:ab:a5:9c:d2:1a:f8:ac:fa:fd:bb:fa:42:7a:0c:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:c7:83:0f:e7:de:cf:a2:32:29:83:72:08:0c:ce:3e: 23:10:97:e3:ae:10:28:41:4b:00:39:1e:9d:97:af:db: f6:6b:69:dc:1e:0f:11:40:f6:ca:9a:8b:4d:46:01:46: aa:8a:76:c5:e8:d4:6f:0d:d8:f8:48:e6:80:74:d1:60: 40:07:ed:2b:f1:ed:ec:90:a9:cb:d6:13:5b:96:cf:e8: e0:72:38:7f:4b:e9:0f:61:af:43:04:bc:b5:68:6a:27: 4a:9e:3e:44:bf:99:b9:8a:f2:ff:a9:a9:22:e1:cd:36: 46:bc:54:5d:a5:39:f3:09:0e:8e:ad:e5:a7:2e:aa:8a Fingerprint (SHA-256): DE:95:37:53:79:7E:70:62:05:63:13:D7:29:F3:E4:61:57:28:0F:2A:51:0C:CD:3A:54:F4:7A:EE:81:90:64:DE Fingerprint (SHA1): EA:07:91:67:A9:CA:CA:1E:F7:1D:4F:F0:6E:56:EC:5E:28:9D:CA:4D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1739: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1740: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171617 (0x1ee2abe1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:04 2015 Not After : Mon May 18 21:28:04 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:26:f0:7e:39:98:ca:e9:d4:ee:0f:0d:69:ba:09:46: 80:9f:c2:01:78:85:80:77:dd:0b:76:fe:70:49:05:f9: e4:67:3e:57:b5:6a:ae:aa:fb:ef:bb:b0:2e:34:83:9f: 02:a7:1d:36:09:0d:7e:fa:7e:e3:39:ab:26:4a:d4:88: e6:18:6a:f3:e8:34:8b:f3:4f:06:44:29:a7:4e:6e:e4: 80:f6:d5:a4:d8:dc:35:e9:fa:9e:48:c9:65:0d:7a:15: 49:2b:34:38:ae:50:96:df:2b:b5:af:72:a0:8f:64:11: d5:17:80:44:62:b0:12:1c:00:c9:78:a9:01:59:b7:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bb:21:2b:0b:04:b7:7e:a7:9b:10:3d:75:a7:50:4c:13: 03:6a:61:b5:17:e7:ff:66:3f:48:ce:1b:72:11:63:66: 18:5c:48:eb:6a:61:ee:07:47:3e:22:d4:47:ce:26:c7: 61:10:84:4f:ca:ca:de:6f:7a:38:63:1a:ac:7a:dd:80: 04:b0:50:b2:41:10:ef:7b:a5:5d:74:a0:e0:84:12:cc: d9:8e:d9:52:b6:5e:15:2f:33:0a:6b:9d:54:0c:7b:6c: 50:39:6e:80:a0:e2:9d:b2:1f:e1:0e:3f:3e:e3:23:6a: a4:87:3d:fb:45:c1:a0:45:15:0e:1e:1d:ac:09:b4:d1 Fingerprint (SHA-256): E9:FA:DF:A0:43:4D:17:4A:84:1F:D7:6F:E9:91:A7:0A:37:70:12:53:CB:7D:42:43:F8:02:07:1A:EA:D2:3E:5F Fingerprint (SHA1): 72:71:4C:00:AD:A4:33:55:51:76:AD:0B:E2:FE:35:42:74:BE:8C:FF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1741: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1742: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171618 (0x1ee2abe2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:08 2015 Not After : Mon May 18 21:28:08 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 95:ca:78:8b:c5:6a:2f:9b:5a:cd:3a:62:16:0a:95:cc: 6c:20:a4:c4:73:9e:83:2c:96:71:66:5e:bf:60:4c:2e: 2a:ab:0f:f2:33:c9:7d:f6:53:9a:fd:3e:a6:c6:53:74: 51:0c:f4:ec:a3:6f:63:8e:d3:90:22:3f:01:b4:3d:3e: fd:b0:6d:31:6a:b9:6c:e3:0e:a0:c2:50:6a:ce:b4:e8: a9:ab:e8:da:79:65:e8:e5:52:7d:24:99:23:1d:6a:3f: 03:be:21:43:f5:71:13:ab:36:36:8e:25:95:fa:6e:9d: 8d:82:f3:ae:5e:50:ef:c0:9c:eb:45:c9:89:3f:36:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:af:89:57:71:2a:34:5d:81:82:eb:e8:f4:87:66:8b: 11:69:a7:66:cc:84:79:30:f1:00:40:ec:83:35:4d:94: b4:3a:0b:b6:f5:61:32:90:8d:75:ba:ec:04:90:2c:20: 07:68:a3:4a:80:46:9d:d7:d8:f3:e0:9d:3f:01:55:e8: f7:fa:8d:c5:70:b5:04:03:62:b9:ae:8d:2b:9a:f6:6a: a7:4b:19:1e:66:d5:75:71:ad:53:cf:eb:2b:74:03:62: d8:cf:79:ce:32:18:8d:23:bb:c0:4b:f0:55:ee:cd:1e: f6:d8:22:85:bd:13:a6:e7:f9:b3:a7:f6:ea:03:07:05 Fingerprint (SHA-256): 07:85:E4:BC:D6:80:4A:E6:DB:36:BC:7B:0D:D8:30:15:27:0D:5C:84:7E:A0:77:0E:C5:35:DB:B1:9D:2E:A1:8F Fingerprint (SHA1): A6:56:F2:29:D2:C1:6F:6F:C7:90:C4:D4:36:A2:1E:72:91:EF:95:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1743: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1744: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1745: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171620 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1746: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1747: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1748: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1749: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171621 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1750: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1751: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1752: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1753: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171622 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1754: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1755: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1756: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1757: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518171623 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1758: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1759: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1760: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1761: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518171624 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1762: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1763: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1764: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171620 (0x1ee2abe4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:24 2015 Not After : Mon May 18 21:28:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:a1:a0:35:3d:57:d5:38:7d:68:c0:67:9c:4f:89:4e: 13:15:8e:45:7f:a0:3c:4f:97:61:ff:fd:b2:48:02:97: 5b:36:f4:73:71:77:bd:14:3c:53:8a:ad:fc:08:6c:4d: 1e:8a:02:a4:2d:3e:92:92:b6:5b:af:e5:a9:89:bf:3d: da:09:a0:28:6c:7f:7b:8a:1f:b4:bf:8a:fc:a8:76:8d: 2b:86:d3:95:d7:24:f1:e2:db:20:b2:16:60:5d:cd:95: c6:d3:c4:fe:84:a5:0e:29:08:26:66:7f:ca:b4:87:2e: e3:7a:34:8b:fe:5b:7a:c9:c6:eb:19:f5:ac:b0:ca:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d9:6d:08:21:d5:8a:cb:9c:7f:c5:c0:57:6d:85:85:1c: 9c:c1:77:98:7c:35:04:11:1a:28:f1:1d:07:de:40:dd: ec:b6:b7:79:f4:40:b4:9b:72:90:9b:d3:f2:d0:6c:6f: 45:3a:76:80:6b:e7:bc:71:58:be:f0:89:80:92:57:ec: 92:e4:fc:b5:36:51:c3:f4:c5:ba:00:08:27:50:e1:c8: a3:2e:9f:37:f6:53:76:e4:62:cd:89:bd:8b:90:54:dc: 6f:5f:11:35:49:37:87:9d:5b:8d:75:d2:d6:26:c1:93: cb:23:14:98:92:ec:fd:a8:f9:0a:82:2d:93:d6:3a:55 Fingerprint (SHA-256): 45:89:A8:CF:7E:C2:75:2C:B0:42:59:22:FA:B6:9D:25:AF:42:77:09:C7:B4:22:70:98:43:5B:E3:8D:4A:9A:10 Fingerprint (SHA1): D8:57:C8:3C:09:2F:FA:8F:16:12:C2:C6:94:4C:84:63:F4:D3:B3:79 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1765: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1766: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171621 (0x1ee2abe5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:27 2015 Not After : Mon May 18 21:28:27 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:49:3e:41:81:9f:0e:c5:b7:5d:5a:cc:db:1b:78:2e: 9f:4e:0b:61:40:3a:10:9c:de:99:fe:76:0f:02:ad:5a: 43:80:46:40:a2:55:af:a9:43:39:3e:ff:5c:18:ad:06: b5:90:5f:00:11:69:27:7c:bb:e8:ff:b6:34:7c:29:81: 33:9b:35:23:4d:ff:43:fb:2c:de:2d:51:e0:ee:04:30: 49:cd:46:84:8f:a4:2c:bf:78:0f:9b:0b:f7:4f:9c:4e: af:69:e8:c3:8f:32:78:af:e5:aa:84:13:0c:f8:24:62: 90:f5:40:e3:fd:83:80:48:96:b4:fd:6c:a0:cf:6d:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:1e:29:23:0b:b0:73:e6:cc:07:51:f5:95:29:3f:dc: d1:d3:ee:b7:92:31:a4:00:59:2b:21:92:c1:6e:0c:12: 62:c4:cf:e1:66:8d:7c:6c:d0:8f:6f:e8:d8:35:06:51: 27:9f:34:12:5e:a2:a2:2b:91:f4:be:c8:e7:21:9d:51: fb:c3:15:c9:ca:51:7b:f8:fd:44:eb:8f:a3:a2:d4:35: 12:5f:7c:7c:97:51:e0:c2:20:9e:17:c5:0a:47:1d:dc: 6d:d6:28:f5:74:51:41:16:ca:ec:1b:ea:c8:9f:f5:f6: 87:7f:53:93:74:6e:f4:10:57:f7:8f:28:f3:65:e3:3a Fingerprint (SHA-256): 4F:F9:45:D6:BF:50:57:2B:D6:E4:26:F2:7D:0B:18:95:2E:37:B5:D9:45:BA:5E:4D:2B:AE:EC:1B:59:AF:56:EA Fingerprint (SHA1): 85:1E:AC:7B:A2:67:E0:90:94:A7:C3:19:39:12:7F:A6:12:72:BF:4A Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1767: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1768: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171622 (0x1ee2abe6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:30 2015 Not After : Mon May 18 21:28:30 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:2c:31:3e:03:79:c9:17:63:a0:89:21:f3:a2:17:1e: 41:9c:91:da:9f:e6:6c:fc:22:8a:b4:3c:a8:c7:7f:03: 7d:8d:3b:5b:03:48:c6:07:00:cd:11:98:d0:a9:2b:45: b8:d8:59:98:27:d7:42:a4:10:4b:d8:6c:e9:4c:68:89: 4c:20:12:78:14:b8:7d:74:19:8b:d8:aa:71:9f:ac:86: 2d:6a:9a:00:ef:0c:ab:36:83:0a:7e:34:bb:ab:c4:e0: 05:d6:b4:f1:d6:22:84:bf:bc:8f:f1:a4:e2:0a:67:4c: 08:13:5d:e1:70:4f:13:da:0f:16:f6:7e:23:8c:d3:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:18:46:59:6d:0e:31:23:c0:ec:b0:76:14:0b:b1:31: c6:dd:82:69:fa:80:e3:46:dd:04:28:3f:1d:b7:7f:df: eb:dd:6c:54:d1:a8:1f:cb:b8:cf:d2:07:7a:b5:ad:d3: 52:9b:63:84:cf:53:10:9f:fb:12:ad:f7:93:e0:7e:42: d3:e0:9a:c6:25:dd:08:6c:55:55:04:81:a5:34:a6:19: 7b:22:45:11:61:d7:c3:25:42:66:ca:0f:6a:89:45:f9: e2:2c:56:ed:35:b5:7b:20:ca:5f:00:bc:27:a3:67:9f: f1:ce:7b:50:46:a7:6e:ea:c5:ff:6b:b0:31:ce:dc:0f Fingerprint (SHA-256): 98:71:46:7A:CA:4D:04:19:F8:04:05:DF:D8:3D:6D:DE:49:65:14:91:E8:7B:EE:AD:90:1E:70:CD:87:2C:DB:53 Fingerprint (SHA1): D9:BF:F9:B6:3D:2D:25:B5:FB:1A:81:50:18:0A:FA:7F:8B:DD:42:73 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1769: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1770: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1771: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1772: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1773: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171620 (0x1ee2abe4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:24 2015 Not After : Mon May 18 21:28:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:a1:a0:35:3d:57:d5:38:7d:68:c0:67:9c:4f:89:4e: 13:15:8e:45:7f:a0:3c:4f:97:61:ff:fd:b2:48:02:97: 5b:36:f4:73:71:77:bd:14:3c:53:8a:ad:fc:08:6c:4d: 1e:8a:02:a4:2d:3e:92:92:b6:5b:af:e5:a9:89:bf:3d: da:09:a0:28:6c:7f:7b:8a:1f:b4:bf:8a:fc:a8:76:8d: 2b:86:d3:95:d7:24:f1:e2:db:20:b2:16:60:5d:cd:95: c6:d3:c4:fe:84:a5:0e:29:08:26:66:7f:ca:b4:87:2e: e3:7a:34:8b:fe:5b:7a:c9:c6:eb:19:f5:ac:b0:ca:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d9:6d:08:21:d5:8a:cb:9c:7f:c5:c0:57:6d:85:85:1c: 9c:c1:77:98:7c:35:04:11:1a:28:f1:1d:07:de:40:dd: ec:b6:b7:79:f4:40:b4:9b:72:90:9b:d3:f2:d0:6c:6f: 45:3a:76:80:6b:e7:bc:71:58:be:f0:89:80:92:57:ec: 92:e4:fc:b5:36:51:c3:f4:c5:ba:00:08:27:50:e1:c8: a3:2e:9f:37:f6:53:76:e4:62:cd:89:bd:8b:90:54:dc: 6f:5f:11:35:49:37:87:9d:5b:8d:75:d2:d6:26:c1:93: cb:23:14:98:92:ec:fd:a8:f9:0a:82:2d:93:d6:3a:55 Fingerprint (SHA-256): 45:89:A8:CF:7E:C2:75:2C:B0:42:59:22:FA:B6:9D:25:AF:42:77:09:C7:B4:22:70:98:43:5B:E3:8D:4A:9A:10 Fingerprint (SHA1): D8:57:C8:3C:09:2F:FA:8F:16:12:C2:C6:94:4C:84:63:F4:D3:B3:79 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1774: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1775: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171621 (0x1ee2abe5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:27 2015 Not After : Mon May 18 21:28:27 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:49:3e:41:81:9f:0e:c5:b7:5d:5a:cc:db:1b:78:2e: 9f:4e:0b:61:40:3a:10:9c:de:99:fe:76:0f:02:ad:5a: 43:80:46:40:a2:55:af:a9:43:39:3e:ff:5c:18:ad:06: b5:90:5f:00:11:69:27:7c:bb:e8:ff:b6:34:7c:29:81: 33:9b:35:23:4d:ff:43:fb:2c:de:2d:51:e0:ee:04:30: 49:cd:46:84:8f:a4:2c:bf:78:0f:9b:0b:f7:4f:9c:4e: af:69:e8:c3:8f:32:78:af:e5:aa:84:13:0c:f8:24:62: 90:f5:40:e3:fd:83:80:48:96:b4:fd:6c:a0:cf:6d:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:1e:29:23:0b:b0:73:e6:cc:07:51:f5:95:29:3f:dc: d1:d3:ee:b7:92:31:a4:00:59:2b:21:92:c1:6e:0c:12: 62:c4:cf:e1:66:8d:7c:6c:d0:8f:6f:e8:d8:35:06:51: 27:9f:34:12:5e:a2:a2:2b:91:f4:be:c8:e7:21:9d:51: fb:c3:15:c9:ca:51:7b:f8:fd:44:eb:8f:a3:a2:d4:35: 12:5f:7c:7c:97:51:e0:c2:20:9e:17:c5:0a:47:1d:dc: 6d:d6:28:f5:74:51:41:16:ca:ec:1b:ea:c8:9f:f5:f6: 87:7f:53:93:74:6e:f4:10:57:f7:8f:28:f3:65:e3:3a Fingerprint (SHA-256): 4F:F9:45:D6:BF:50:57:2B:D6:E4:26:F2:7D:0B:18:95:2E:37:B5:D9:45:BA:5E:4D:2B:AE:EC:1B:59:AF:56:EA Fingerprint (SHA1): 85:1E:AC:7B:A2:67:E0:90:94:A7:C3:19:39:12:7F:A6:12:72:BF:4A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1776: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1777: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171622 (0x1ee2abe6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:30 2015 Not After : Mon May 18 21:28:30 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:2c:31:3e:03:79:c9:17:63:a0:89:21:f3:a2:17:1e: 41:9c:91:da:9f:e6:6c:fc:22:8a:b4:3c:a8:c7:7f:03: 7d:8d:3b:5b:03:48:c6:07:00:cd:11:98:d0:a9:2b:45: b8:d8:59:98:27:d7:42:a4:10:4b:d8:6c:e9:4c:68:89: 4c:20:12:78:14:b8:7d:74:19:8b:d8:aa:71:9f:ac:86: 2d:6a:9a:00:ef:0c:ab:36:83:0a:7e:34:bb:ab:c4:e0: 05:d6:b4:f1:d6:22:84:bf:bc:8f:f1:a4:e2:0a:67:4c: 08:13:5d:e1:70:4f:13:da:0f:16:f6:7e:23:8c:d3:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:18:46:59:6d:0e:31:23:c0:ec:b0:76:14:0b:b1:31: c6:dd:82:69:fa:80:e3:46:dd:04:28:3f:1d:b7:7f:df: eb:dd:6c:54:d1:a8:1f:cb:b8:cf:d2:07:7a:b5:ad:d3: 52:9b:63:84:cf:53:10:9f:fb:12:ad:f7:93:e0:7e:42: d3:e0:9a:c6:25:dd:08:6c:55:55:04:81:a5:34:a6:19: 7b:22:45:11:61:d7:c3:25:42:66:ca:0f:6a:89:45:f9: e2:2c:56:ed:35:b5:7b:20:ca:5f:00:bc:27:a3:67:9f: f1:ce:7b:50:46:a7:6e:ea:c5:ff:6b:b0:31:ce:dc:0f Fingerprint (SHA-256): 98:71:46:7A:CA:4D:04:19:F8:04:05:DF:D8:3D:6D:DE:49:65:14:91:E8:7B:EE:AD:90:1E:70:CD:87:2C:DB:53 Fingerprint (SHA1): D9:BF:F9:B6:3D:2D:25:B5:FB:1A:81:50:18:0A:FA:7F:8B:DD:42:73 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1778: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1779: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171620 (0x1ee2abe4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:24 2015 Not After : Mon May 18 21:28:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:a1:a0:35:3d:57:d5:38:7d:68:c0:67:9c:4f:89:4e: 13:15:8e:45:7f:a0:3c:4f:97:61:ff:fd:b2:48:02:97: 5b:36:f4:73:71:77:bd:14:3c:53:8a:ad:fc:08:6c:4d: 1e:8a:02:a4:2d:3e:92:92:b6:5b:af:e5:a9:89:bf:3d: da:09:a0:28:6c:7f:7b:8a:1f:b4:bf:8a:fc:a8:76:8d: 2b:86:d3:95:d7:24:f1:e2:db:20:b2:16:60:5d:cd:95: c6:d3:c4:fe:84:a5:0e:29:08:26:66:7f:ca:b4:87:2e: e3:7a:34:8b:fe:5b:7a:c9:c6:eb:19:f5:ac:b0:ca:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d9:6d:08:21:d5:8a:cb:9c:7f:c5:c0:57:6d:85:85:1c: 9c:c1:77:98:7c:35:04:11:1a:28:f1:1d:07:de:40:dd: ec:b6:b7:79:f4:40:b4:9b:72:90:9b:d3:f2:d0:6c:6f: 45:3a:76:80:6b:e7:bc:71:58:be:f0:89:80:92:57:ec: 92:e4:fc:b5:36:51:c3:f4:c5:ba:00:08:27:50:e1:c8: a3:2e:9f:37:f6:53:76:e4:62:cd:89:bd:8b:90:54:dc: 6f:5f:11:35:49:37:87:9d:5b:8d:75:d2:d6:26:c1:93: cb:23:14:98:92:ec:fd:a8:f9:0a:82:2d:93:d6:3a:55 Fingerprint (SHA-256): 45:89:A8:CF:7E:C2:75:2C:B0:42:59:22:FA:B6:9D:25:AF:42:77:09:C7:B4:22:70:98:43:5B:E3:8D:4A:9A:10 Fingerprint (SHA1): D8:57:C8:3C:09:2F:FA:8F:16:12:C2:C6:94:4C:84:63:F4:D3:B3:79 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1780: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171620 (0x1ee2abe4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:24 2015 Not After : Mon May 18 21:28:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:a1:a0:35:3d:57:d5:38:7d:68:c0:67:9c:4f:89:4e: 13:15:8e:45:7f:a0:3c:4f:97:61:ff:fd:b2:48:02:97: 5b:36:f4:73:71:77:bd:14:3c:53:8a:ad:fc:08:6c:4d: 1e:8a:02:a4:2d:3e:92:92:b6:5b:af:e5:a9:89:bf:3d: da:09:a0:28:6c:7f:7b:8a:1f:b4:bf:8a:fc:a8:76:8d: 2b:86:d3:95:d7:24:f1:e2:db:20:b2:16:60:5d:cd:95: c6:d3:c4:fe:84:a5:0e:29:08:26:66:7f:ca:b4:87:2e: e3:7a:34:8b:fe:5b:7a:c9:c6:eb:19:f5:ac:b0:ca:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d9:6d:08:21:d5:8a:cb:9c:7f:c5:c0:57:6d:85:85:1c: 9c:c1:77:98:7c:35:04:11:1a:28:f1:1d:07:de:40:dd: ec:b6:b7:79:f4:40:b4:9b:72:90:9b:d3:f2:d0:6c:6f: 45:3a:76:80:6b:e7:bc:71:58:be:f0:89:80:92:57:ec: 92:e4:fc:b5:36:51:c3:f4:c5:ba:00:08:27:50:e1:c8: a3:2e:9f:37:f6:53:76:e4:62:cd:89:bd:8b:90:54:dc: 6f:5f:11:35:49:37:87:9d:5b:8d:75:d2:d6:26:c1:93: cb:23:14:98:92:ec:fd:a8:f9:0a:82:2d:93:d6:3a:55 Fingerprint (SHA-256): 45:89:A8:CF:7E:C2:75:2C:B0:42:59:22:FA:B6:9D:25:AF:42:77:09:C7:B4:22:70:98:43:5B:E3:8D:4A:9A:10 Fingerprint (SHA1): D8:57:C8:3C:09:2F:FA:8F:16:12:C2:C6:94:4C:84:63:F4:D3:B3:79 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1781: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171621 (0x1ee2abe5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:27 2015 Not After : Mon May 18 21:28:27 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:49:3e:41:81:9f:0e:c5:b7:5d:5a:cc:db:1b:78:2e: 9f:4e:0b:61:40:3a:10:9c:de:99:fe:76:0f:02:ad:5a: 43:80:46:40:a2:55:af:a9:43:39:3e:ff:5c:18:ad:06: b5:90:5f:00:11:69:27:7c:bb:e8:ff:b6:34:7c:29:81: 33:9b:35:23:4d:ff:43:fb:2c:de:2d:51:e0:ee:04:30: 49:cd:46:84:8f:a4:2c:bf:78:0f:9b:0b:f7:4f:9c:4e: af:69:e8:c3:8f:32:78:af:e5:aa:84:13:0c:f8:24:62: 90:f5:40:e3:fd:83:80:48:96:b4:fd:6c:a0:cf:6d:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:1e:29:23:0b:b0:73:e6:cc:07:51:f5:95:29:3f:dc: d1:d3:ee:b7:92:31:a4:00:59:2b:21:92:c1:6e:0c:12: 62:c4:cf:e1:66:8d:7c:6c:d0:8f:6f:e8:d8:35:06:51: 27:9f:34:12:5e:a2:a2:2b:91:f4:be:c8:e7:21:9d:51: fb:c3:15:c9:ca:51:7b:f8:fd:44:eb:8f:a3:a2:d4:35: 12:5f:7c:7c:97:51:e0:c2:20:9e:17:c5:0a:47:1d:dc: 6d:d6:28:f5:74:51:41:16:ca:ec:1b:ea:c8:9f:f5:f6: 87:7f:53:93:74:6e:f4:10:57:f7:8f:28:f3:65:e3:3a Fingerprint (SHA-256): 4F:F9:45:D6:BF:50:57:2B:D6:E4:26:F2:7D:0B:18:95:2E:37:B5:D9:45:BA:5E:4D:2B:AE:EC:1B:59:AF:56:EA Fingerprint (SHA1): 85:1E:AC:7B:A2:67:E0:90:94:A7:C3:19:39:12:7F:A6:12:72:BF:4A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1782: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171621 (0x1ee2abe5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:28:27 2015 Not After : Mon May 18 21:28:27 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:49:3e:41:81:9f:0e:c5:b7:5d:5a:cc:db:1b:78:2e: 9f:4e:0b:61:40:3a:10:9c:de:99:fe:76:0f:02:ad:5a: 43:80:46:40:a2:55:af:a9:43:39:3e:ff:5c:18:ad:06: b5:90:5f:00:11:69:27:7c:bb:e8:ff:b6:34:7c:29:81: 33:9b:35:23:4d:ff:43:fb:2c:de:2d:51:e0:ee:04:30: 49:cd:46:84:8f:a4:2c:bf:78:0f:9b:0b:f7:4f:9c:4e: af:69:e8:c3:8f:32:78:af:e5:aa:84:13:0c:f8:24:62: 90:f5:40:e3:fd:83:80:48:96:b4:fd:6c:a0:cf:6d:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:1e:29:23:0b:b0:73:e6:cc:07:51:f5:95:29:3f:dc: d1:d3:ee:b7:92:31:a4:00:59:2b:21:92:c1:6e:0c:12: 62:c4:cf:e1:66:8d:7c:6c:d0:8f:6f:e8:d8:35:06:51: 27:9f:34:12:5e:a2:a2:2b:91:f4:be:c8:e7:21:9d:51: fb:c3:15:c9:ca:51:7b:f8:fd:44:eb:8f:a3:a2:d4:35: 12:5f:7c:7c:97:51:e0:c2:20:9e:17:c5:0a:47:1d:dc: 6d:d6:28:f5:74:51:41:16:ca:ec:1b:ea:c8:9f:f5:f6: 87:7f:53:93:74:6e:f4:10:57:f7:8f:28:f3:65:e3:3a Fingerprint (SHA-256): 4F:F9:45:D6:BF:50:57:2B:D6:E4:26:F2:7D:0B:18:95:2E:37:B5:D9:45:BA:5E:4D:2B:AE:EC:1B:59:AF:56:EA Fingerprint (SHA1): 85:1E:AC:7B:A2:67:E0:90:94:A7:C3:19:39:12:7F:A6:12:72:BF:4A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1783: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171622 (0x1ee2abe6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:30 2015 Not After : Mon May 18 21:28:30 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:2c:31:3e:03:79:c9:17:63:a0:89:21:f3:a2:17:1e: 41:9c:91:da:9f:e6:6c:fc:22:8a:b4:3c:a8:c7:7f:03: 7d:8d:3b:5b:03:48:c6:07:00:cd:11:98:d0:a9:2b:45: b8:d8:59:98:27:d7:42:a4:10:4b:d8:6c:e9:4c:68:89: 4c:20:12:78:14:b8:7d:74:19:8b:d8:aa:71:9f:ac:86: 2d:6a:9a:00:ef:0c:ab:36:83:0a:7e:34:bb:ab:c4:e0: 05:d6:b4:f1:d6:22:84:bf:bc:8f:f1:a4:e2:0a:67:4c: 08:13:5d:e1:70:4f:13:da:0f:16:f6:7e:23:8c:d3:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:18:46:59:6d:0e:31:23:c0:ec:b0:76:14:0b:b1:31: c6:dd:82:69:fa:80:e3:46:dd:04:28:3f:1d:b7:7f:df: eb:dd:6c:54:d1:a8:1f:cb:b8:cf:d2:07:7a:b5:ad:d3: 52:9b:63:84:cf:53:10:9f:fb:12:ad:f7:93:e0:7e:42: d3:e0:9a:c6:25:dd:08:6c:55:55:04:81:a5:34:a6:19: 7b:22:45:11:61:d7:c3:25:42:66:ca:0f:6a:89:45:f9: e2:2c:56:ed:35:b5:7b:20:ca:5f:00:bc:27:a3:67:9f: f1:ce:7b:50:46:a7:6e:ea:c5:ff:6b:b0:31:ce:dc:0f Fingerprint (SHA-256): 98:71:46:7A:CA:4D:04:19:F8:04:05:DF:D8:3D:6D:DE:49:65:14:91:E8:7B:EE:AD:90:1E:70:CD:87:2C:DB:53 Fingerprint (SHA1): D9:BF:F9:B6:3D:2D:25:B5:FB:1A:81:50:18:0A:FA:7F:8B:DD:42:73 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1784: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171622 (0x1ee2abe6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:28:30 2015 Not After : Mon May 18 21:28:30 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:2c:31:3e:03:79:c9:17:63:a0:89:21:f3:a2:17:1e: 41:9c:91:da:9f:e6:6c:fc:22:8a:b4:3c:a8:c7:7f:03: 7d:8d:3b:5b:03:48:c6:07:00:cd:11:98:d0:a9:2b:45: b8:d8:59:98:27:d7:42:a4:10:4b:d8:6c:e9:4c:68:89: 4c:20:12:78:14:b8:7d:74:19:8b:d8:aa:71:9f:ac:86: 2d:6a:9a:00:ef:0c:ab:36:83:0a:7e:34:bb:ab:c4:e0: 05:d6:b4:f1:d6:22:84:bf:bc:8f:f1:a4:e2:0a:67:4c: 08:13:5d:e1:70:4f:13:da:0f:16:f6:7e:23:8c:d3:53 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:18:46:59:6d:0e:31:23:c0:ec:b0:76:14:0b:b1:31: c6:dd:82:69:fa:80:e3:46:dd:04:28:3f:1d:b7:7f:df: eb:dd:6c:54:d1:a8:1f:cb:b8:cf:d2:07:7a:b5:ad:d3: 52:9b:63:84:cf:53:10:9f:fb:12:ad:f7:93:e0:7e:42: d3:e0:9a:c6:25:dd:08:6c:55:55:04:81:a5:34:a6:19: 7b:22:45:11:61:d7:c3:25:42:66:ca:0f:6a:89:45:f9: e2:2c:56:ed:35:b5:7b:20:ca:5f:00:bc:27:a3:67:9f: f1:ce:7b:50:46:a7:6e:ea:c5:ff:6b:b0:31:ce:dc:0f Fingerprint (SHA-256): 98:71:46:7A:CA:4D:04:19:F8:04:05:DF:D8:3D:6D:DE:49:65:14:91:E8:7B:EE:AD:90:1E:70:CD:87:2C:DB:53 Fingerprint (SHA1): D9:BF:F9:B6:3D:2D:25:B5:FB:1A:81:50:18:0A:FA:7F:8B:DD:42:73 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1785: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1786: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171625 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1787: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1788: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1789: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1790: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171626 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1791: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1792: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1793: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1794: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171627 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1795: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1796: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1797: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1798: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518171628 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1799: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1800: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1801: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1802: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518171629 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1803: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1804: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1805: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1806: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518171630 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1807: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1808: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #1809: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1810: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518171631 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1811: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1812: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1813: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1814: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1815: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1816: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1817: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171625 (0x1ee2abe9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:28:53 2015 Not After : Mon May 18 21:28:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:69:94:16:ed:79:20:ca:54:60:45:d9:28:ef:3f:40: 09:36:c4:cf:12:d6:7a:0d:af:89:75:0f:6a:25:ee:51: 9f:cb:c5:b2:2b:14:ed:7c:93:a6:7d:7d:5b:47:93:1f: dc:25:01:de:1a:46:c3:b9:5d:26:7f:27:46:e3:82:16: e0:76:4c:3e:c5:9a:7f:f0:70:82:9e:74:87:b7:28:15: 7f:c7:27:f4:7c:6a:21:85:f4:43:1f:2a:84:46:33:85: b2:1f:7a:53:2c:7e:3f:a2:a5:53:67:62:f3:7b:6c:1c: f3:08:91:04:bd:f0:04:55:31:aa:55:41:4f:05:55:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:31:25:c4:6e:72:01:a5:e9:ac:81:2c:ce:33:b2:49: f6:00:33:2b:8b:fc:a2:e7:33:ee:a8:c4:75:b5:b7:59: a2:9f:2f:3c:94:01:f0:37:3b:c9:40:74:7b:52:ac:57: e4:51:1d:7e:b9:c4:a1:2c:4e:f0:31:75:11:4c:82:0c: 3d:ed:bd:fb:1c:5d:e4:5d:aa:d4:ad:ae:77:58:55:cd: 6b:fe:c0:43:a3:04:86:fc:2f:d8:7e:05:5b:c6:13:41: a0:a3:8c:25:77:fd:20:d0:d2:a8:29:69:37:e3:ef:0f: 47:db:1b:9b:59:bf:f3:3c:8e:86:cc:21:ef:a6:fa:69 Fingerprint (SHA-256): 6E:90:92:E5:DB:C5:09:96:96:DC:8B:D4:AB:35:3C:B0:90:06:27:C4:52:AB:F0:B8:A7:03:A8:A1:9A:B1:01:67 Fingerprint (SHA1): 5A:05:FA:85:6A:F1:E6:53:DD:E5:42:AB:52:40:D9:EB:76:5B:E0:C1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1818: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1819: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1820: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1821: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171625 (0x1ee2abe9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:28:53 2015 Not After : Mon May 18 21:28:53 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:69:94:16:ed:79:20:ca:54:60:45:d9:28:ef:3f:40: 09:36:c4:cf:12:d6:7a:0d:af:89:75:0f:6a:25:ee:51: 9f:cb:c5:b2:2b:14:ed:7c:93:a6:7d:7d:5b:47:93:1f: dc:25:01:de:1a:46:c3:b9:5d:26:7f:27:46:e3:82:16: e0:76:4c:3e:c5:9a:7f:f0:70:82:9e:74:87:b7:28:15: 7f:c7:27:f4:7c:6a:21:85:f4:43:1f:2a:84:46:33:85: b2:1f:7a:53:2c:7e:3f:a2:a5:53:67:62:f3:7b:6c:1c: f3:08:91:04:bd:f0:04:55:31:aa:55:41:4f:05:55:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:31:25:c4:6e:72:01:a5:e9:ac:81:2c:ce:33:b2:49: f6:00:33:2b:8b:fc:a2:e7:33:ee:a8:c4:75:b5:b7:59: a2:9f:2f:3c:94:01:f0:37:3b:c9:40:74:7b:52:ac:57: e4:51:1d:7e:b9:c4:a1:2c:4e:f0:31:75:11:4c:82:0c: 3d:ed:bd:fb:1c:5d:e4:5d:aa:d4:ad:ae:77:58:55:cd: 6b:fe:c0:43:a3:04:86:fc:2f:d8:7e:05:5b:c6:13:41: a0:a3:8c:25:77:fd:20:d0:d2:a8:29:69:37:e3:ef:0f: 47:db:1b:9b:59:bf:f3:3c:8e:86:cc:21:ef:a6:fa:69 Fingerprint (SHA-256): 6E:90:92:E5:DB:C5:09:96:96:DC:8B:D4:AB:35:3C:B0:90:06:27:C4:52:AB:F0:B8:A7:03:A8:A1:9A:B1:01:67 Fingerprint (SHA1): 5A:05:FA:85:6A:F1:E6:53:DD:E5:42:AB:52:40:D9:EB:76:5B:E0:C1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1822: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1823: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1824: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171632 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1825: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1826: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1827: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1828: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171633 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1829: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1830: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1831: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1832: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518171634 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1833: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1834: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1835: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1836: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518171635 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1837: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1838: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1839: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1840: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518171636 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1841: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1842: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1843: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1844: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518171637 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1845: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1846: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1847: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1848: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518171638 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1849: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1850: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1851: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1852: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518171639 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1853: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1854: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1855: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1856: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518171640 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1857: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1858: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1859: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1860: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518171641 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1861: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1862: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1863: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1864: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518171642 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1865: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1866: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1867: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1868: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518171643 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1869: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1870: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1871: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1872: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518171644 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1873: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1874: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1875: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1876: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518171645 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1877: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1878: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1879: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1880: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518171646 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1881: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1882: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1883: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1884: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518171647 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1885: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1886: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1887: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1888: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518171648 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1889: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1890: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1891: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1892: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518171649 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1893: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1894: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1895: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1896: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518171650 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1897: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1898: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1899: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1900: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518171651 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1901: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1902: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1903: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1904: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518171652 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1905: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1906: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1907: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1908: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518171653 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1909: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1910: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1911: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1912: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518171654 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1913: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1914: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1915: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1916: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518171655 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1917: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1918: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1919: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1920: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518171656 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1921: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1922: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1923: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1924: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518171657 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1925: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1926: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1927: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1928: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518171658 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1929: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1930: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1931: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1932: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518171659 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1933: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1934: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1935: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1936: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518171660 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1937: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1938: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1939: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1940: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518171661 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1941: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1942: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1943: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1944: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1945: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1946: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1947: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1948: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1949: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1950: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1951: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1952: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1953: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1954: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1955: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1956: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1957: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1958: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1959: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1960: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1961: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1962: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1963: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1964: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1965: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171632 (0x1ee2abf0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:29:24 2015 Not After : Mon May 18 21:29:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:08:84:c3:a1:f9:49:e7:6f:94:3e:b4:d8:4a:32:d1: 2c:46:d8:32:76:f6:8c:89:69:30:7b:3e:77:cd:2b:aa: 81:7c:c4:47:f9:be:6a:4b:40:9e:98:90:e7:1a:aa:c4: c0:88:9b:ad:d0:f0:87:5b:85:0b:de:a9:d4:1d:fa:c5: 65:ef:1d:df:56:8e:fc:dd:34:8a:96:6b:68:13:01:5e: 7c:29:f9:6a:7a:77:7e:04:6a:ff:9b:7e:e8:ae:ae:1e: 3a:c3:01:5d:d8:67:30:9c:32:16:7a:c0:64:50:58:07: 8c:14:f5:28:17:9a:94:1c:06:b8:0a:1a:8c:97:5a:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f4:b9:80:44:1b:bf:18:0a:16:bc:25:aa:1a:8e:29: 73:af:71:b7:ee:8d:08:27:0e:75:4a:76:db:43:63:ed: 1d:cf:e6:17:2f:fc:10:75:b0:d6:4a:c5:95:ba:92:76: 0c:da:8b:7b:51:b2:ae:fa:80:b2:d6:3b:bc:93:59:dc: 90:70:0b:ab:32:66:8d:93:97:56:3b:af:14:76:4b:2d: f6:5d:1f:9c:1c:57:74:88:15:51:e3:b4:d8:52:65:eb: 8e:6f:6f:91:12:ad:08:d0:ca:3b:a1:b8:5c:e5:da:13: 77:10:6a:7a:db:ea:61:d0:6b:71:d9:65:22:8c:d4:a2 Fingerprint (SHA-256): 19:2E:CF:23:1A:0F:1C:37:B4:46:9A:18:FD:9B:2D:66:1A:EF:03:E3:58:E2:A5:10:28:87:A0:A8:10:DE:76:A9 Fingerprint (SHA1): 95:59:5E:BE:28:D8:30:E8:61:A4:DC:B1:BE:6C:7E:0D:05:CB:CD:0E Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1966: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1967: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1968: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171662 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1969: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1970: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1971: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1972: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518171663 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1973: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1974: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1975: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1976: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518171664 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1977: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1978: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1979: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1980: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518171665 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1981: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1982: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1983: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1984: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518171666 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1985: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1986: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1987: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1988: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518171667 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1989: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1990: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1991: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1992: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518171668 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1993: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1994: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1995: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171662 (0x1ee2ac0e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:31:18 2015 Not After : Mon May 18 21:31:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:87:0c:3f:7c:8f:22:25:8d:9b:de:98:4e:57:19:b7: 0a:85:7a:0e:30:5b:de:42:ba:cd:ab:5a:f2:7b:e7:36: 61:b4:1e:57:a7:71:2c:29:4c:bc:e3:a6:4a:b2:91:33: 0d:25:dd:1d:69:06:cb:a7:fa:a4:2e:8a:b0:c8:2f:78: 28:f5:e5:55:e5:06:75:48:87:3c:af:d3:11:07:82:8c: 2b:e7:9a:7b:d7:3e:cd:f6:a6:f9:de:41:f4:fd:76:8c: f7:da:22:d8:8a:c9:67:2b:01:06:0b:33:7b:a4:bb:0f: 4e:04:8b:da:ce:04:46:0f:42:7c:22:6f:5a:97:bd:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:c5:28:e5:1e:ba:43:f6:de:76:e9:b1:a7:96:82:60: 05:47:e1:ef:90:3e:44:41:dc:21:dd:1a:ee:ca:8e:85: da:78:b0:b6:f8:74:74:f1:6a:82:2e:76:25:bf:cc:99: 39:5f:5d:57:87:c4:94:65:28:63:56:95:63:15:00:34: 5d:ac:ed:04:e0:c6:e8:1a:22:3d:7b:f7:89:10:ef:1d: c6:c9:3d:de:9a:54:a0:1b:23:b7:a5:bf:0f:1f:75:bb: b4:4a:68:8c:e2:be:f3:eb:b7:7f:9c:f0:40:37:1d:33: ac:1f:2e:a5:2b:bb:7b:9b:17:fe:56:6e:1b:ae:47:41 Fingerprint (SHA-256): 51:B8:CB:11:E6:AD:4B:F3:3B:39:9E:01:A1:EC:95:1F:30:DF:4A:FA:36:BB:D1:58:30:60:73:D4:B9:CF:73:80 Fingerprint (SHA1): 54:6D:F7:F1:31:60:FB:76:FE:9A:4C:A0:85:22:55:29:83:DE:96:F0 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1996: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1997: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1998: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1999: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171662 (0x1ee2ac0e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:31:18 2015 Not After : Mon May 18 21:31:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:87:0c:3f:7c:8f:22:25:8d:9b:de:98:4e:57:19:b7: 0a:85:7a:0e:30:5b:de:42:ba:cd:ab:5a:f2:7b:e7:36: 61:b4:1e:57:a7:71:2c:29:4c:bc:e3:a6:4a:b2:91:33: 0d:25:dd:1d:69:06:cb:a7:fa:a4:2e:8a:b0:c8:2f:78: 28:f5:e5:55:e5:06:75:48:87:3c:af:d3:11:07:82:8c: 2b:e7:9a:7b:d7:3e:cd:f6:a6:f9:de:41:f4:fd:76:8c: f7:da:22:d8:8a:c9:67:2b:01:06:0b:33:7b:a4:bb:0f: 4e:04:8b:da:ce:04:46:0f:42:7c:22:6f:5a:97:bd:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:c5:28:e5:1e:ba:43:f6:de:76:e9:b1:a7:96:82:60: 05:47:e1:ef:90:3e:44:41:dc:21:dd:1a:ee:ca:8e:85: da:78:b0:b6:f8:74:74:f1:6a:82:2e:76:25:bf:cc:99: 39:5f:5d:57:87:c4:94:65:28:63:56:95:63:15:00:34: 5d:ac:ed:04:e0:c6:e8:1a:22:3d:7b:f7:89:10:ef:1d: c6:c9:3d:de:9a:54:a0:1b:23:b7:a5:bf:0f:1f:75:bb: b4:4a:68:8c:e2:be:f3:eb:b7:7f:9c:f0:40:37:1d:33: ac:1f:2e:a5:2b:bb:7b:9b:17:fe:56:6e:1b:ae:47:41 Fingerprint (SHA-256): 51:B8:CB:11:E6:AD:4B:F3:3B:39:9E:01:A1:EC:95:1F:30:DF:4A:FA:36:BB:D1:58:30:60:73:D4:B9:CF:73:80 Fingerprint (SHA1): 54:6D:F7:F1:31:60:FB:76:FE:9A:4C:A0:85:22:55:29:83:DE:96:F0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #2000: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2001: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2002: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2003: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171669 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2004: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2005: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2006: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2007: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171670 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2008: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2009: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2010: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2011: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171671 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2012: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2013: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2014: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2015: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171672 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2016: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2017: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2018: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2019: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2020: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2021: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171669 (0x1ee2ac15) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:31:47 2015 Not After : Mon May 18 21:31:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:c0:1f:8f:5d:b9:4f:ef:92:07:f7:c8:59:98:d5:fd: be:7e:5e:fd:eb:44:d1:d6:7b:4e:ba:17:a5:4a:58:f9: 78:49:4c:3a:47:76:80:3f:0c:08:60:03:66:f9:b3:48: 44:34:93:8b:ce:8b:e2:e8:59:dc:f4:67:84:82:35:1d: 7f:03:30:32:f9:81:f1:9b:23:71:9a:19:18:2f:23:58: ee:48:60:1b:15:6c:aa:f0:9d:af:d5:07:1c:40:35:89: 5a:13:99:df:96:7b:e9:31:1b:02:aa:c2:4e:a7:2a:2a: b7:a2:b3:66:13:3f:90:32:28:37:ca:16:b7:c9:60:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9f:f4:ef:80:4d:90:f7:79:dc:84:39:89:06:33:e0:cf: 48:bf:c7:2a:1f:6e:e8:20:19:03:cc:66:33:b3:f4:55: f5:24:4d:e5:d1:07:c9:43:70:49:59:7d:3b:53:e4:3e: 10:a0:74:ad:dc:01:73:20:80:2a:fc:d1:4c:19:98:02: f0:db:30:4f:70:8a:cc:f2:10:84:d0:be:05:3a:47:c0: 1d:ff:39:aa:31:a2:e9:55:88:b3:de:d4:ec:b5:c1:08: 75:ff:19:0b:78:90:23:1c:24:ee:f8:54:48:a7:01:24: de:8a:6b:4d:33:cf:1c:0b:d8:5a:c3:bf:b5:05:f1:62 Fingerprint (SHA-256): C3:01:02:38:5B:FC:5D:01:99:D6:7C:8E:4D:98:0A:EC:A8:4C:8A:AA:D5:C8:4B:20:24:47:EB:7C:EC:78:67:B7 Fingerprint (SHA1): E1:1D:94:C7:41:6E:87:12:4A:60:85:0E:AB:DF:69:3C:91:72:4A:A7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2022: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2023: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2024: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171670 (0x1ee2ac16) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:31:49 2015 Not After : Mon May 18 21:31:49 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:1f:11:19:ed:82:14:22:01:fb:7f:97:b5:ee:6e:a1: 60:93:1d:cc:53:8e:13:3f:b1:ae:5d:98:07:16:ae:9a: 1d:29:e4:5d:8d:59:1d:22:73:c3:a6:3a:59:75:57:f7: 06:2b:77:87:85:2d:6f:da:e1:46:a2:5c:df:03:a7:3c: 4e:1f:34:a9:65:d6:ac:11:a5:31:c4:c2:a9:aa:4c:b0: ab:29:b3:cb:93:62:52:b1:c0:11:a3:e5:91:bf:b3:b4: 71:67:6f:37:86:82:36:c6:9f:67:39:5f:49:69:34:77: 24:15:2b:0b:62:93:b6:e6:b3:fa:29:1f:75:81:fb:8b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 45:6e:59:8a:02:a1:c3:46:8b:91:05:79:22:94:22:d2: 32:cf:b4:a0:86:95:63:ff:2c:40:e5:2a:da:82:db:30: ea:3f:e9:bb:f7:3b:c1:b0:f0:1b:b8:2f:39:60:b5:62: bc:d8:ed:b6:ec:2f:a2:d5:62:37:5d:09:dd:0c:54:2f: ad:84:f2:be:f4:6b:b9:b4:1d:b9:6e:92:36:63:87:e9: 31:29:7f:b0:13:04:25:d0:ed:95:bd:ab:ac:b6:eb:98: 02:d1:91:21:d9:0f:45:d8:3b:34:77:0c:cf:79:f9:86: 8c:ca:dd:f9:ee:c9:7e:f9:1b:5f:86:af:cd:1b:44:22 Fingerprint (SHA-256): 96:A0:03:63:63:8C:D1:61:9B:62:A6:AA:AC:3A:95:2C:EE:25:35:82:83:EF:93:C7:9E:CF:0F:5D:2E:F9:25:2F Fingerprint (SHA1): 8F:D7:1B:C0:54:44:BD:29:5D:BE:20:06:F0:9B:23:48:70:DE:7D:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2025: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2026: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171671 (0x1ee2ac17) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:31:54 2015 Not After : Mon May 18 21:31:54 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:9c:ae:36:98:22:80:79:6d:ee:a2:ce:a3:df:03:9d: f4:82:db:22:37:a3:ea:8e:9b:6f:67:ab:e5:dd:3a:4a: 6f:00:d0:1a:ad:2e:16:b1:2d:ab:94:40:00:7c:d9:c0: 0b:1c:1f:b5:cc:07:d1:2f:2f:a9:55:27:8a:2a:99:f9: 94:7e:ce:b5:bf:8b:26:86:cf:d7:58:94:b5:bf:be:89: bc:83:ee:61:f9:e3:01:e3:43:8f:9d:13:b6:7b:3b:c0: 4f:ed:cc:e5:34:3f:5b:c9:cb:34:a3:0f:9e:fc:a5:38: 4a:5c:c5:68:12:45:49:90:49:e7:77:f8:39:9c:bc:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 08:98:5e:cd:cb:3f:47:0a:05:ef:75:0e:d6:04:dd:0a: b6:22:17:17:08:58:39:b7:1c:f6:d0:39:c3:c6:05:bc: da:1e:dc:dd:67:c2:b0:1b:bc:51:4c:d1:f2:cd:3f:a3: 66:9e:6f:d6:9f:ce:b8:67:66:46:32:77:c1:c8:ea:f3: 9c:f5:3e:37:21:e9:ba:8d:21:45:ae:97:4d:a8:1b:f7: 08:b8:f1:44:14:bb:86:3e:ed:39:07:c6:08:cf:dd:32: 40:81:60:d1:3c:f9:ef:e8:b6:c4:d7:73:6e:68:df:5a: fc:49:7c:35:55:47:d4:ca:95:33:53:f8:46:6d:b3:2a Fingerprint (SHA-256): F0:F8:CE:A4:27:F4:3E:73:E9:01:D8:BA:06:FF:FD:13:F3:58:9B:20:85:20:2B:10:B6:CF:66:09:9F:DF:1B:73 Fingerprint (SHA1): B3:D1:75:97:CB:8A:83:30:86:2E:A4:85:67:B9:A6:7D:17:76:99:B7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #2027: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2028: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171673 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2029: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2030: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2031: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2032: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171674 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2033: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2034: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2035: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2036: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171675 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2037: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2038: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2039: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2040: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518171676 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2041: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2042: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2043: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2044: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518171677 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2045: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2046: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2047: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2048: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2049: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2050: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #2051: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171673 (0x1ee2ac19) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:32:06 2015 Not After : Mon May 18 21:32:06 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:42:cf:b1:ec:c6:5b:76:74:d9:7e:54:15:dc:44:a6: 18:21:60:be:31:b0:8b:91:6c:b8:9d:17:91:f7:64:a6: 91:50:d7:eb:50:bf:b8:a9:c4:ae:28:ae:8c:93:27:d0: 39:e9:bc:db:08:57:d0:74:e7:3a:a9:ea:6b:39:af:22: 38:f5:8a:84:e3:9c:4a:d0:3d:d5:c6:5a:9a:2a:71:ff: 84:3b:b4:6c:bd:c2:19:7d:29:31:cb:26:ba:57:5f:ab: e0:11:d4:de:04:c9:27:55:c2:40:78:1f:2d:48:fe:d4: 73:24:c5:e9:45:b1:7c:b1:1e:62:d1:a5:2c:08:b2:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5b:79:3b:e9:16:c8:13:6b:66:d3:39:18:f2:f6:f3:1c: b7:14:d4:b7:44:04:78:ce:42:77:9c:bf:93:ab:be:cb: 2c:c4:72:6f:72:57:9e:0b:5e:c8:2d:05:30:65:9a:4f: 1c:d8:b2:62:9c:28:15:9a:29:42:17:bf:0a:d1:be:3a: 05:fa:57:04:9a:1a:40:92:13:6b:f0:4e:cd:6f:c6:4b: 21:83:f8:2c:51:3b:d1:b7:8d:ed:19:69:96:52:22:da: bf:1b:f6:b9:37:32:8c:f5:28:7b:ea:b4:40:52:57:18: 47:ed:fd:43:fe:7c:34:6d:52:7f:3a:df:af:b0:55:a9 Fingerprint (SHA-256): E5:6A:5F:2D:C0:5C:F3:00:16:5B:CF:D1:C9:73:CB:1C:B3:DA:C7:F0:78:25:AF:25:49:C8:1F:E6:E4:A4:17:AC Fingerprint (SHA1): D6:E6:8E:6A:04:4D:6E:8A:95:D3:7A:11:08:B3:39:A7:10:67:9C:D8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2052: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2053: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171674 (0x1ee2ac1a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:32:10 2015 Not After : Mon May 18 21:32:10 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:16:17:34:e3:18:ff:e9:90:a1:75:f1:1b:ae:0c:7b: 18:48:5f:34:af:1a:5e:f7:ab:ef:9b:52:fc:6a:83:ca: 7d:39:ea:e7:1a:aa:e0:2c:7a:fc:0d:e3:05:5f:39:3b: ee:0d:e0:8a:78:0c:f5:4e:0a:76:07:5d:08:34:5d:51: ec:f0:87:ec:06:39:6c:2b:2e:7a:59:af:ae:bb:6f:ef: 27:96:20:7b:65:f8:aa:82:21:13:96:83:70:ce:6c:c2: 45:b2:c1:29:86:78:8c:af:9e:15:fd:f5:85:92:7b:41: 00:f1:5f:1a:f5:02:0f:a3:15:bd:ca:2d:dc:bf:27:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3e:31:f9:81:22:10:f8:e8:ff:7d:44:71:bf:9e:29:c6: ad:1b:f8:29:e2:b3:e4:96:a6:0e:87:80:04:39:39:41: 84:5c:a4:38:c2:21:d8:1b:18:5e:75:d0:d6:67:62:6b: 6e:ce:d6:13:dc:6f:bf:a0:da:86:07:06:e7:45:01:bc: 45:79:45:53:18:87:b3:4e:e4:33:fa:78:57:dd:75:36: af:53:e5:4c:bf:05:e1:d1:69:bd:c4:da:87:30:9d:ff: f6:02:57:ff:03:49:26:e1:01:33:32:09:66:c8:84:0a: ba:1b:e5:8c:07:d5:32:4d:3d:01:fe:85:95:20:10:2e Fingerprint (SHA-256): D7:E6:2D:49:D4:AC:63:2B:C8:C6:C8:B4:D3:66:6F:15:7B:18:1B:15:70:8E:35:79:19:33:59:69:C6:A8:0A:A4 Fingerprint (SHA1): 8D:19:F2:E4:18:7E:E1:0C:CE:43:1C:05:51:E8:95:A6:F6:3D:1A:F9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2054: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2055: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2056: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171675 (0x1ee2ac1b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:32:13 2015 Not After : Mon May 18 21:32:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 95:7d:e0:a8:ce:dd:2d:04:f3:ac:81:e3:5b:2d:2e:41: bd:1c:4f:00:42:0a:13:be:92:f5:f2:f4:1b:2a:10:a5: 23:43:fc:5e:37:8f:82:f6:3d:58:4b:5a:37:42:67:56: 18:bc:05:0d:77:fe:b4:63:f9:f8:b3:73:6d:d5:e8:2a: ab:d0:f8:68:0f:b4:5b:81:0c:2c:ba:cc:c1:2f:32:7e: 34:31:2f:04:0b:d6:ca:88:ee:c1:c8:d9:d3:04:0a:e3: d1:c8:ad:e2:6e:fb:50:79:d2:50:b3:ba:68:9e:78:f2: 68:a0:a5:18:e7:8c:28:a1:bc:6b:76:0f:51:3e:ff:57 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0a:cc:92:a3:76:60:85:c8:f5:d6:f5:4a:7e:e3:62:12: 8f:74:d2:b4:07:f1:7b:45:ff:af:12:59:dd:92:f5:7a: 15:40:ae:98:2c:c8:89:9b:73:59:db:87:ed:4d:a1:e7: e9:cd:3a:98:0d:bd:08:41:c7:34:b1:e7:f2:45:ce:c6: ce:56:bb:a1:60:be:4f:db:fc:56:f7:9a:30:95:8e:8f: 54:94:82:c3:2e:26:3b:fd:bc:a5:3b:16:01:19:6e:4b: 1a:a8:e9:b0:72:ca:c1:8c:9a:3a:c5:f9:df:f3:3f:82: 3d:bd:98:89:3c:f5:45:9c:0e:83:08:0e:45:99:5f:41 Fingerprint (SHA-256): A0:7D:4E:2F:25:8B:7B:3E:8B:4C:76:7D:DB:E6:32:3F:A5:4E:16:46:A7:0C:D3:00:46:79:FD:4F:E1:FA:5D:E7 Fingerprint (SHA1): D9:AA:18:3A:66:BC:72:90:46:69:5F:0D:78:4B:32:95:F0:BA:7E:4B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2057: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2058: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171678 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2059: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2060: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2061: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2062: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171679 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2063: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2064: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2065: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2066: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171680 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518171457.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2067: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2068: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2069: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2070: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518171681 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2071: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2072: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #2073: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171678 (0x1ee2ac1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:32:30 2015 Not After : Mon May 18 21:32:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:54:da:6b:b5:b7:d8:35:b4:7f:43:0b:c5:a4:ab:cf: 6d:88:c9:93:60:44:f5:3f:d6:47:4b:2a:9c:25:99:3d: 16:23:62:b8:58:8a:2d:fa:fe:fd:44:30:09:dc:ff:b7: 91:2b:c5:4c:a7:15:85:06:7a:4a:32:18:cd:77:4c:c6: b8:90:17:03:90:bd:a8:58:cc:c1:ce:be:cb:9a:74:6e: 86:9d:89:df:77:26:af:16:4c:89:aa:02:d8:2c:b5:2e: 58:6e:30:46:7d:4c:0d:5b:26:eb:96:54:7f:67:f9:e1: b8:b9:e2:72:42:98:fb:28:f7:5e:d9:7f:ab:09:a4:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:6c:26:61:da:4b:f1:72:43:ce:89:d6:8d:a8:78:ae: be:48:da:cb:36:eb:66:87:bd:dc:55:67:96:35:2f:7c: 8f:0f:cf:6b:63:70:e8:cd:6c:48:60:e2:f2:fd:0f:7d: e1:8e:fc:33:5a:47:08:16:e7:f8:e8:9d:78:32:81:5a: b1:eb:59:e3:ab:0b:70:1f:7c:f2:4a:b6:bb:da:c7:ca: 5b:b1:09:6a:29:11:91:d0:1d:2c:e0:7c:cd:7d:f5:61: dd:be:d8:5c:b2:a4:8d:f0:84:98:f1:c0:13:eb:9e:9f: 48:02:bb:18:95:50:81:37:e3:e2:7d:21:f8:24:5c:73 Fingerprint (SHA-256): C8:DA:BF:33:C2:9A:3E:4F:C4:EA:EF:B7:E3:7D:95:44:76:FD:2F:C4:45:18:F3:E3:FF:1D:6A:32:EB:AB:1D:0A Fingerprint (SHA1): 35:EF:42:1B:7E:4F:C6:70:02:0B:A2:50:E8:96:E7:2E:50:C7:30:39 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2074: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2075: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171682 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2076: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2077: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2078: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171683 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2079: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2080: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2081: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2082: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171684 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2083: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2084: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171685 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2085: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2086: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2087: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2088: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2089: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171686 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518171458.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2090: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2091: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2092: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2093: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171687 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2094: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2095: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2096: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2097: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171683 (0x1ee2ac23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:32:45 2015 Not After : Mon May 18 21:32:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:6f:8b:f4:7a:31:bc:eb:23:7a:f8:f3:b4:51:3e:fa: 6b:aa:cf:e0:6d:7d:5b:78:cd:74:29:83:0f:8f:f8:ab: f2:dd:55:56:4c:8c:99:c0:f5:85:86:7b:7a:0b:b2:5d: 32:2d:84:64:77:10:7a:7c:91:02:d4:cd:bb:68:4c:ec: 0c:a8:0d:43:19:26:15:fd:d7:b3:78:cd:00:1f:d6:84: c6:fb:90:88:c2:97:c2:2e:8d:be:5c:ff:fd:17:ec:33: 01:5d:d7:54:1c:28:10:d5:9e:0b:2d:7b:1c:89:6a:ff: 63:11:a9:bd:66:01:8b:fb:05:07:ac:0d:91:e3:35:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:90:6e:14:44:cd:f4:b5:04:af:4c:f1:02:f1:49:7c: 4a:4f:f8:d0:d7:78:e5:08:e3:be:b1:ab:43:20:2c:e8: 4c:ed:3b:cb:7d:d0:13:ce:91:8c:eb:c6:dc:8e:b8:69: a0:38:5b:42:b3:ba:54:6c:94:fc:4f:78:be:26:31:19: c1:57:13:c4:e5:eb:ff:0e:5e:85:70:a5:f5:f9:dc:d1: 88:ad:83:3f:92:f5:0c:7a:c9:9e:2c:e1:1f:97:37:12: 71:9e:6f:f4:3f:43:bd:c3:4f:bd:f5:6e:29:dd:d8:5c: d3:77:39:69:f2:92:b3:a0:34:76:86:47:96:4c:3f:43 Fingerprint (SHA-256): BF:A2:BC:A0:C7:19:40:F7:DA:47:E1:AB:13:90:3C:9F:89:E3:1A:8A:2C:59:1C:34:EB:15:CE:65:6F:6F:A2:16 Fingerprint (SHA1): 27:D6:AA:88:84:60:98:B8:CF:07:AC:29:06:39:3B:91:13:C3:6F:EF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2098: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171683 (0x1ee2ac23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:32:45 2015 Not After : Mon May 18 21:32:45 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:6f:8b:f4:7a:31:bc:eb:23:7a:f8:f3:b4:51:3e:fa: 6b:aa:cf:e0:6d:7d:5b:78:cd:74:29:83:0f:8f:f8:ab: f2:dd:55:56:4c:8c:99:c0:f5:85:86:7b:7a:0b:b2:5d: 32:2d:84:64:77:10:7a:7c:91:02:d4:cd:bb:68:4c:ec: 0c:a8:0d:43:19:26:15:fd:d7:b3:78:cd:00:1f:d6:84: c6:fb:90:88:c2:97:c2:2e:8d:be:5c:ff:fd:17:ec:33: 01:5d:d7:54:1c:28:10:d5:9e:0b:2d:7b:1c:89:6a:ff: 63:11:a9:bd:66:01:8b:fb:05:07:ac:0d:91:e3:35:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:90:6e:14:44:cd:f4:b5:04:af:4c:f1:02:f1:49:7c: 4a:4f:f8:d0:d7:78:e5:08:e3:be:b1:ab:43:20:2c:e8: 4c:ed:3b:cb:7d:d0:13:ce:91:8c:eb:c6:dc:8e:b8:69: a0:38:5b:42:b3:ba:54:6c:94:fc:4f:78:be:26:31:19: c1:57:13:c4:e5:eb:ff:0e:5e:85:70:a5:f5:f9:dc:d1: 88:ad:83:3f:92:f5:0c:7a:c9:9e:2c:e1:1f:97:37:12: 71:9e:6f:f4:3f:43:bd:c3:4f:bd:f5:6e:29:dd:d8:5c: d3:77:39:69:f2:92:b3:a0:34:76:86:47:96:4c:3f:43 Fingerprint (SHA-256): BF:A2:BC:A0:C7:19:40:F7:DA:47:E1:AB:13:90:3C:9F:89:E3:1A:8A:2C:59:1C:34:EB:15:CE:65:6F:6F:A2:16 Fingerprint (SHA1): 27:D6:AA:88:84:60:98:B8:CF:07:AC:29:06:39:3B:91:13:C3:6F:EF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2099: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2100: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171688 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2101: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2102: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2103: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171689 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2104: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2105: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2106: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2107: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518171690 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2108: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2109: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518171691 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2110: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2111: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2112: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2113: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2114: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171692 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518171459.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2115: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2116: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2117: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2118: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171693 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2119: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2120: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2121: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2122: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518171694 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518171460.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2123: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2124: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2125: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2126: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171695 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2127: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2128: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2129: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2130: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171689 (0x1ee2ac29) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:33:06 2015 Not After : Mon May 18 21:33:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:6c:02:d2:0a:d7:79:02:f4:96:2b:c9:ba:e3:6f:b9: 0f:de:ec:2c:a6:08:03:f3:2f:ee:60:cb:77:f5:1b:23: 42:4d:ca:f5:a6:53:72:79:03:11:c7:27:2e:ef:9d:71: ee:3d:2c:b8:b1:24:02:85:c7:c1:c5:c5:d2:fc:0b:92: e5:19:34:42:77:2c:d9:d6:31:23:71:e3:44:9c:c4:58: 59:10:83:99:e0:4b:91:1e:af:d6:3d:89:60:44:72:90: a1:7c:b3:69:13:bc:ef:01:bb:01:ea:cc:aa:68:ed:a9: a7:fc:50:eb:85:d2:2e:9c:89:94:12:2e:99:20:0b:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:32:24:65:48:1b:43:0f:a0:99:dc:d8:9d:f4:3c:03: 30:7c:8c:48:4b:07:06:f4:10:53:79:89:97:19:18:a9: 11:7d:a0:fc:df:6d:e0:eb:97:ae:4e:7b:be:fe:bb:28: 73:df:83:7e:cc:61:5c:dd:8a:8d:23:52:3d:9f:3f:bb: 03:cc:18:aa:c5:b1:59:41:5a:69:0e:60:78:6c:a6:05: b7:83:15:7b:4e:ff:4c:43:8b:aa:7f:45:a0:74:3b:59: 06:da:b6:b8:0e:4c:92:78:28:9b:4d:af:6f:20:eb:ad: 4c:57:2f:1b:5a:61:0b:4d:d1:35:dc:eb:b1:72:bc:34 Fingerprint (SHA-256): EC:A0:0B:D3:00:E5:6F:AD:69:83:FA:23:E1:84:F3:35:9C:76:D3:34:4A:16:DA:02:B1:2D:81:8A:2D:C0:8E:01 Fingerprint (SHA1): 58:89:65:39:CD:B0:FA:F9:3D:20:92:68:D0:9F:BC:4B:99:98:DC:3C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2131: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171689 (0x1ee2ac29) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:33:06 2015 Not After : Mon May 18 21:33:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:6c:02:d2:0a:d7:79:02:f4:96:2b:c9:ba:e3:6f:b9: 0f:de:ec:2c:a6:08:03:f3:2f:ee:60:cb:77:f5:1b:23: 42:4d:ca:f5:a6:53:72:79:03:11:c7:27:2e:ef:9d:71: ee:3d:2c:b8:b1:24:02:85:c7:c1:c5:c5:d2:fc:0b:92: e5:19:34:42:77:2c:d9:d6:31:23:71:e3:44:9c:c4:58: 59:10:83:99:e0:4b:91:1e:af:d6:3d:89:60:44:72:90: a1:7c:b3:69:13:bc:ef:01:bb:01:ea:cc:aa:68:ed:a9: a7:fc:50:eb:85:d2:2e:9c:89:94:12:2e:99:20:0b:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:32:24:65:48:1b:43:0f:a0:99:dc:d8:9d:f4:3c:03: 30:7c:8c:48:4b:07:06:f4:10:53:79:89:97:19:18:a9: 11:7d:a0:fc:df:6d:e0:eb:97:ae:4e:7b:be:fe:bb:28: 73:df:83:7e:cc:61:5c:dd:8a:8d:23:52:3d:9f:3f:bb: 03:cc:18:aa:c5:b1:59:41:5a:69:0e:60:78:6c:a6:05: b7:83:15:7b:4e:ff:4c:43:8b:aa:7f:45:a0:74:3b:59: 06:da:b6:b8:0e:4c:92:78:28:9b:4d:af:6f:20:eb:ad: 4c:57:2f:1b:5a:61:0b:4d:d1:35:dc:eb:b1:72:bc:34 Fingerprint (SHA-256): EC:A0:0B:D3:00:E5:6F:AD:69:83:FA:23:E1:84:F3:35:9C:76:D3:34:4A:16:DA:02:B1:2D:81:8A:2D:C0:8E:01 Fingerprint (SHA1): 58:89:65:39:CD:B0:FA:F9:3D:20:92:68:D0:9F:BC:4B:99:98:DC:3C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2132: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #2133: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171688 (0x1ee2ac28) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:33:02 2015 Not After : Mon May 18 21:33:02 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:34:4b:26:0e:8f:0e:a8:83:fc:a6:14:18:8c:28:30: ee:49:29:28:3f:96:59:90:ae:e3:47:c8:8a:c2:d6:f0: a9:4f:4e:61:2a:cf:9e:50:ad:06:67:e8:d6:e0:af:cf: 12:1c:83:44:dd:7f:22:e3:06:72:bd:ee:3f:3a:de:44: 41:07:37:6c:e2:75:33:13:3c:2b:d5:16:84:43:88:a0: 01:1a:43:dc:40:0d:5b:ad:2d:ca:2b:02:88:09:db:5c: 89:d9:0b:fc:94:32:75:f9:d9:e3:b6:6a:8e:32:65:62: f9:b8:bf:27:d7:6e:8f:be:b9:35:d7:4a:c9:4a:8d:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:29:1c:a0:08:b0:17:73:ca:c3:55:18:80:4a:87:5f: b1:b5:15:42:8f:d0:4b:11:bc:f1:2b:9c:ae:91:ed:65: aa:92:c3:63:2f:2f:33:d9:5c:83:e5:b4:f0:58:39:61: 41:01:eb:5f:ff:28:ea:c0:51:a9:74:06:39:c3:33:e5: ca:f1:5f:0e:b1:6e:fc:62:f1:8c:2a:9c:39:56:26:ad: c2:2a:de:a0:e5:df:93:59:ce:47:b0:47:18:9a:e4:4b: 18:61:d3:6b:34:66:c2:24:53:3d:e0:2b:97:9f:5a:31: b7:dd:12:8d:73:86:9a:e5:e0:a6:5b:3e:c3:8f:53:7d Fingerprint (SHA-256): 1E:74:E5:9A:BC:6F:BC:25:9D:F8:0F:77:46:CE:D0:42:BF:54:09:6E:EF:7B:FC:83:C7:52:DC:AC:1F:33:77:F7 Fingerprint (SHA1): 4E:A5:3D:AD:64:9C:1B:5F:5C:26:B6:4A:BB:D7:36:1B:63:09:FA:FB Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2134: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171689 (0x1ee2ac29) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:33:06 2015 Not After : Mon May 18 21:33:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:6c:02:d2:0a:d7:79:02:f4:96:2b:c9:ba:e3:6f:b9: 0f:de:ec:2c:a6:08:03:f3:2f:ee:60:cb:77:f5:1b:23: 42:4d:ca:f5:a6:53:72:79:03:11:c7:27:2e:ef:9d:71: ee:3d:2c:b8:b1:24:02:85:c7:c1:c5:c5:d2:fc:0b:92: e5:19:34:42:77:2c:d9:d6:31:23:71:e3:44:9c:c4:58: 59:10:83:99:e0:4b:91:1e:af:d6:3d:89:60:44:72:90: a1:7c:b3:69:13:bc:ef:01:bb:01:ea:cc:aa:68:ed:a9: a7:fc:50:eb:85:d2:2e:9c:89:94:12:2e:99:20:0b:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:32:24:65:48:1b:43:0f:a0:99:dc:d8:9d:f4:3c:03: 30:7c:8c:48:4b:07:06:f4:10:53:79:89:97:19:18:a9: 11:7d:a0:fc:df:6d:e0:eb:97:ae:4e:7b:be:fe:bb:28: 73:df:83:7e:cc:61:5c:dd:8a:8d:23:52:3d:9f:3f:bb: 03:cc:18:aa:c5:b1:59:41:5a:69:0e:60:78:6c:a6:05: b7:83:15:7b:4e:ff:4c:43:8b:aa:7f:45:a0:74:3b:59: 06:da:b6:b8:0e:4c:92:78:28:9b:4d:af:6f:20:eb:ad: 4c:57:2f:1b:5a:61:0b:4d:d1:35:dc:eb:b1:72:bc:34 Fingerprint (SHA-256): EC:A0:0B:D3:00:E5:6F:AD:69:83:FA:23:E1:84:F3:35:9C:76:D3:34:4A:16:DA:02:B1:2D:81:8A:2D:C0:8E:01 Fingerprint (SHA1): 58:89:65:39:CD:B0:FA:F9:3D:20:92:68:D0:9F:BC:4B:99:98:DC:3C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2135: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171689 (0x1ee2ac29) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:33:06 2015 Not After : Mon May 18 21:33:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:6c:02:d2:0a:d7:79:02:f4:96:2b:c9:ba:e3:6f:b9: 0f:de:ec:2c:a6:08:03:f3:2f:ee:60:cb:77:f5:1b:23: 42:4d:ca:f5:a6:53:72:79:03:11:c7:27:2e:ef:9d:71: ee:3d:2c:b8:b1:24:02:85:c7:c1:c5:c5:d2:fc:0b:92: e5:19:34:42:77:2c:d9:d6:31:23:71:e3:44:9c:c4:58: 59:10:83:99:e0:4b:91:1e:af:d6:3d:89:60:44:72:90: a1:7c:b3:69:13:bc:ef:01:bb:01:ea:cc:aa:68:ed:a9: a7:fc:50:eb:85:d2:2e:9c:89:94:12:2e:99:20:0b:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:32:24:65:48:1b:43:0f:a0:99:dc:d8:9d:f4:3c:03: 30:7c:8c:48:4b:07:06:f4:10:53:79:89:97:19:18:a9: 11:7d:a0:fc:df:6d:e0:eb:97:ae:4e:7b:be:fe:bb:28: 73:df:83:7e:cc:61:5c:dd:8a:8d:23:52:3d:9f:3f:bb: 03:cc:18:aa:c5:b1:59:41:5a:69:0e:60:78:6c:a6:05: b7:83:15:7b:4e:ff:4c:43:8b:aa:7f:45:a0:74:3b:59: 06:da:b6:b8:0e:4c:92:78:28:9b:4d:af:6f:20:eb:ad: 4c:57:2f:1b:5a:61:0b:4d:d1:35:dc:eb:b1:72:bc:34 Fingerprint (SHA-256): EC:A0:0B:D3:00:E5:6F:AD:69:83:FA:23:E1:84:F3:35:9C:76:D3:34:4A:16:DA:02:B1:2D:81:8A:2D:C0:8E:01 Fingerprint (SHA1): 58:89:65:39:CD:B0:FA:F9:3D:20:92:68:D0:9F:BC:4B:99:98:DC:3C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2136: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2137: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171696 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2138: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2139: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2140: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171697 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2141: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2142: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #2143: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2144: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518171698 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2145: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2146: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #2147: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2148: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518171699 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2149: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2150: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2151: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2152: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518171700 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2153: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2154: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518171701 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2155: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2156: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #2157: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2158: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2159: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518171702 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2160: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2161: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2162: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2163: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518171703 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2164: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2165: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2166: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2167: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171704 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2168: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2169: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2170: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2171: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171705 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2172: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2173: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2174: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171696 (0x1ee2ac30) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:33:37 2015 Not After : Mon May 18 21:33:37 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:a7:a0:93:95:e8:e6:03:f6:7a:22:fc:4d:7b:09:b6: e5:70:46:f4:89:17:bb:27:bc:cc:82:79:b2:27:0a:9f: 70:61:16:e1:fc:1c:5f:c1:12:95:31:16:0e:0b:b3:92: de:15:6c:b5:8f:53:2b:a5:31:1e:36:08:ef:35:44:17: d5:6f:6b:58:1f:d2:2a:94:06:4a:75:f5:19:79:0e:5a: 20:be:00:76:fc:53:61:ba:86:73:51:8f:24:b0:c4:b3: b5:00:f4:3c:ac:e6:69:3b:b5:38:28:74:32:79:5d:cd: bf:06:0b:4e:53:b2:3e:41:ea:f3:50:85:d1:59:c2:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:fb:88:0e:cd:ae:58:2d:a4:71:6d:59:9f:5e:62:6e: 88:d1:7b:4b:77:f5:e8:08:ac:87:0b:6e:c4:1a:91:f3: b9:62:7d:8b:5d:69:38:2f:4d:f5:fd:99:6c:db:d4:51: fd:bd:38:b2:9a:20:02:25:b6:ba:19:28:40:7a:2d:cf: 37:ef:8e:34:bf:2b:2f:43:66:75:95:2b:06:e1:40:4f: 8e:09:0b:14:c8:de:67:47:4a:73:79:42:12:30:2a:f1: 94:db:b5:64:35:1a:b1:5e:aa:b9:1e:56:53:f4:c7:83: 95:e3:2e:f5:f1:f8:76:7e:ce:c9:90:1f:28:dd:c7:59 Fingerprint (SHA-256): 53:9C:C4:D7:B1:B8:BC:37:07:A3:F8:C3:2C:C4:2A:30:86:6E:CC:DB:A5:FC:0D:0D:9A:2A:62:24:BB:2B:1D:7F Fingerprint (SHA1): 91:8D:AD:D1:07:AA:90:8C:77:DB:E7:6C:A6:4A:FB:16:D6:3F:75:F2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #2175: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2176: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2177: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2178: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2179: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2180: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2181: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2182: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2183: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171697 (0x1ee2ac31) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:33:40 2015 Not After : Mon May 18 21:33:40 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ec:6f:bd:b8:6d:c3:6f:ef:99:ac:3d:3c:6f:73:da:4d: 07:88:7c:71:6e:7c:53:05:bd:99:3d:51:9f:dc:fc:cd: 7d:82:b2:6f:5d:bc:c0:b7:a8:cb:ba:78:c9:4f:97:95: 5b:49:3e:f7:42:74:ab:be:2c:6c:07:fd:2e:e1:e4:10: 1f:80:42:0a:4d:0c:9f:d3:72:e8:a1:26:a4:91:d6:8d: 2d:1f:12:6a:97:46:1b:46:a4:3a:f6:82:b2:77:18:cb: a4:4a:8f:c2:2a:7a:23:f1:65:4b:4b:4b:f2:7c:52:68: 5f:90:90:c9:61:a0:67:b4:28:00:57:55:31:94:f9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e2:e8:96:4e:b8:50:ea:da:3e:ac:d0:ad:2f:31:f5:f6: b1:a5:75:7d:fb:3f:0c:af:10:17:ca:c9:17:45:ea:fc: 38:c6:ca:ff:61:b1:65:c7:bd:d9:e9:ae:35:e2:a5:d9: 51:cd:a6:be:6d:8d:df:04:04:39:d5:8f:1f:70:f6:d0: 3e:40:05:44:28:a0:42:31:1d:e1:73:ea:98:35:6d:30: 15:5d:56:be:66:ce:9f:ce:fc:b5:d0:24:89:85:d0:84: d7:64:2f:b9:28:65:26:b5:e9:cb:6e:a3:c0:7d:81:42: c6:c3:3b:cb:83:ce:11:30:08:cf:1f:69:cf:53:ef:3f Fingerprint (SHA-256): 82:90:FB:A0:F2:25:0B:A3:CE:54:03:5B:A2:C0:75:35:CF:24:6F:8D:1E:D0:D8:58:79:72:B1:CD:26:51:4C:23 Fingerprint (SHA1): 95:E5:B2:E6:40:80:F2:4A:E2:E6:8F:FB:09:BA:A7:CE:EE:D9:CF:D6 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #2184: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2185: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2186: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2187: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2188: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2189: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2190: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #2191: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #2192: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #2193: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #2194: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #2195: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #2196: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #2197: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2198: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2199: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2200: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2201: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2202: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171706 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2203: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2204: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2205: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2206: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518171707 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2207: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2208: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2209: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2210: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518171708 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2211: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2212: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2213: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2214: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518171709 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2215: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2216: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2217: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2218: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518171710 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2219: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2220: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2221: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2222: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518171711 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2223: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2224: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #2225: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2226: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518171712 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2227: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2228: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #2229: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2230: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518171713 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2231: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2232: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #2233: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2234: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518171714 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2235: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2236: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2237: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171706 (0x1ee2ac3a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:23 2015 Not After : Mon May 18 21:34:23 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 4c:10:3b:ab:76:cc:48:c8:df:a4:b8:f0:0b:2f:22:7f: c6:bf:5f:39:9e:ab:29:d4:97:1e:77:98:7d:74:69:81: 6d:4a:2b:83:42:36:d3:a1:4b:c2:77:83:6d:13:2d:72: 9c:29:88:cf:2c:33:e1:1e:16:4f:59:61:81:2b:d6:df: 3e:1b:6e:86:2a:41:06:93:e7:ec:d6:e3:8b:44:2b:54: c1:5f:c3:8c:6f:74:0f:95:24:4e:a7:cf:36:c4:29:99: 44:79:ed:b0:de:63:19:3a:9d:26:d6:a1:77:5b:c2:68: 35:27:14:ad:03:70:12:62:ef:d6:8d:67:cd:30:22:e1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:26:19:7e:6b:10:5a:35:4d:24:85:87:5b: 0c:87:04:ac:cc:86:06:db:02:15:00:aa:10:80:75:6b: 04:54:c0:19:38:df:9c:bf:e4:41:84:b3:f3:bb:f5 Fingerprint (SHA-256): 9C:BF:BB:D8:55:F5:8A:EA:FB:19:73:77:C2:25:CA:96:56:A6:4D:BC:24:54:E0:00:07:A9:5A:C6:EA:1C:74:E8 Fingerprint (SHA1): 4B:37:AB:1F:02:BD:3A:ED:21:F0:E8:31:D1:E9:A3:75:9D:D5:CF:AC Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2238: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171706 (0x1ee2ac3a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:23 2015 Not After : Mon May 18 21:34:23 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 4c:10:3b:ab:76:cc:48:c8:df:a4:b8:f0:0b:2f:22:7f: c6:bf:5f:39:9e:ab:29:d4:97:1e:77:98:7d:74:69:81: 6d:4a:2b:83:42:36:d3:a1:4b:c2:77:83:6d:13:2d:72: 9c:29:88:cf:2c:33:e1:1e:16:4f:59:61:81:2b:d6:df: 3e:1b:6e:86:2a:41:06:93:e7:ec:d6:e3:8b:44:2b:54: c1:5f:c3:8c:6f:74:0f:95:24:4e:a7:cf:36:c4:29:99: 44:79:ed:b0:de:63:19:3a:9d:26:d6:a1:77:5b:c2:68: 35:27:14:ad:03:70:12:62:ef:d6:8d:67:cd:30:22:e1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:26:19:7e:6b:10:5a:35:4d:24:85:87:5b: 0c:87:04:ac:cc:86:06:db:02:15:00:aa:10:80:75:6b: 04:54:c0:19:38:df:9c:bf:e4:41:84:b3:f3:bb:f5 Fingerprint (SHA-256): 9C:BF:BB:D8:55:F5:8A:EA:FB:19:73:77:C2:25:CA:96:56:A6:4D:BC:24:54:E0:00:07:A9:5A:C6:EA:1C:74:E8 Fingerprint (SHA1): 4B:37:AB:1F:02:BD:3A:ED:21:F0:E8:31:D1:E9:A3:75:9D:D5:CF:AC Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2239: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171706 (0x1ee2ac3a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:23 2015 Not After : Mon May 18 21:34:23 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 4c:10:3b:ab:76:cc:48:c8:df:a4:b8:f0:0b:2f:22:7f: c6:bf:5f:39:9e:ab:29:d4:97:1e:77:98:7d:74:69:81: 6d:4a:2b:83:42:36:d3:a1:4b:c2:77:83:6d:13:2d:72: 9c:29:88:cf:2c:33:e1:1e:16:4f:59:61:81:2b:d6:df: 3e:1b:6e:86:2a:41:06:93:e7:ec:d6:e3:8b:44:2b:54: c1:5f:c3:8c:6f:74:0f:95:24:4e:a7:cf:36:c4:29:99: 44:79:ed:b0:de:63:19:3a:9d:26:d6:a1:77:5b:c2:68: 35:27:14:ad:03:70:12:62:ef:d6:8d:67:cd:30:22:e1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:26:19:7e:6b:10:5a:35:4d:24:85:87:5b: 0c:87:04:ac:cc:86:06:db:02:15:00:aa:10:80:75:6b: 04:54:c0:19:38:df:9c:bf:e4:41:84:b3:f3:bb:f5 Fingerprint (SHA-256): 9C:BF:BB:D8:55:F5:8A:EA:FB:19:73:77:C2:25:CA:96:56:A6:4D:BC:24:54:E0:00:07:A9:5A:C6:EA:1C:74:E8 Fingerprint (SHA1): 4B:37:AB:1F:02:BD:3A:ED:21:F0:E8:31:D1:E9:A3:75:9D:D5:CF:AC Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2240: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171706 (0x1ee2ac3a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:23 2015 Not After : Mon May 18 21:34:23 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 4c:10:3b:ab:76:cc:48:c8:df:a4:b8:f0:0b:2f:22:7f: c6:bf:5f:39:9e:ab:29:d4:97:1e:77:98:7d:74:69:81: 6d:4a:2b:83:42:36:d3:a1:4b:c2:77:83:6d:13:2d:72: 9c:29:88:cf:2c:33:e1:1e:16:4f:59:61:81:2b:d6:df: 3e:1b:6e:86:2a:41:06:93:e7:ec:d6:e3:8b:44:2b:54: c1:5f:c3:8c:6f:74:0f:95:24:4e:a7:cf:36:c4:29:99: 44:79:ed:b0:de:63:19:3a:9d:26:d6:a1:77:5b:c2:68: 35:27:14:ad:03:70:12:62:ef:d6:8d:67:cd:30:22:e1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:26:19:7e:6b:10:5a:35:4d:24:85:87:5b: 0c:87:04:ac:cc:86:06:db:02:15:00:aa:10:80:75:6b: 04:54:c0:19:38:df:9c:bf:e4:41:84:b3:f3:bb:f5 Fingerprint (SHA-256): 9C:BF:BB:D8:55:F5:8A:EA:FB:19:73:77:C2:25:CA:96:56:A6:4D:BC:24:54:E0:00:07:A9:5A:C6:EA:1C:74:E8 Fingerprint (SHA1): 4B:37:AB:1F:02:BD:3A:ED:21:F0:E8:31:D1:E9:A3:75:9D:D5:CF:AC Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #2241: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2242: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2243: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2244: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2245: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2246: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2247: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2248: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2249: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2250: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2251: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2252: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2253: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2254: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2255: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2256: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #2257: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2258: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2259: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2260: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2261: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2262: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2263: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2264: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2265: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2266: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2267: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2268: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518213512Z nextupdate=20160518213512Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:35:12 2015 Next Update: Wed May 18 21:35:12 2016 CRL Extensions: chains.sh: #2269: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518213512Z nextupdate=20160518213512Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:35:12 2015 Next Update: Wed May 18 21:35:12 2016 CRL Extensions: chains.sh: #2270: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518213513Z nextupdate=20160518213513Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:35:13 2015 Next Update: Wed May 18 21:35:13 2016 CRL Extensions: chains.sh: #2271: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518213514Z nextupdate=20160518213514Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:35:14 2015 Next Update: Wed May 18 21:35:14 2016 CRL Extensions: chains.sh: #2272: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518213515Z addcert 14 20150518213515Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:35:15 2015 Next Update: Wed May 18 21:35:13 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 21:35:15 2015 CRL Extensions: chains.sh: #2273: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518213516Z addcert 15 20150518213516Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:35:16 2015 Next Update: Wed May 18 21:35:12 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 21:35:16 2015 CRL Extensions: chains.sh: #2274: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2275: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2276: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2277: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #2278: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #2279: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #2280: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #2281: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #2282: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #2283: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:53 2015 Not After : Mon May 18 21:34:53 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:bc:62:5c:a2:a6:08:e4:d0:8c:12:5c:94:55:7d:c7: df:b1:73:e2:97:af:0e:5c:54:8d:8e:c1:c0:62:75:9c: a0:28:2b:83:ac:cd:e6:b1:20:27:8b:d9:61:84:cd:52: c5:1c:68:e5:71:ae:42:7b:55:41:ad:83:7b:c4:34:d9: 64:cf:bd:2c:e4:d7:45:e8:77:e3:63:ad:1c:fb:9f:83: 34:b2:05:50:c0:f5:d2:81:86:d6:13:6b:28:7b:22:c2: 52:b1:ab:91:8e:07:fd:67:58:e2:74:72:46:ad:b3:3e: fd:e7:39:87:ad:0d:d2:16:3a:51:9c:18:b5:92:64:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:6a:6b:19:3a:22:91:7f:ee:13:e9:02:7d:29:87:57: 15:47:93:12:3f:8d:c8:06:9e:4c:4b:1c:3a:da:1d:eb: a9:cc:1d:f7:59:3a:0b:9e:7b:fe:fb:d5:3e:fc:74:fd: ea:c9:08:cc:53:67:11:69:40:99:0e:7b:a4:56:09:f8: e8:44:88:e7:1c:9e:92:18:6c:8c:de:e1:dd:ed:d8:bf: c8:94:75:7c:62:6d:c9:72:dc:e7:2d:ea:ae:ff:b1:ca: 8d:f8:6f:aa:9b:3e:ab:db:fb:0d:bb:be:38:f8:fc:cc: 81:c5:36:25:ec:7f:77:3a:a8:41:cf:5f:ac:27:50:b6 Fingerprint (SHA-256): 18:9F:87:55:DB:C2:D6:0E:D1:DA:B4:E3:A9:84:07:2F:6C:BE:42:BC:3E:C7:3F:FF:B0:01:A5:C1:81:C0:43:D0 Fingerprint (SHA1): 72:C4:1B:CB:B0:AD:F5:6E:90:BC:E8:4A:2C:FC:1D:E9:E3:44:DC:78 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2284: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2285: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:34:53 2015 Not After : Mon May 18 21:34:53 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:bc:62:5c:a2:a6:08:e4:d0:8c:12:5c:94:55:7d:c7: df:b1:73:e2:97:af:0e:5c:54:8d:8e:c1:c0:62:75:9c: a0:28:2b:83:ac:cd:e6:b1:20:27:8b:d9:61:84:cd:52: c5:1c:68:e5:71:ae:42:7b:55:41:ad:83:7b:c4:34:d9: 64:cf:bd:2c:e4:d7:45:e8:77:e3:63:ad:1c:fb:9f:83: 34:b2:05:50:c0:f5:d2:81:86:d6:13:6b:28:7b:22:c2: 52:b1:ab:91:8e:07:fd:67:58:e2:74:72:46:ad:b3:3e: fd:e7:39:87:ad:0d:d2:16:3a:51:9c:18:b5:92:64:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:6a:6b:19:3a:22:91:7f:ee:13:e9:02:7d:29:87:57: 15:47:93:12:3f:8d:c8:06:9e:4c:4b:1c:3a:da:1d:eb: a9:cc:1d:f7:59:3a:0b:9e:7b:fe:fb:d5:3e:fc:74:fd: ea:c9:08:cc:53:67:11:69:40:99:0e:7b:a4:56:09:f8: e8:44:88:e7:1c:9e:92:18:6c:8c:de:e1:dd:ed:d8:bf: c8:94:75:7c:62:6d:c9:72:dc:e7:2d:ea:ae:ff:b1:ca: 8d:f8:6f:aa:9b:3e:ab:db:fb:0d:bb:be:38:f8:fc:cc: 81:c5:36:25:ec:7f:77:3a:a8:41:cf:5f:ac:27:50:b6 Fingerprint (SHA-256): 18:9F:87:55:DB:C2:D6:0E:D1:DA:B4:E3:A9:84:07:2F:6C:BE:42:BC:3E:C7:3F:FF:B0:01:A5:C1:81:C0:43:D0 Fingerprint (SHA1): 72:C4:1B:CB:B0:AD:F5:6E:90:BC:E8:4A:2C:FC:1D:E9:E3:44:DC:78 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2286: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2287: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2288: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171715 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2289: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2290: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2291: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2292: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518171716 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2293: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2294: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2295: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171487.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2296: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171461.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2297: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2298: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2299: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171487.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2300: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518171717 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2301: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2302: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2303: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171487.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2304: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171462.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2305: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2306: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2307: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2308: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518171718 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2309: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2310: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2311: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171487.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2312: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171463.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2313: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2314: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2315: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518171487.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2316: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518171464.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2317: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2318: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518213549Z nextupdate=20160518213549Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:35:49 2015 Next Update: Wed May 18 21:35:49 2016 CRL Extensions: chains.sh: #2319: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518213550Z nextupdate=20160518213550Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:35:50 2015 Next Update: Wed May 18 21:35:50 2016 CRL Extensions: chains.sh: #2320: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518213550Z nextupdate=20160518213550Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:35:50 2015 Next Update: Wed May 18 21:35:50 2016 CRL Extensions: chains.sh: #2321: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518213551Z nextupdate=20160518213551Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:35:51 2015 Next Update: Wed May 18 21:35:51 2016 CRL Extensions: chains.sh: #2322: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518213552Z addcert 20 20150518213552Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:35:52 2015 Next Update: Wed May 18 21:35:50 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:35:52 2015 CRL Extensions: chains.sh: #2323: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518213553Z addcert 40 20150518213553Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:35:53 2015 Next Update: Wed May 18 21:35:50 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:35:52 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 21:35:53 2015 CRL Extensions: chains.sh: #2324: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2325: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2326: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2327: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171715 (0x1ee2ac43) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:35:26 2015 Not After : Mon May 18 21:35:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:00:6b:58:08:00:0a:39:20:3f:6d:e1:58:8a:4c:49: 25:a4:d0:03:7b:c5:10:86:78:67:20:dc:84:32:3e:e2: d4:73:9a:c8:2e:b0:75:e3:83:fe:40:13:82:68:73:80: 47:3d:15:be:9f:c6:11:18:ef:25:f5:5d:35:e4:30:62: f6:cf:cc:4b:39:5a:2b:79:be:f0:2b:92:81:3f:63:fd: 8b:21:c4:8f:2d:5a:ec:59:f6:70:b0:dc:37:d1:f8:df: 72:8e:42:f7:35:96:51:78:99:1d:1b:25:be:3b:ae:29: 3f:98:e1:8a:ca:cb:31:99:b5:6b:45:1b:36:02:00:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:23:c7:7a:a1:63:50:b5:ba:0a:96:62:57:15:fe:2d: a7:36:87:ce:f3:9a:d2:68:e0:32:1c:43:db:d0:6f:09: 11:7d:f3:79:79:f5:af:44:8b:57:d2:5a:bd:da:e2:57: f1:8a:71:a0:f0:42:94:f8:4d:ee:32:8c:d9:79:3c:a3: 4e:28:82:e0:15:ff:90:cb:71:fc:47:e8:36:a1:72:c9: 6c:17:ad:6b:72:ec:cb:06:75:94:df:36:16:9a:d3:70: 47:a9:c6:33:af:69:69:fc:37:1e:93:1e:6d:78:25:cf: 2a:3b:da:7a:94:b9:28:5b:31:2d:28:63:07:b9:b3:e3 Fingerprint (SHA-256): 59:87:F4:1E:B5:CB:D3:C7:F6:3C:2A:A7:B6:21:0A:CB:43:69:FC:C2:CE:21:BF:E5:62:41:CC:25:80:0A:D2:03 Fingerprint (SHA1): E2:13:74:CB:F8:38:1C:48:6A:E3:14:18:2A:97:40:4C:44:8D:BD:B4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2328: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2329: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171715 (0x1ee2ac43) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:35:26 2015 Not After : Mon May 18 21:35:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:00:6b:58:08:00:0a:39:20:3f:6d:e1:58:8a:4c:49: 25:a4:d0:03:7b:c5:10:86:78:67:20:dc:84:32:3e:e2: d4:73:9a:c8:2e:b0:75:e3:83:fe:40:13:82:68:73:80: 47:3d:15:be:9f:c6:11:18:ef:25:f5:5d:35:e4:30:62: f6:cf:cc:4b:39:5a:2b:79:be:f0:2b:92:81:3f:63:fd: 8b:21:c4:8f:2d:5a:ec:59:f6:70:b0:dc:37:d1:f8:df: 72:8e:42:f7:35:96:51:78:99:1d:1b:25:be:3b:ae:29: 3f:98:e1:8a:ca:cb:31:99:b5:6b:45:1b:36:02:00:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:23:c7:7a:a1:63:50:b5:ba:0a:96:62:57:15:fe:2d: a7:36:87:ce:f3:9a:d2:68:e0:32:1c:43:db:d0:6f:09: 11:7d:f3:79:79:f5:af:44:8b:57:d2:5a:bd:da:e2:57: f1:8a:71:a0:f0:42:94:f8:4d:ee:32:8c:d9:79:3c:a3: 4e:28:82:e0:15:ff:90:cb:71:fc:47:e8:36:a1:72:c9: 6c:17:ad:6b:72:ec:cb:06:75:94:df:36:16:9a:d3:70: 47:a9:c6:33:af:69:69:fc:37:1e:93:1e:6d:78:25:cf: 2a:3b:da:7a:94:b9:28:5b:31:2d:28:63:07:b9:b3:e3 Fingerprint (SHA-256): 59:87:F4:1E:B5:CB:D3:C7:F6:3C:2A:A7:B6:21:0A:CB:43:69:FC:C2:CE:21:BF:E5:62:41:CC:25:80:0A:D2:03 Fingerprint (SHA1): E2:13:74:CB:F8:38:1C:48:6A:E3:14:18:2A:97:40:4C:44:8D:BD:B4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2330: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2331: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #2332: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171719 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2333: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #2334: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2335: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2336: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518171720 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2337: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2338: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2339: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2340: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518171721 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2341: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2342: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2343: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2344: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518171722 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2345: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2346: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #2347: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 518171723 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2348: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #2349: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #2350: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2351: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518171724 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2352: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2353: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2354: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2355: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518171725 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2356: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2357: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #2358: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #2359: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #2360: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171719 (0x1ee2ac47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:36:00 2015 Not After : Mon May 18 21:36:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:90:a7:54:e8:8a:1d:84:c7:a3:52:08:1f:1c:65:52: 73:7a:86:06:c9:84:c1:65:15:c2:b9:f3:e5:76:a0:e7: 7f:27:e2:fc:6c:4e:00:40:43:72:e8:47:42:57:8f:d9: 67:57:3b:28:2b:24:f0:85:a2:d3:91:13:aa:fe:13:da: 34:90:78:a5:5d:22:24:23:15:80:2d:b5:73:ad:28:09: 4f:43:47:fa:ad:89:e7:59:5d:58:24:48:10:e6:6b:75: f0:e4:51:9a:36:b1:ac:67:85:f2:6b:7c:50:fb:ae:47: 42:22:4b:95:2b:89:c9:7e:45:b8:bc:0e:56:89:f1:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:fe:e0:9d:11:51:fc:5e:81:a2:7f:46:de:68:bf:5f: 27:db:30:1a:9b:f9:f1:99:51:9c:f8:4e:34:f6:a4:9b: 97:87:f7:76:5f:45:e8:b2:72:f2:3d:3c:08:93:2a:91: 1d:2c:32:6e:90:e8:eb:c2:02:fe:a0:36:69:f3:80:ff: fc:59:60:e8:3c:cd:4b:16:e6:ad:7d:d4:ae:37:3f:da: 22:55:e8:f6:a4:87:dc:62:46:d1:43:8f:2f:37:24:23: 1f:94:ab:46:d8:00:05:ea:13:7d:8a:e6:ba:ca:5c:b0: 91:9d:8e:5d:d3:00:06:2f:fb:25:7c:43:ce:50:fc:f7 Fingerprint (SHA-256): A3:6C:41:06:B7:EC:F3:E2:79:B0:C9:DA:E0:B0:B6:CD:C0:08:83:06:43:92:61:66:94:88:50:5E:25:94:D4:39 Fingerprint (SHA1): 68:B2:95:CD:B6:FB:3C:46:C1:26:91:0D:85:F0:D0:F6:B4:A1:AB:32 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2361: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171721 (0x1ee2ac49) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:36:06 2015 Not After : Mon May 18 21:36:06 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:3a:9d:15:b0:46:29:95:88:da:35:d8:de:79:f9:13: d2:a7:3b:02:9e:28:31:f7:dd:98:55:55:0f:cc:9e:3c: 48:7f:64:ac:f1:f0:97:6a:aa:0e:eb:10:e7:0b:7f:6c: e2:42:25:3d:07:51:5e:b8:d4:d6:e4:e3:90:57:20:c0: 89:d2:d3:57:3b:73:73:fc:ac:6f:3a:c0:f9:c1:9e:2e: 1d:8c:2f:b5:e2:86:bb:b1:58:6a:d6:db:fe:9e:21:3a: f9:b4:f6:a9:13:83:cf:00:0c:5b:3b:5a:a8:fe:05:ec: 58:4c:bc:18:de:aa:75:c6:b2:7a:52:81:d8:4f:8e:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:72:5f:16:7a:2b:1b:49:7e:87:b4:f6:7d:ff:06:2f: ba:a4:a7:21:49:83:c4:dc:f4:e8:99:b9:42:fa:ef:13: a6:86:d6:88:f9:10:26:fb:c1:7d:a5:ba:03:fa:c3:38: e6:f3:c9:6c:7d:40:e1:a4:6c:94:21:50:43:07:b3:c5: 9e:1a:32:fb:46:b1:48:49:93:9a:cb:8c:31:88:e0:c4: d6:a0:7e:16:fc:c5:4d:f1:de:b9:bf:9d:74:59:30:b5: 4a:26:bd:15:7a:46:6b:25:fd:a7:0d:b7:e8:9b:39:d5: 75:ea:aa:e7:96:00:83:f7:e0:ba:2c:70:73:0b:41:1b Fingerprint (SHA-256): 48:83:CF:55:AD:5E:92:0E:A2:E7:4F:5B:E0:0E:36:C3:BE:44:79:6F:CB:4A:76:E7:C9:00:E2:B4:C5:85:2D:50 Fingerprint (SHA1): AA:8A:D0:50:B9:61:31:EB:B5:A4:EE:0B:FF:99:79:C6:6E:C8:A9:21 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2362: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171719 (0x1ee2ac47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:36:00 2015 Not After : Mon May 18 21:36:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:90:a7:54:e8:8a:1d:84:c7:a3:52:08:1f:1c:65:52: 73:7a:86:06:c9:84:c1:65:15:c2:b9:f3:e5:76:a0:e7: 7f:27:e2:fc:6c:4e:00:40:43:72:e8:47:42:57:8f:d9: 67:57:3b:28:2b:24:f0:85:a2:d3:91:13:aa:fe:13:da: 34:90:78:a5:5d:22:24:23:15:80:2d:b5:73:ad:28:09: 4f:43:47:fa:ad:89:e7:59:5d:58:24:48:10:e6:6b:75: f0:e4:51:9a:36:b1:ac:67:85:f2:6b:7c:50:fb:ae:47: 42:22:4b:95:2b:89:c9:7e:45:b8:bc:0e:56:89:f1:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:fe:e0:9d:11:51:fc:5e:81:a2:7f:46:de:68:bf:5f: 27:db:30:1a:9b:f9:f1:99:51:9c:f8:4e:34:f6:a4:9b: 97:87:f7:76:5f:45:e8:b2:72:f2:3d:3c:08:93:2a:91: 1d:2c:32:6e:90:e8:eb:c2:02:fe:a0:36:69:f3:80:ff: fc:59:60:e8:3c:cd:4b:16:e6:ad:7d:d4:ae:37:3f:da: 22:55:e8:f6:a4:87:dc:62:46:d1:43:8f:2f:37:24:23: 1f:94:ab:46:d8:00:05:ea:13:7d:8a:e6:ba:ca:5c:b0: 91:9d:8e:5d:d3:00:06:2f:fb:25:7c:43:ce:50:fc:f7 Fingerprint (SHA-256): A3:6C:41:06:B7:EC:F3:E2:79:B0:C9:DA:E0:B0:B6:CD:C0:08:83:06:43:92:61:66:94:88:50:5E:25:94:D4:39 Fingerprint (SHA1): 68:B2:95:CD:B6:FB:3C:46:C1:26:91:0D:85:F0:D0:F6:B4:A1:AB:32 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2363: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #2364: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171719 (0x1ee2ac47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:36:00 2015 Not After : Mon May 18 21:36:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:90:a7:54:e8:8a:1d:84:c7:a3:52:08:1f:1c:65:52: 73:7a:86:06:c9:84:c1:65:15:c2:b9:f3:e5:76:a0:e7: 7f:27:e2:fc:6c:4e:00:40:43:72:e8:47:42:57:8f:d9: 67:57:3b:28:2b:24:f0:85:a2:d3:91:13:aa:fe:13:da: 34:90:78:a5:5d:22:24:23:15:80:2d:b5:73:ad:28:09: 4f:43:47:fa:ad:89:e7:59:5d:58:24:48:10:e6:6b:75: f0:e4:51:9a:36:b1:ac:67:85:f2:6b:7c:50:fb:ae:47: 42:22:4b:95:2b:89:c9:7e:45:b8:bc:0e:56:89:f1:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:fe:e0:9d:11:51:fc:5e:81:a2:7f:46:de:68:bf:5f: 27:db:30:1a:9b:f9:f1:99:51:9c:f8:4e:34:f6:a4:9b: 97:87:f7:76:5f:45:e8:b2:72:f2:3d:3c:08:93:2a:91: 1d:2c:32:6e:90:e8:eb:c2:02:fe:a0:36:69:f3:80:ff: fc:59:60:e8:3c:cd:4b:16:e6:ad:7d:d4:ae:37:3f:da: 22:55:e8:f6:a4:87:dc:62:46:d1:43:8f:2f:37:24:23: 1f:94:ab:46:d8:00:05:ea:13:7d:8a:e6:ba:ca:5c:b0: 91:9d:8e:5d:d3:00:06:2f:fb:25:7c:43:ce:50:fc:f7 Fingerprint (SHA-256): A3:6C:41:06:B7:EC:F3:E2:79:B0:C9:DA:E0:B0:B6:CD:C0:08:83:06:43:92:61:66:94:88:50:5E:25:94:D4:39 Fingerprint (SHA1): 68:B2:95:CD:B6:FB:3C:46:C1:26:91:0D:85:F0:D0:F6:B4:A1:AB:32 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2365: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171721 (0x1ee2ac49) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:36:06 2015 Not After : Mon May 18 21:36:06 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:3a:9d:15:b0:46:29:95:88:da:35:d8:de:79:f9:13: d2:a7:3b:02:9e:28:31:f7:dd:98:55:55:0f:cc:9e:3c: 48:7f:64:ac:f1:f0:97:6a:aa:0e:eb:10:e7:0b:7f:6c: e2:42:25:3d:07:51:5e:b8:d4:d6:e4:e3:90:57:20:c0: 89:d2:d3:57:3b:73:73:fc:ac:6f:3a:c0:f9:c1:9e:2e: 1d:8c:2f:b5:e2:86:bb:b1:58:6a:d6:db:fe:9e:21:3a: f9:b4:f6:a9:13:83:cf:00:0c:5b:3b:5a:a8:fe:05:ec: 58:4c:bc:18:de:aa:75:c6:b2:7a:52:81:d8:4f:8e:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:72:5f:16:7a:2b:1b:49:7e:87:b4:f6:7d:ff:06:2f: ba:a4:a7:21:49:83:c4:dc:f4:e8:99:b9:42:fa:ef:13: a6:86:d6:88:f9:10:26:fb:c1:7d:a5:ba:03:fa:c3:38: e6:f3:c9:6c:7d:40:e1:a4:6c:94:21:50:43:07:b3:c5: 9e:1a:32:fb:46:b1:48:49:93:9a:cb:8c:31:88:e0:c4: d6:a0:7e:16:fc:c5:4d:f1:de:b9:bf:9d:74:59:30:b5: 4a:26:bd:15:7a:46:6b:25:fd:a7:0d:b7:e8:9b:39:d5: 75:ea:aa:e7:96:00:83:f7:e0:ba:2c:70:73:0b:41:1b Fingerprint (SHA-256): 48:83:CF:55:AD:5E:92:0E:A2:E7:4F:5B:E0:0E:36:C3:BE:44:79:6F:CB:4A:76:E7:C9:00:E2:B4:C5:85:2D:50 Fingerprint (SHA1): AA:8A:D0:50:B9:61:31:EB:B5:A4:EE:0B:FF:99:79:C6:6E:C8:A9:21 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2366: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #2367: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #2368: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #2369: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171719 (0x1ee2ac47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:36:00 2015 Not After : Mon May 18 21:36:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:90:a7:54:e8:8a:1d:84:c7:a3:52:08:1f:1c:65:52: 73:7a:86:06:c9:84:c1:65:15:c2:b9:f3:e5:76:a0:e7: 7f:27:e2:fc:6c:4e:00:40:43:72:e8:47:42:57:8f:d9: 67:57:3b:28:2b:24:f0:85:a2:d3:91:13:aa:fe:13:da: 34:90:78:a5:5d:22:24:23:15:80:2d:b5:73:ad:28:09: 4f:43:47:fa:ad:89:e7:59:5d:58:24:48:10:e6:6b:75: f0:e4:51:9a:36:b1:ac:67:85:f2:6b:7c:50:fb:ae:47: 42:22:4b:95:2b:89:c9:7e:45:b8:bc:0e:56:89:f1:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:fe:e0:9d:11:51:fc:5e:81:a2:7f:46:de:68:bf:5f: 27:db:30:1a:9b:f9:f1:99:51:9c:f8:4e:34:f6:a4:9b: 97:87:f7:76:5f:45:e8:b2:72:f2:3d:3c:08:93:2a:91: 1d:2c:32:6e:90:e8:eb:c2:02:fe:a0:36:69:f3:80:ff: fc:59:60:e8:3c:cd:4b:16:e6:ad:7d:d4:ae:37:3f:da: 22:55:e8:f6:a4:87:dc:62:46:d1:43:8f:2f:37:24:23: 1f:94:ab:46:d8:00:05:ea:13:7d:8a:e6:ba:ca:5c:b0: 91:9d:8e:5d:d3:00:06:2f:fb:25:7c:43:ce:50:fc:f7 Fingerprint (SHA-256): A3:6C:41:06:B7:EC:F3:E2:79:B0:C9:DA:E0:B0:B6:CD:C0:08:83:06:43:92:61:66:94:88:50:5E:25:94:D4:39 Fingerprint (SHA1): 68:B2:95:CD:B6:FB:3C:46:C1:26:91:0D:85:F0:D0:F6:B4:A1:AB:32 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2370: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171723 (0x1ee2ac4b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:36:12 2015 Not After : Mon May 18 21:36:12 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:f8:45:ac:12:13:e0:77:89:71:a8:3e:ad:d1:3a:c3: 2c:d4:87:8b:ca:62:dc:eb:66:e1:b4:5e:19:e5:9e:52: 2d:bb:83:9b:83:1a:32:1c:46:7a:00:23:f4:5c:b6:6a: 56:64:2f:f4:41:6c:be:82:4d:04:f0:4c:70:65:b9:a7: 81:09:36:2c:70:67:36:1d:5f:e5:97:79:01:83:49:70: 89:43:d8:64:53:55:7e:19:9c:fb:d2:52:a3:fc:35:c7: 10:66:ad:d9:e4:9e:a5:b2:b1:91:59:50:06:d3:c1:c2: bd:e0:80:b6:03:1e:0f:c0:0f:06:bf:0b:b6:13:c6:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:e1:cb:f6:6f:f1:be:80:10:28:00:3a:4c:ff:3c:d6: b7:c0:ed:c3:ee:69:86:82:03:c1:74:26:c3:2b:4a:86: 6a:ff:d7:ad:71:42:01:ce:42:2c:5d:d0:f2:ae:5c:89: 41:c1:97:d0:ec:e3:0d:79:98:88:32:11:83:32:4d:20: 8c:fb:fb:e0:41:8e:a9:86:7b:e1:d4:71:00:ae:20:d1: e9:a7:c7:cc:bc:33:f6:e2:e0:3c:ec:6e:8b:28:74:9d: 85:82:c8:53:0e:d0:e5:1b:5c:27:93:33:35:0b:86:a0: 85:05:51:de:33:77:87:19:cb:03:b7:76:ed:d0:c9:0a Fingerprint (SHA-256): 86:00:BB:7D:F9:C8:99:6F:B7:6F:9B:27:30:1B:6C:48:9C:DC:0D:15:4A:E7:6D:9D:35:5A:93:21:B3:FF:94:F9 Fingerprint (SHA1): 94:30:2F:DA:B5:BA:4B:34:32:B8:4A:01:80:36:6B:AD:B0:E9:79:CC Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #2371: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171719 (0x1ee2ac47) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:36:00 2015 Not After : Mon May 18 21:36:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9f:90:a7:54:e8:8a:1d:84:c7:a3:52:08:1f:1c:65:52: 73:7a:86:06:c9:84:c1:65:15:c2:b9:f3:e5:76:a0:e7: 7f:27:e2:fc:6c:4e:00:40:43:72:e8:47:42:57:8f:d9: 67:57:3b:28:2b:24:f0:85:a2:d3:91:13:aa:fe:13:da: 34:90:78:a5:5d:22:24:23:15:80:2d:b5:73:ad:28:09: 4f:43:47:fa:ad:89:e7:59:5d:58:24:48:10:e6:6b:75: f0:e4:51:9a:36:b1:ac:67:85:f2:6b:7c:50:fb:ae:47: 42:22:4b:95:2b:89:c9:7e:45:b8:bc:0e:56:89:f1:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:fe:e0:9d:11:51:fc:5e:81:a2:7f:46:de:68:bf:5f: 27:db:30:1a:9b:f9:f1:99:51:9c:f8:4e:34:f6:a4:9b: 97:87:f7:76:5f:45:e8:b2:72:f2:3d:3c:08:93:2a:91: 1d:2c:32:6e:90:e8:eb:c2:02:fe:a0:36:69:f3:80:ff: fc:59:60:e8:3c:cd:4b:16:e6:ad:7d:d4:ae:37:3f:da: 22:55:e8:f6:a4:87:dc:62:46:d1:43:8f:2f:37:24:23: 1f:94:ab:46:d8:00:05:ea:13:7d:8a:e6:ba:ca:5c:b0: 91:9d:8e:5d:d3:00:06:2f:fb:25:7c:43:ce:50:fc:f7 Fingerprint (SHA-256): A3:6C:41:06:B7:EC:F3:E2:79:B0:C9:DA:E0:B0:B6:CD:C0:08:83:06:43:92:61:66:94:88:50:5E:25:94:D4:39 Fingerprint (SHA1): 68:B2:95:CD:B6:FB:3C:46:C1:26:91:0D:85:F0:D0:F6:B4:A1:AB:32 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2372: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #2373: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #2374: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #2375: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #2376: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #2377: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518171724 (0x1ee2ac4c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:36:16 2015 Not After : Mon May 18 21:36:16 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:27:1b:0a:ee:a8:6e:60:d1:d4:55:e1:28:d0:8d:bc: 08:bf:65:4f:d6:e1:36:6d:2f:22:63:9e:0b:3e:8d:67: 21:f7:f6:5f:b2:f2:c8:b2:fa:52:b6:15:7d:6c:a2:e7: 7b:ac:ff:1f:48:f1:97:39:15:54:64:49:c2:db:1e:1b: 26:05:05:53:ea:96:f8:44:ed:cb:dc:75:ba:66:2a:b1: 97:92:d8:86:08:27:24:0b:6a:b4:65:91:5d:85:62:9c: da:fd:da:90:b5:c0:56:2a:0d:01:2e:43:09:b6:4d:a2: 04:0a:0e:6b:7f:14:57:2a:7e:4a:82:28:25:72:6b:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c1:5e:35:6d:0f:02:17:4d:07:e3:00:89:f9:c4:15:5d: 4d:bc:10:af:fd:a0:a3:4e:b8:1b:19:b9:af:38:c2:23: ca:37:8d:69:17:5d:36:c8:16:ed:29:19:00:f2:5d:92: 14:5d:d5:cc:2b:46:56:7b:04:da:99:89:76:47:23:ba: a8:44:c0:59:7a:77:ee:05:13:48:d7:e9:7d:68:e2:a0: 9a:45:d8:28:62:93:18:51:35:15:d7:fa:53:37:bf:ea: 52:af:ec:48:f2:ed:a0:41:39:f2:c5:ab:af:6f:7c:5d: be:1a:dd:bb:fe:ab:24:21:08:ae:f4:fc:fa:ee:d4:df Fingerprint (SHA-256): D3:19:27:FA:20:47:6C:74:39:FA:EF:F4:72:73:68:2E:37:22:B9:A8:83:20:F7:38:AB:6F:02:E1:ED:C7:7F:7E Fingerprint (SHA1): 7A:DA:9A:6A:16:35:36:38:14:23:FA:8B:B3:B8:88:F6:4C:9A:BE:61 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #2378: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #2379: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #2380: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #2381: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #2382: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2383: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2384: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2385: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2386: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2387: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2388: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2389: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2390: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2391: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2392: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2393: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2394: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2395: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2396: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #2397: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2398: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2399: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2400: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2401: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 17996 at Mon May 18 17:36:48 EDT 2015 kill -USR1 17996 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 17996 killed at Mon May 18 17:36:48 EDT 2015 TIMESTAMP chains END: Mon May 18 17:36:48 EDT 2015 chains.sh: Testing with PKIX =============================== Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 17:36:48 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 17:36:48 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Mon May 18 17:36:48 EDT 2015 TIMESTAMP libpkix END: Mon May 18 17:36:48 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Mon May 18 17:36:48 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2402: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -f ../tests.pw cert.sh: #2403: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2404: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2405: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2406: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -f ../tests.pw cert.sh: #2407: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2408: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2409: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2410: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2411: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2412: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2413: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2414: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -f ../tests.pw cert.sh: #2415: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2416: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2417: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2418: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2419: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2420: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2421: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2422: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2423: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #2424: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2425: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #2426: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2427: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2428: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2429: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2430: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2431: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #2432: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2433: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2434: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2435: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2436: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw cert.sh: #2437: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2438: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2439: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2440: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2441: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2442: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2443: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2444: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2445: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2446: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2447: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2448: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2449: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2450: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2451: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2452: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2453: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2454: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2455: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw cert.sh: #2456: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2457: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2458: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #2459: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2460: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2461: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2462: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #2463: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2464: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2465: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2466: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #2467: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2468: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2469: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2470: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2471: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2472: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2473: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2474: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw cert.sh: #2475: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2476: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA.ca.cert cert.sh: #2477: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA-ec.ca.cert cert.sh: #2478: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2479: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #2480: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2481: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2482: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #2483: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2484: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2485: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #2486: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2487: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2488: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2489: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA.ca.cert cert.sh: #2490: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA-ec.ca.cert cert.sh: #2491: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2492: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2493: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2494: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2495: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2496: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2497: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2498: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2499: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2500: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2501: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #2502: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2503: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2504: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #2505: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2506: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2507: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2508: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2509: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2510: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2511: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw cert.sh: #2512: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2513: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA.ca.cert cert.sh: #2514: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #2515: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2516: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #2517: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2518: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2519: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #2520: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2521: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2522: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #2523: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2524: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw cert.sh: #2525: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2526: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA.ca.cert cert.sh: #2527: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #2528: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2529: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #2530: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2531: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2532: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #2533: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2534: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2535: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #2536: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2537: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw cert.sh: #2538: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2539: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA.ca.cert cert.sh: #2540: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #2541: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2542: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #2543: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2544: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2545: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #2546: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2547: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2548: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #2549: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2550: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw cert.sh: #2551: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2552: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA.ca.cert cert.sh: #2553: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #2554: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2555: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2556: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2557: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2558: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2559: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2560: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2561: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2562: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2563: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #2564: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2565: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2566: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2567: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2568: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #2569: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2570: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2571: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw cert.sh: #2572: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2573: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #2574: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2575: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw cert.sh: #2576: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2577: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #2578: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2579: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #2580: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2581: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2582: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #2583: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2584: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2585: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #2586: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2587: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw cert.sh: #2588: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2589: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #2590: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #2591: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2592: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #2593: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2594: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2595: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #2596: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2597: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2598: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #2599: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2600: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:aa Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:38:56 2015 Not After : Tue Aug 18 21:38:56 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:23:1c:1e:dd:0b:04:41:36:0e:a0:a1:b6:49:2e:0f: d9:68:c5:21:9f:27:e4:ad:28:23:ae:13:02:49:fc:bc: f0:8c:35:2a:9f:65:24:2e:45:f1:9a:f5:6b:18:6e:70: 52:7b:bc:10:05:30:23:55:7d:1f:d8:8b:1b:cf:c6:de: ea:08:91:87:b1:68:43:67:5e:b2:b5:c3:f2:c2:ae:d5: f8:4b:1c:96:aa:2b:c0:8c:9a:87:cf:1f:ad:10:4f:4f: 09:c8:c6:84:34:5d:aa:bf:f6:4d:e7:7d:af:73:66:e7: 8b:c6:ed:17:ae:63:e8:dd:5d:9d:4e:18:63:b9:e7:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 64:ee:75:b8:dd:30:71:2d:33:c3:b6:f3:c8:d9:c3:43: 66:5e:22:b6:bd:f8:14:67:01:2a:ad:86:b9:59:c3:e7: dc:45:e5:28:93:7c:ab:de:52:f4:e8:20:bb:b4:c0:5f: 78:ac:b3:86:6b:b7:5a:62:c5:eb:29:65:06:4d:60:e4: 0d:ed:05:4b:16:d9:7f:ee:ed:b3:19:2e:b4:ae:a0:03: d4:b6:f5:f0:38:8d:6a:36:6a:8a:54:79:d9:a9:2d:43: 49:7c:d7:36:78:2c:8b:da:d4:df:22:c3:9a:cb:5c:74: ee:0b:b5:92:fe:91:4b:70:14:c3:1e:4d:f5:b5:9c:54 Fingerprint (SHA-256): 98:B6:8F:91:DC:BB:C6:CC:05:14:39:2B:A0:7D:D0:61:80:AB:12:41:9E:B7:A3:F6:4C:BB:D6:C4:E3:EF:EF:06 Fingerprint (SHA1): 35:58:E6:C8:BB:F7:FC:93:C0:84:A4:23:DD:4F:41:DE:BB:3A:AC:88 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2601: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:af Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:38:58 2015 Not After : Tue Aug 18 21:38:58 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:3b:b4:bc:83:68:ce:42:dc:de:99:7a:c2:3f:de:d2: d7:ff:3b:64:10:35:58:cf:69:a9:35:05:9c:0e:e0:8e: da:90:68:c0:a0:a7:56:ac:83:8d:9f:4a:66:b7:91:15: 5a:65:d1:2b:64:b7:67:a5:5f:48:9c:1c:73:1b:f5:94: 87:d7:46:0d:0e:23:a4:70:a9:35:cd:13:b3:ca:60:65: d5:7b:be:a5:98:79:00:c7:cc:bf:ec:92:e2:29:f3:f6: c3:6c:61:6a:d1:64:f3:40:3c:a7:13:2a:1b:1b:f6:37: a2:4b:ab:ee:45:5e:57:b7:a6:9a:f9:6f:28:20:fa:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:42:55:aa:d9:cb:1b:88:20:67:64:c4:8b:07:65:2c: ad:8c:05:b2:ce:b3:9b:f4:e5:08:75:ad:ee:d2:89:0a: 34:8e:59:e0:74:00:fa:0c:96:41:52:1f:1d:a5:c4:93: fd:89:62:10:2f:37:6d:cf:f3:c3:c9:7d:59:b0:82:72: 45:da:cf:13:ba:b4:65:36:de:ec:aa:b8:08:d5:e5:c4: 81:cf:d5:31:90:8a:d6:12:3b:6d:7f:90:31:06:f1:4d: 5f:74:cb:f8:6f:ce:c4:35:00:4d:ba:6a:59:6a:65:95: 86:76:f3:ab:df:4a:9d:67:92:0d:ec:f1:55:19:ef:ed Fingerprint (SHA-256): DA:B1:9E:04:99:BD:E2:7F:36:09:0E:89:69:74:C3:58:9E:79:6F:1F:EE:C0:57:45:80:69:4D:89:A0:CA:B2:C6 Fingerprint (SHA1): C3:0E:85:B9:2E:82:62:4F:1F:56:9F:5C:57:F7:D4:7A:B6:F5:67:CF Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2602: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:b3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:01 2015 Not After : Tue Aug 18 21:39:01 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:c5:b8:77:c0:59:3b:96:76:35:5a:35:28:fb:53:9a: d7:7f:a6:a4:e8:a9:8e:a5:78:55:c7:8f:3e:33:95:24: fd:35:5c:b7:c0:7e:3d:17:66:93:62:df:a3:0f:9a:7f: 8f:58:5a:f8:b6:9d:66:0f:c3:e8:a0:ea:aa:63:84:07: 29:7b:d6:d8:2e:cd:11:d9:33:8b:54:de:90:2f:f1:20: 5b:57:41:f1:6a:1a:2e:3b:30:8a:b1:a2:a8:98:42:bc: 10:1b:cb:dc:fd:b6:50:70:a0:d9:82:f3:aa:3d:11:2c: 02:0d:94:b4:48:2f:0d:c3:df:2f:f8:9b:a5:6b:fa:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:c7:08:0d:00:a5:1c:6b:30:fc:cf:3c:e9:37:0f:29: b9:94:a3:77:63:81:2d:e6:a5:f6:20:02:c1:a3:f1:b0: 87:18:31:e8:73:6d:d4:0c:7d:c7:cb:a6:d1:ef:58:c9: ff:fd:af:1e:4d:59:04:72:02:e0:94:36:7f:64:f3:ff: 28:d0:eb:35:00:26:9c:53:22:ac:ad:93:a0:68:db:50: f6:ad:54:3d:18:75:31:b0:0a:1b:d9:15:b8:c8:3d:b6: 30:89:13:f6:91:73:82:8f:7b:f9:87:82:16:95:03:e2: 7f:da:a0:86:8c:19:1a:2c:24:26:a2:e5:4b:a7:c4:a0 Fingerprint (SHA-256): 74:EB:E8:3F:1E:E9:EE:41:FC:F1:77:FA:AA:7E:B0:C7:A6:BC:D0:24:47:D6:C3:D0:AD:83:5B:B7:1C:53:BC:7E Fingerprint (SHA1): 17:B9:1B:0A:D2:93:5F:38:1B:3F:A8:7F:24:F2:93:BA:6B:78:C7:F2 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2603: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:b8 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:04 2015 Not After : Tue Aug 18 21:39:04 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:40:19:f1:1d:ad:68:13:f1:4c:5a:c8:a5:12:7c:57: de:4a:1f:f8:e9:cf:56:7f:10:94:5a:30:40:67:ed:0b: f9:7f:66:8e:67:45:b5:38:80:ad:fd:09:ec:f2:a2:d6: db:92:65:0a:0d:4c:0f:85:fd:86:61:38:8d:0f:e3:16: 9e:fc:cb:b8:41:75:a0:2b:ae:d7:31:94:06:ff:c1:64: 37:6c:75:13:88:f2:cf:60:fb:cb:db:59:c9:6d:dd:d1: 81:95:35:a1:12:74:d2:6e:99:03:09:42:8d:ce:8d:d9: bf:15:e9:74:cc:d5:c3:7b:21:77:00:35:70:9e:f0:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 97:48:47:0a:0b:6d:31:32:39:62:f9:4c:1b:c6:e6:0c: 83:d1:ce:cb:34:ce:88:0d:93:f1:55:e4:90:89:04:56: d8:f2:01:11:1a:7e:06:e4:2d:f1:e6:45:f7:f3:23:cc: 2b:f8:36:b0:d3:3d:d1:ec:19:5a:a7:12:7b:b7:ef:af: 63:43:e5:e5:7d:e1:53:c6:1a:3b:8e:b6:28:8e:a5:f2: 8e:4f:91:38:23:49:8d:6f:5d:20:08:80:76:0c:ec:88: 22:6a:07:fc:64:6f:db:eb:c1:45:bb:ee:32:49:d2:b6: fe:2c:02:85:14:22:ba:7b:4b:b5:e9:83:ab:31:09:0f Fingerprint (SHA-256): 6F:00:E1:20:1E:38:D9:99:A7:FC:FC:5E:F4:63:C6:04:59:68:D9:9B:FD:19:CA:CD:5C:CA:CF:1B:A7:5D:A6:90 Fingerprint (SHA1): 25:CD:1E:F8:DF:CC:6C:87:C0:78:45:1C:ED:98:CA:4B:1F:C7:A0:DB Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2604: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:bd Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:06 2015 Not After : Tue Aug 18 21:39:06 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:52:8c:15:5b:85:51:53:5c:ad:6a:42:eb:11:aa:6d: bb:c5:6b:a1:15:07:b8:44:37:63:54:d2:f1:f3:07:13: 81:3a:1c:a3:cc:fd:49:fc:4d:42:1f:01:9f:a4:da:da: a3:62:3d:48:36:d0:75:ca:e5:f8:b7:81:9e:1e:4c:23: 1a:5a:db:05:3b:13:88:f3:3e:02:7e:55:8c:ac:58:d7: 0e:8f:a6:aa:5a:95:c9:2f:0c:bc:ae:cc:d2:83:e7:cf: e5:ec:54:02:9f:17:c9:bd:9f:20:1c:1f:ea:4f:64:04: 91:65:72:19:56:24:60:99:1c:7f:e5:2e:b9:40:e4:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d9:57:5e:3c:0b:d8:0d:9f:5f:27:cf:dd:4b:2d:7e:e5: 07:4a:04:c3:54:e1:01:5e:da:3c:3e:ab:bc:7c:35:1c: 08:e4:3a:fe:04:5d:d5:3b:01:42:a2:5a:0f:92:ef:1f: 17:a4:be:17:08:a8:e5:a7:1a:9b:d5:1b:be:43:86:e8: 7e:db:88:b3:ac:d0:6c:6f:b5:e0:31:08:bd:bb:e8:be: 89:d0:5a:f8:cd:b3:84:73:36:0a:d1:8f:db:41:3c:7e: 53:e7:aa:b4:36:34:4b:14:dc:11:3a:57:2b:ab:8e:33: 77:d4:bf:55:05:c1:3c:55:ab:ff:51:bf:cd:7b:a3:37 Fingerprint (SHA-256): 6F:50:57:E2:9A:31:74:7E:FC:0E:51:05:66:E0:AD:C9:C3:B4:A2:D6:49:13:DE:1D:68:C2:EE:35:82:21:C3:31 Fingerprint (SHA1): 08:07:8A:3F:23:1C:90:F5:BC:53:8F:A6:59:B2:15:10:CB:7B:2D:B3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2605: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:c1 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:08 2015 Not After : Tue Aug 18 21:39:08 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:73:ba:21:eb:26:7d:97:20:1d:e0:f3:24:92:2d:ce: 2e:2d:f0:da:4e:86:79:02:50:ae:b3:31:3a:40:b2:38: 30:98:c4:ea:d7:02:28:bd:5a:90:2a:19:10:1d:57:19: fd:70:55:4e:12:ad:af:0e:56:f6:27:f9:0a:48:b9:47: d4:63:1f:0d:56:23:90:5e:cd:3c:aa:82:c6:11:39:9f: 0a:7e:50:94:8f:30:73:62:12:f4:f4:ce:a8:f5:9f:a1: 57:d6:1b:10:53:60:b1:48:c2:fc:17:27:1d:c9:62:eb: 5e:82:5e:10:6e:b5:b2:2e:32:ee:49:38:28:90:75:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 69:b6:79:a3:b9:05:41:3b:e3:0c:7e:95:cc:81:0e:b8: 8e:4e:6d:87:69:08:62:09:41:40:9e:ee:04:0e:41:49: ca:a8:b2:ef:67:f5:74:95:8c:b0:c4:50:69:bc:f9:79: a2:4e:ec:83:78:3b:73:38:c4:75:b2:64:4f:18:3f:5b: 8a:e7:10:6f:63:c7:05:5b:a3:36:c7:c3:af:f4:24:77: 8d:64:27:be:12:87:33:0f:fd:db:7f:3a:41:82:96:77: 4e:46:cd:63:34:74:da:e2:7a:18:55:16:3f:f3:fa:6f: c7:ee:8b:58:c7:7e:8d:ae:ee:ac:31:c4:a9:ac:d3:06 Fingerprint (SHA-256): 9E:DF:3F:D9:D5:7E:41:AA:77:67:41:58:FE:35:A5:78:7D:8E:51:FC:04:B1:B0:A9:D1:49:90:24:15:06:07:48 Fingerprint (SHA1): 4A:EF:BE:EA:83:EA:B6:74:19:39:CB:85:C2:70:DF:F1:64:C4:EE:31 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2606: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:c6 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:10 2015 Not After : Tue Aug 18 21:39:10 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:c9:97:6a:cc:1b:dc:7a:57:a8:72:0c:11:c1:27:3c: d3:eb:aa:c8:f1:fd:3d:4e:45:96:24:b4:8d:31:89:88: d6:0f:4f:e3:93:d8:b5:5b:84:df:d0:b3:50:3b:39:e7: 78:11:21:90:17:88:5b:a1:3a:15:70:55:ce:bb:e5:4d: af:43:d3:8a:2f:d2:f7:50:dd:41:12:24:6a:63:71:58: 70:06:a5:f8:f6:89:f5:e3:03:65:c8:b2:cb:0d:b0:c6: 02:fd:e5:09:7f:4c:1e:a9:ec:92:7d:e1:69:69:db:52: 38:13:51:c5:69:cb:e2:a5:f8:06:d8:65:16:3c:f5:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:ff:17:35:7c:db:1a:56:a0:5d:e9:ca:26:24:60:67: 19:69:26:69:b5:3f:dd:98:9e:11:b4:e8:de:10:14:72: 7c:76:24:7b:c6:53:3b:28:e7:d3:b4:83:24:ec:74:2c: 28:46:98:3f:13:5e:e9:01:41:d9:3b:f9:1e:bf:16:83: 1b:08:60:b5:cc:07:3a:a3:3d:cb:44:fe:7a:2b:ee:2d: 97:50:4a:8e:35:54:d5:67:9b:ff:06:16:56:fb:3f:3b: 3a:9c:63:bf:7c:43:39:3e:87:19:10:ab:a5:21:a3:d4: 90:46:da:50:df:f5:33:1c:4e:23:05:f6:86:7d:73:56 Fingerprint (SHA-256): 6C:7D:B2:B3:E0:15:87:9F:DC:FF:86:17:75:58:CB:8E:08:DF:AC:BC:62:60:6D:3D:6B:64:5B:F4:AC:5C:03:0A Fingerprint (SHA1): 64:E1:95:78:58:E2:64:B2:F6:B0:44:86:4A:DF:98:5D:B8:14:A8:A3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2607: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:ca Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:13 2015 Not After : Tue Aug 18 21:39:13 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:ca:ed:7f:58:2b:ab:57:de:71:07:58:f4:9b:2c:5d: 59:9e:04:6e:69:e3:9f:db:5b:4b:90:87:b7:37:a8:84: 0d:89:1f:e3:e1:c6:03:e0:c1:9a:b1:03:d2:50:a2:b3: 40:23:ab:e2:4c:4f:58:8a:7e:36:ff:1c:90:2e:74:d2: 90:f2:52:d0:19:d5:30:ba:32:99:e9:bc:b4:97:f4:c5: f3:ac:88:31:92:6f:a9:51:68:29:60:1e:7d:1a:bc:22: 11:2b:ba:84:02:cf:62:05:b4:be:32:08:e1:e9:09:37: 6f:be:74:4c:73:f0:ba:34:d2:03:ac:75:da:6f:b3:01 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:de:5e:05:52:3e:e8:52:95:ae:5c:ef:ea:69:dd:e8: e4:c2:dd:d1:aa:a9:47:99:b7:42:88:9f:be:98:33:8b: b4:9e:ff:f2:13:a6:75:de:95:4a:e9:ed:11:f8:62:d2: cd:c7:58:9a:e0:0c:e7:11:90:9e:1d:28:b0:ef:14:53: 50:e1:22:ea:b3:6d:4e:17:9b:40:04:9e:15:44:57:fa: a2:63:f9:21:dd:eb:a2:33:a0:d9:cd:52:1e:77:cb:7f: bf:84:04:44:34:08:55:14:f9:bc:4d:53:8a:5e:1e:d6: 85:7d:66:e1:8b:4e:95:f8:26:01:32:c4:8c:67:d0:65 Fingerprint (SHA-256): A4:C4:B4:77:9E:0B:B6:9E:E2:52:92:5D:1F:5E:EE:AC:E8:64:2C:38:9E:31:91:D8:75:6A:1D:65:FB:FC:CF:FE Fingerprint (SHA1): EB:75:F1:56:1A:3B:1C:6B:6A:36:AD:C3:D7:97:05:0A:57:8A:6A:03 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2608: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:ce Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:15 2015 Not After : Tue Aug 18 21:39:15 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:bb:a4:b3:bb:be:c7:74:71:aa:8a:a0:66:72:34:ea: 1d:9c:55:33:fa:bf:2c:c8:72:f0:42:b3:d7:9c:09:2a: 5f:98:35:ca:3e:c9:cb:2a:7c:4a:81:d1:6f:18:63:40: 03:66:72:b1:cd:69:74:37:2f:fe:ea:99:fa:c4:c0:9c: 22:01:84:dd:7e:c8:ce:95:a6:9a:82:22:26:3e:74:0a: c2:48:b5:ac:cc:4a:00:b3:23:a9:dc:98:3f:1f:d9:e0: fc:5c:c9:17:b3:a8:17:80:b9:6b:6c:3c:05:7c:82:89: b3:e4:cb:de:e8:04:79:4e:7f:27:d8:98:44:f2:64:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:6c:ac:0d:4e:5b:36:46:7e:77:3d:f9:10:74:5a:92: 38:e9:24:39:30:7e:b0:83:f3:b0:3a:11:94:e7:aa:b2: 3c:55:e8:e0:47:9f:01:81:4b:6a:7f:2f:9a:94:ac:66: c8:ad:97:e6:5a:0c:9b:90:cd:1a:eb:f9:f8:65:f4:27: 32:c0:55:3c:6f:14:31:20:8b:fb:41:06:67:f1:39:bc: be:f7:d8:eb:ed:14:11:c3:c4:4d:41:bd:07:5b:40:07: 23:7b:05:65:d4:8b:8e:b8:73:c7:35:5d:78:f9:03:52: c9:bc:ce:c2:90:00:28:1f:af:17:63:e4:81:b9:b8:d8 Fingerprint (SHA-256): 54:48:B8:A5:09:55:72:48:55:44:A0:70:A9:18:D5:88:BE:AD:C5:42:B5:EC:60:41:FA:03:75:9E:FB:1A:F4:46 Fingerprint (SHA1): 7D:B7:99:BF:EB:9B:6D:85:FE:DB:E8:FC:6E:32:E7:7D:A1:95:21:9A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2609: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:d3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:17 2015 Not After : Tue Aug 18 21:39:17 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:4a:fd:35:6e:93:b2:ef:53:1c:30:c3:e1:2f:b9:31: c4:0a:36:f8:e5:1c:2b:cf:dc:53:21:43:50:4d:04:f5: e7:e3:4d:e5:d1:ec:b3:4b:88:4a:9b:b9:93:fd:3b:79: 18:3a:e6:d0:30:b4:fe:79:2b:01:4e:f9:3e:98:65:1b: 58:d9:c9:a5:37:29:19:8c:07:51:6c:65:21:b1:9e:ea: 34:96:8f:c3:bb:60:c4:f5:21:af:24:c5:25:4f:1f:52: 59:70:c5:2d:86:31:51:5b:17:1d:01:b2:84:6e:9a:7f: ab:0b:10:af:ab:d2:93:9c:31:1f:b8:98:d8:d9:9c:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:24:c6:26:61:97:19:db:43:da:81:a4:1b:81:b2:07: 6d:6a:cf:6d:18:cc:d6:67:d0:a1:fc:83:8d:a5:7a:bd: 7f:2c:f6:4f:21:63:f9:6a:db:2e:23:ce:59:06:98:25: 16:5d:bb:2f:35:c7:59:bf:5c:a0:07:92:24:8f:60:2e: 66:93:76:6d:d0:9c:d6:9f:46:05:ca:c4:9f:58:84:cc: 50:36:4b:29:d2:2d:cc:c9:d6:d1:e9:49:e8:32:30:78: 01:ad:b3:9d:18:e9:f6:d0:5e:52:eb:fa:19:e9:f8:26: 57:7d:75:d5:09:6d:7e:6f:96:8a:75:1c:89:2d:e3:54 Fingerprint (SHA-256): 63:70:33:22:84:90:70:02:7C:80:C4:54:8E:D4:22:7C:51:5C:08:65:FB:E5:16:33:D3:8E:45:EC:CE:CC:E9:47 Fingerprint (SHA1): 54:71:54:4B:10:D2:79:4C:61:AF:A4:F9:BC:C4:F5:58:ED:EE:14:B5 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2610: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:d7 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 21:39:19 2015 Not After : Tue Aug 18 21:39:19 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:3e:22:2c:2e:57:59:35:55:07:65:fe:08:ec:7b:11: fc:b4:f8:8c:4f:97:c6:6f:79:28:f1:1a:a2:d2:01:66: 00:4c:1b:6c:22:c8:83:0a:55:29:6d:6a:35:2a:e5:07: 0c:55:e2:7e:ad:b7:e2:db:f7:f7:59:a6:0c:40:25:d9: 58:f9:f7:71:ae:43:62:e4:06:3f:b2:0d:ef:be:f0:46: 84:b4:f7:e9:fe:a8:58:54:ef:04:11:a7:e5:bd:9f:40: f5:52:20:4f:d3:f6:7e:93:9b:7c:2f:cd:63:71:16:94: 4e:e7:2a:16:99:f4:57:d9:14:b0:06:d2:7a:35:b4:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:3e:07:2b:9c:ad:67:ad:67:9a:a7:97:0a:1e:12:c0: ec:7f:f6:81:77:21:0b:00:61:b1:c1:c7:11:69:7f:fe: 75:2a:d8:52:d0:0f:e9:59:89:98:de:e3:01:94:7b:0a: 86:c9:7b:47:45:d4:28:d6:e4:28:0c:2a:f1:81:e2:d0: 1d:31:16:b7:fb:11:2d:c2:d8:c4:16:11:38:96:1e:97: 4a:e3:eb:53:38:45:95:39:ba:20:35:da:c4:9c:15:d7: 8a:f2:88:a9:e9:6c:b2:15:6a:a1:e0:cb:de:57:c4:e1: 78:64:52:3d:f3:df:db:5b:ef:76:f9:e2:1e:6b:ab:c9 Fingerprint (SHA-256): A0:8E:91:5B:CE:1D:0D:55:99:07:A6:F0:D0:26:34:D1:38:AC:F4:92:3D:62:3C:67:6B:EF:92:8D:9F:41:23:A6 Fingerprint (SHA1): A2:4D:31:4C:FE:AC:25:3B:C0:1C:7B:77:13:45:06:5E:1F:DF:B0:AC Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2611: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2612: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2613: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #2614: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:df Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 21:39:24 2015 Not After : Tue Aug 18 21:39:24 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:b5:8a:5b:cf:ae:d1:21:ad:7f:e1:ab:e0:89:20:fe: 57:74:b0:25:f7:04:2d:5b:77:d4:37:59:10:60:6b:79: 38:0a:c3:fc:78:ac:2f:38:64:1c:66:7b:1c:d8:ac:34: b4:c5:4c:4a:92:95:81:dd:61:0c:9a:e6:4f:32:0d:06: ac:ec:f8:8f:9a:74:fb:fa:b7:10:8d:83:5f:a9:6f:78: 6b:e7:3d:4d:5a:4d:0e:bb:a8:2c:63:a6:d2:96:ea:4d: 6e:3b:b7:c8:4b:ce:43:99:df:f5:17:fd:d4:e6:0c:bf: 9b:a7:0a:cc:ee:af:e1:ad:2c:50:d7:ee:16:3f:85:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a7:77:27:e3:d4:36:b9:f3:2a:41:65:99:b6:92:91:15: 5d:df:17:4c:46:2f:79:b7:5c:fc:f8:eb:14:85:27:00: 4d:88:77:3b:0b:9a:0b:44:73:29:5a:58:3d:d5:f7:bd: 38:ca:c1:28:10:73:0e:00:3a:eb:a1:46:19:99:a9:15: a8:c6:44:2d:78:10:d5:24:89:b1:d4:36:79:e1:26:15: 25:39:09:02:cc:2a:e9:57:65:f2:b3:f6:e5:28:9d:aa: 1b:ef:8a:bb:6d:7a:03:5c:95:b9:a0:8c:01:58:99:55: 84:57:da:29:63:61:06:c3:d3:48:7c:41:88:87:2b:dc Fingerprint (SHA-256): 02:EB:33:05:C2:53:8F:0D:04:E7:9D:8F:29:3D:EA:25:47:40:6D:13:17:9E:3C:E3:3F:DB:6D:4B:E7:50:1A:A5 Fingerprint (SHA1): 75:12:50:13:8D:18:1A:A4:2F:E7:26:F8:0F:FC:1E:29:56:2D:3E:DA Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2615: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der cert.sh: #2616: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2617: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2618: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2619: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2620: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2621: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #2622: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:40:f1 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 21:39:33 2015 Not After : Tue Aug 18 21:39:33 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:34:31:7d:1d:1e:6b:37:9f:f1:ff:c9:84:ff:31:8c: 01:ac:6c:3b:9c:32:ef:3f:f1:c5:9b:43:97:73:8c:07: 31:c1:95:0c:b7:cf:81:83:d1:13:4c:f4:8c:44:e5:92: 01:84:7b:cd:f4:00:74:21:60:f4:49:bc:65:84:1a:7b: f5:b9:10:bd:07:15:bf:4b:86:88:69:01:80:75:8f:51: 96:a1:d6:66:5b:8e:7c:58:c8:e9:8a:aa:8e:82:a4:a7: 88:2e:e7:30:fc:57:c1:54:3e:b3:b5:a4:88:f1:73:53: 4b:de:21:05:e6:bb:42:b0:d3:c2:9a:21:02:2e:6b:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d3:8c:4e:f9:84:4b:e7:9b:47:ba:fe:60:28:6a:da:8b: ae:4d:9a:a0:4f:aa:7c:b3:b5:fb:71:11:1f:da:8d:62: 9f:c8:c5:f7:92:d5:57:e6:2e:78:25:6e:c5:bd:4c:5d: 95:73:60:a5:e0:26:89:4f:1a:3c:a6:a6:57:58:20:0a: b3:7d:4c:18:f0:cb:e5:07:1e:42:bb:5e:fa:d0:c0:6e: 4d:d8:8c:ae:97:4f:5f:50:33:9b:64:37:fc:12:0e:21: f6:62:30:a2:fe:ca:0c:94:d4:f5:d0:7b:6f:e6:8c:fb: 97:2a:1e:71:32:ac:d4:76:6d:0c:20:ee:72:d7:be:58 Fingerprint (SHA-256): 1E:09:8B:55:FA:EC:AA:51:FB:B5:3D:50:C9:6F:98:1F:CD:B5:23:A1:F1:54:4A:DC:5E:66:46:05:6C:42:AC:60 Fingerprint (SHA1): D9:50:32:41:3B:CC:42:F5:16:9C:25:8C:B6:6D:EB:1E:EC:6C:DB:67 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2623: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2624: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2625: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw cert.sh: #2626: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2627: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2628: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -o root.cert cert.sh: #2629: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #2630: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2631: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #2632: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2633: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2634: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA.ca.cert cert.sh: #2635: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #2636: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2637: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #2638: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2639: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2640: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #2641: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2642: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2643: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #2644: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2645: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2646: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #2647: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2648: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #2649: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2650: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #2651: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2652: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2653: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2654: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2655: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2656: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2657: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2658: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2659: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2660: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2661: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2662: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2663: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2664: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #2665: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2666: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #2667: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2668: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2669: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #2670: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2671: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2672: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #2673: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2674: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2675: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #2676: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2677: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2678: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #2679: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2680: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2681: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #2682: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2683: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2684: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #2685: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2686: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2687: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #2688: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2689: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2690: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #2691: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2692: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2693: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #2694: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2695: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2696: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #2697: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2698: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2699: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #2700: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2701: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2702: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #2703: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2704: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2705: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #2706: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2707: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2708: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #2709: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2710: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2711: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #2712: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2713: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2714: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #2715: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2716: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2717: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #2718: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2719: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2720: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #2721: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2722: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2723: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #2724: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2725: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2726: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #2727: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2728: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2729: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #2730: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2731: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2732: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #2733: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2734: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2735: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #2736: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2737: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2738: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #2739: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2740: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2741: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #2742: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2743: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2744: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #2745: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2746: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2747: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #2748: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2749: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2750: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #2751: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2752: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2753: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #2754: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2755: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2756: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #2757: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2758: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2759: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #2760: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2761: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2762: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #2763: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2764: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2765: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #2766: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2767: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2768: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #2769: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2770: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2771: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #2772: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2773: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2774: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #2775: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2776: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2777: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #2778: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2779: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2780: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #2781: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2782: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #2783: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #2784: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #2785: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #2786: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #2787: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #2788: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #2789: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #2790: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #2791: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #2792: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2793: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #2794: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2795: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #2796: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Mon May 18 17:41:36 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 17:41:36 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2797: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a0:83:ad:ae:f3:b5:57:86:de:7f:b4:b4:72:2a:07:aa Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2798: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2799: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2800: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2801: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 69:83:40:fc:92:cd:ec:24:a5:ea:bb:f2:ce:e3:19:d5 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:37:05 2015 Not After : Mon May 18 21:37:05 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:2e:2a:d6:f4:08:4e:1b:2f:65:80:61:f9:1a:cc: b2:4b:2d:f0:02:66:61:04:64:76:0c:31:6b:ab:6e:c5: 8c:b3:86:70:08:cc:c0:e4:84:31:d5:e3:a3:59:55:74: aa:4f:d9:2f:ee:97:64:41:ab:a0:de:e7:85:28:d2:06: 18:cc:d2:01:ce:38:f6:68:3b:2a:9b:3f:6b:5c:2f:e7: 47:40:4b:7a:0c:c9:63:6d:93:07:8e:69:eb:15:42:f1: b0:5b:a7:a1:11:c2:7f:00:11:8a:e7:e0:22:a8:f7:b1: 26:45:5a:b5:98:3a:af:8e:88:f9:ae:12:87:fb:36:6f: 42:43:44:3d:e1 Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:41:6a:eb:4f:cb:72:b5:99:92:54:88:e0: 5d:03:9d:71:32:05:45:c2:b4:3f:e8:03:e9:48:68:9c: d0:a1:49:95:e2:bc:60:d5:c0:72:4b:67:a3:23:f9:5a: f5:72:5d:3b:17:ea:19:3c:e0:44:d4:57:12:5d:d1:62: 85:9b:f3:4a:9e:c5:02:42:01:65:59:ea:79:6c:56:7a: 30:f7:e3:54:73:4c:df:8e:a5:e2:1c:b2:e3:74:6f:23: 49:ff:69:4d:4b:ea:e5:e2:47:0f:f9:29:13:16:ee:dc: 78:e4:c2:51:0e:5a:f9:f4:32:59:f1:82:50:ae:3c:e7: 0b:10:cf:ff:84:86:7e:ec:62:ed Fingerprint (SHA-256): 71:86:13:A9:D8:86:B9:CE:01:2C:D0:AB:22:EF:3E:32:80:C0:34:07:84:3C:1E:D9:AF:EC:68:C5:13:76:FE:51 Fingerprint (SHA1): 9E:02:A3:58:EE:64:6F:7A:D5:E8:ED:6B:EF:70:E2:D0:30:06:E6:A1 Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:38:05 2015 Not After : Mon May 18 21:38:05 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:dd:3c:77:80:b8:bd:12:dc:11:3e:0e:35:ad:17:73: 42:63:54:90:fb:94:c6:c4:be:a8:64:f1:e0:6e:66:58: 45:b9:34:42:d9:e8:10:4a:9b:90:32:c8:e5:20:1d:df: ae:06:e0:36:a7:9d:85:27:1b:0f:85:b0:b2:96:e6:59: 29:5c:49:a5:80:7c:e7:29:1e:6c:52:e7:f4:da:34:e1: 95:84:1c:7e:63:96:35:ea:ba:1c:48:2f:57:6c:01:24: 28 Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:0d:ee:0a:c0:50:cd:0a:f8:cc:1e: 52:db:34:0c:5c:57:83:30:29:05:1f:eb:eb:de:1a:4f: a2:80:cb:05:41:a4:10:6b:65:4f:84:62:65:1d:ad:fc: 12:b3:e3:99:6b:0d:19:b3:d9:8c:ae:5c:c5:35:a9:6f: 2e:cc:29:24:63:b7:06:02:42:00:a7:bd:c6:2d:70:00: 9f:a7:50:53:46:25:3a:cf:0b:27:4d:06:64:12:94:89: ab:57:fe:3f:4c:bc:0a:0e:c6:75:78:c2:3f:64:b7:1e: 3e:a7:63:17:0e:98:86:a6:ef:4d:d2:9c:ef:43:4c:35: f7:59:e2:87:dc:17:06:f5:79:3c:ea Fingerprint (SHA-256): E3:BC:66:61:C0:07:10:CB:91:0B:2D:03:A0:94:10:29:B3:33:CC:81:D7:69:10:B8:98:7C:6E:C7:08:B6:CD:07 Fingerprint (SHA1): 4E:73:3C:0B:14:5B:16:76:20:EF:48:AA:28:B3:1B:F5:D0:7C:E2:DA Friendly Name: Alice-ec tools.sh: #2802: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2803: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: fb:1f:92:0d:56:93:15:92:0d:97:aa:57:82:4e:fc:ce Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2804: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2805: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2806: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: ac:d2:5c:d2:a1:32:65:53:1f:4d:54:b9:51:53:ec:bc Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2807: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2808: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2809: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: ff:65:b6:c5:56:fc:6d:aa:64:13:38:da:7c:08:9f:9e Iteration Count: 2000 (0x7d0) tools.sh: #2810: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2811: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2812: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 8b:da:47:a3:76:52:3a:38:b9:4c:69:91:8c:88:7c:2c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2813: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2814: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2815: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: cb:f7:27:1f:f1:64:82:ab:44:fd:ba:c8:d9:dc:9b:b2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2816: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2817: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2818: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 2f:77:25:31:8d:5d:f7:89:f3:47:41:e3:6e:25:5f:c1 Iteration Count: 2000 (0x7d0) tools.sh: #2819: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2820: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2821: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5d:0a:cf:98:c4:d8:b1:a1:f0:c4:8c:5e:9a:9e:4e:ed Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:fe:d5:2c:4f:f6:af:41:f6:00:fc:3e:02:80:27: 46:6f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2822: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2823: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2824: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a6:9f:78:7e:69:1d:1b:99:29:93:98:6b:14:41:01:9a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:f9:16:e7:e5:f4:0c:9e:bf:e5:80:d5:bf:42:ef: 54:3c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2825: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2826: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2827: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: fb:a9:cf:8f:37:ed:b6:df:3a:e6:c3:fb:48:7e:a5:0b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:17:63:f5:77:0f:6b:0a:0d:ff:33:f3:52:b9:a5: 53:9c tools.sh: #2828: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2829: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2830: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ff:5f:6e:28:a5:52:41:b7:1e:0a:04:10:c5:02:e1:5a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:cf:fc:dc:f7:0c:c9:14:56:48:5e:e2:12:95:71: 99:91 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2831: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2832: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2833: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 03:8a:19:35:9f:2e:ea:95:1a:7f:25:dc:5d:81:03:d7 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:c0:df:99:e0:35:13:32:a4:0f:22:93:08:b1:2e: 75:82 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2834: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2835: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2836: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b2:c9:32:eb:c0:64:e5:ba:34:3a:5a:cd:7f:b2:bd:b1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:6c:f2:72:0b:67:fe:10:af:fb:06:ba:e0:96:b0: 60:6f tools.sh: #2837: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2838: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2839: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a8:b9:a6:ff:00:14:91:f4:3b:0f:d6:41:51:0f:1f:87 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:8e:72:5e:f6:4c:bf:c9:5e:67:f9:24:e6:15:80: 03:bc Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2840: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2841: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2842: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ba:c5:45:78:84:7e:a5:af:2d:10:cb:45:b2:da:e7:5d Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:74:48:e5:ba:6b:77:67:43:ab:0f:63:cc:22:dc: 64:42 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2843: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2844: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2845: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c7:53:c2:5d:dc:c5:71:ed:3c:80:9d:08:cc:0e:85:7c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:12:46:89:45:cd:20:ed:32:eb:74:05:1e:f6:b0: 97:a2 tools.sh: #2846: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2847: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2848: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 87:d9:f1:c8:ce:39:33:f0:4f:12:64:58:ff:8e:c7:36 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:22:6d:e9:ab:be:7a:1b:99:88:bd:80:30:37:ad: c4:a2 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2849: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2850: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2851: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 93:83:50:da:a2:c9:73:a1:ba:62:e8:a2:13:23:0e:ce Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:03:ee:49:4e:58:5e:9b:27:87:c6:76:bc:48:80: ce:0b Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2852: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2853: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2854: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 0d:17:44:56:93:02:56:23:f1:2f:ea:b5:eb:85:ff:e6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:03:ef:e7:70:4e:ff:66:f6:a9:ad:7c:6b:7c:ef: d6:0c tools.sh: #2855: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2856: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2857: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 00:9f:ad:d1:32:10:d0:52:90:3f:2f:4b:d7:30:62:34 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:08:1f:85:ec:5d:e7:5b:93:8c:1e:c8:ec:c6:4d: 4d:a1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2858: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2859: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2860: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: da:26:99:35:13:cc:08:fa:9d:e7:ef:8c:fd:67:ce:a6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:ff:45:51:6b:f8:98:d6:69:4c:f6:14:09:de:ce: 53:49 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2861: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2862: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2863: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 72:0f:9c:88:e3:33:96:de:f3:94:49:5f:e9:b3:92:92 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:d7:06:db:ad:58:35:55:b9:01:29:86:36:88:b9: ca:a0 tools.sh: #2864: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2865: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2866: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c5:63:7b:25:6c:f4:ee:c4:69:31:aa:7e:47:cd:d1:4c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:dd:a0:9e:16:9d:3c:4b:93:92:34:79:eb:21:25: f6:e2 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2867: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2868: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2869: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a2:a5:71:c0:fe:d2:6c:58:dd:e0:df:85:f1:d8:bd:99 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:37:98:d8:69:39:af:58:e7:be:70:2a:4e:b1:05: c3:29 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2870: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2871: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2872: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 54:e8:ee:47:f7:f4:1a:02:cf:7f:44:8f:dd:c4:c0:6f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:88:e2:b7:53:2a:d5:6e:2d:88:13:e0:c9:f4:56: ea:6c tools.sh: #2873: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2874: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2875: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 79:65:b8:69:ad:0a:c4:b7:66:f3:fe:fd:ec:80:d9:a1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2876: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2877: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2878: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: b2:45:72:14:93:07:78:44:0d:fb:c2:09:e2:f3:87:41 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2879: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2880: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2881: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: fa:71:73:8a:fc:78:63:c7:a6:ac:0b:ee:c6:08:93:05 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2882: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2883: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2884: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: a6:bd:1e:8d:48:f8:fe:2d:c2:60:1f:78:90:2c:09:3b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2885: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2886: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2887: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 22:11:16:b3:33:54:5b:29:a9:06:35:a2:dc:ef:59:c4 Iteration Count: 2000 (0x7d0) tools.sh: #2888: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2889: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2890: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 29:6d:48:e6:2b:18:70:35:63:56:93:fc:71:04:6d:0e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2891: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2892: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2893: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 4b:0a:39:d6:9c:33:a9:64:0c:6a:94:8c:56:13:6a:a6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2894: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2895: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2896: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 38:7c:d4:90:49:80:37:ed:cd:12:d5:ec:77:87:f9:2d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2897: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2898: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2899: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 9a:8b:6b:5c:c3:d7:38:47:05:74:ed:43:7b:a8:52:e8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2900: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2901: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2902: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 5a:a3:5b:3e:91:5a:3a:9f:9c:9d:bc:77:55:6d:48:37 Iteration Count: 2000 (0x7d0) tools.sh: #2903: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2904: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2905: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 52:5a:81:e1:88:dd:5d:08:d9:78:19:19:0a:d9:5e:04 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2906: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2907: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2908: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: f4:a1:ed:55:14:75:19:f0:63:bb:fb:c0:17:1a:a7:18 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2909: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2910: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2911: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 91:f4:9d:dc:bc:32:38:64:19:af:91:f6:b9:b1:99:0f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2912: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2913: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2914: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 8f:78:71:7d:29:75:eb:56:36:cd:93:51:d9:d2:d1:b5 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2915: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2916: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2917: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: ea:67:f9:4b:ce:31:18:cb:db:7f:a1:4a:b4:23:fa:2c Iteration Count: 2000 (0x7d0) tools.sh: #2918: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2919: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2920: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 2f:c5:82:4f:51:ce:20:6e:3c:0b:a9:03:4d:8f:a4:2d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2921: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2922: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2923: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6c:ef:2f:0f:f8:d1:35:91:32:93:b2:7a:14:ad:d9:ce Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2924: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2925: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2926: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 87:5b:2f:2a:62:77:90:98:ba:b1:19:ca:d8:34:63:88 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2927: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2928: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2929: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 19:d3:60:e3:15:db:52:c5:da:8a:f0:f2:9f:54:21:e4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2930: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2931: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2932: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: fb:ec:4f:59:e0:88:5b:3b:1b:ec:c7:79:fe:8c:c4:68 Iteration Count: 2000 (0x7d0) tools.sh: #2933: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2934: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2935: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a6:92:08:77:c3:9d:61:3f:e3:81:c9:f8:0c:2c:bf:a1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2936: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2937: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2938: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 5e:08:dc:00:ed:87:c4:52:c6:e3:de:e6:23:06:0e:64 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2939: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2940: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2941: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c2:0d:21:22:9f:9f:05:73:76:37:ac:e6:91:74:6e:05 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2942: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2943: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2944: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d2:23:4f:e0:89:c1:60:87:45:3c:80:e9:35:f5:10:1b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2945: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2946: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2947: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 48:8e:bb:42:d5:24:c7:ae:01:ca:28:d7:05:74:74:3b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2948: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2949: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2950: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3f:2e:7e:f6:56:3f:b2:a6:ca:c7:e3:12:93:07:61:5f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2951: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2952: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2953: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 36:81:35:47:ab:e4:5e:17:fe:0f:c8:f1:8e:b4:af:36 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2954: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2955: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2956: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0f:a6:c1:7d:40:70:c5:fa:39:d4:18:93:96:b9:07:3f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2957: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2958: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2959: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 41:58:f2:23:18:1a:54:ae:32:90:a5:35:77:53:49:65 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2960: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2961: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2962: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 1a:e5:de:86:82:35:b0:a2:01:f2:dc:89:30:11:a0:d4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:36:51 2015 Not After : Mon May 18 21:36:51 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:69:d1:f2:a8:b9:2c:f0:ed:26:42:70:2c:f2:79:60: 27:3f:d0:41:32:32:a8:4e:d5:31:e4:a4:bc:12:e3:0d: be:99:f8:0c:6d:9c:82:1e:19:13:2c:58:3e:2f:a7:0b: 2d:43:f7:f7:f9:7e:72:97:10:ee:6c:5c:3b:d5:02:d1: 6d:b7:f9:39:a2:90:78:61:c0:85:70:ee:d2:47:25:db: 42:30:a9:4e:64:8c:d5:14:53:ed:66:28:64:6d:f7:00: 23:cc:14:ed:27:5c:bb:7c:81:f7:b3:fb:93:27:12:20: 97:39:8f:b8:69:4a:12:64:f3:b2:0d:6f:a4:82:92:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:3b:15:f4:82:82:c2:29:1a:15:60:f4:6c:3a:fa:2e: 41:01:b6:0a:bd:8f:7b:0a:25:42:e8:a7:d3:98:83:c0: 87:3b:c9:0c:d4:9d:db:6f:e1:66:78:8d:6b:c7:35:ea: 5e:55:b5:87:e7:fd:8e:2f:6e:fa:7f:b6:a6:86:aa:ef: b3:be:74:bf:eb:dc:f9:f3:23:a9:3d:81:40:53:f7:9f: d3:61:7f:22:42:35:96:60:b2:2e:b1:79:84:53:d1:e7: 92:f6:3f:dc:69:33:ee:88:b2:0b:3f:a4:92:4a:53:c6: 55:57:06:71:2b:cc:e5:b2:f5:15:e8:ce:00:c1:20:a9 Fingerprint (SHA-256): E5:85:CE:44:5E:DB:46:D6:D1:E5:6F:DE:9A:7E:61:12:1E:FB:56:D1:E1:CC:26:94:EB:84:63:9D:F6:CB:62:EA Fingerprint (SHA1): 34:CF:E5:32:99:2E:7E:03:A3:6B:CF:81:DE:69:DD:A2:EE:4B:75:ED Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:38:04 2015 Not After : Mon May 18 21:38:04 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:56:63:31:64:ae:7b:6e:0f:3e:df:ca:1a:58:93:b4: 37:de:49:dc:1c:10:45:b0:82:78:a9:be:b8:c3:a8:20: 2b:69:98:15:5f:cb:80:a7:84:b9:95:db:f8:d4:9b:5f: 18:a8:47:f1:e3:b0:73:4b:6a:bf:57:38:56:1b:dc:4e: cb:d7:62:74:4f:74:10:ee:3d:3f:27:db:bb:ef:31:be: 39:42:6a:f8:a7:be:66:d6:04:90:9d:ad:24:f9:87:5d: 39:eb:85:3c:14:92:e8:93:6c:e2:9a:31:40:6e:17:b8: 19:c7:83:f9:2c:77:77:06:90:1c:3d:10:dc:98:aa:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:59:1d:d5:ed:34:c8:cc:48:8d:41:24:13:1f:17:a3: 95:c9:3f:89:ce:35:e9:92:a7:1f:14:c2:0b:f0:52:8f: bf:1d:f8:35:9e:f3:e2:a7:e5:de:0c:51:c8:48:8c:44: 3f:6c:ff:4c:48:61:32:7f:e0:be:f0:d3:ea:6d:cf:50: 37:c9:32:05:de:7d:69:03:db:45:ed:6b:29:34:b4:e7: b1:63:f4:fc:5b:68:4d:ba:93:29:8a:ba:e8:10:03:96: 99:61:01:11:77:69:cf:39:55:7d:0d:8c:d1:b3:9b:1a: 86:67:d0:3e:d6:b8:a2:8a:19:ec:ff:8e:6c:d2:83:ad Fingerprint (SHA-256): 99:39:2B:F4:83:21:18:88:0A:58:39:7E:4C:01:D0:16:CC:86:86:91:F1:19:5D:BB:E8:A0:DA:17:48:EF:4D:B3 Fingerprint (SHA1): BA:C2:1D:9E:B4:1B:EA:DF:0E:E1:3F:08:43:C9:CA:46:D7:F3:AF:5A Friendly Name: Alice tools.sh: #2963: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2964: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #2965: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2966: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #2967: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%) tree "../tools/html" signed successfully tools.sh: #2968: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2969: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2970: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #2971: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2972: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2973: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 17:43:08 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 17:43:08 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #2974: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2975: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 092f36d9f853fb5c996d3754e96188391619e495 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #2976: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #2977: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #2978: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #2979: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #2980: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2981: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #2982: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2983: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #2984: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2985: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2986: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 092f36d9f853fb5c996d3754e96188391619e495 FIPS_PUB_140_Test_Certificate fips.sh: #2987: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #2988: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2989: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2990: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2991: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 092f36d9f853fb5c996d3754e96188391619e495 FIPS_PUB_140_Test_Certificate fips.sh: #2992: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #2993: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #2994: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle dbtest -r -d ../fips fips.sh: #2995: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 17:43:52 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 17:43:52 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 17:43:52 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Mon May 18 17:43:52 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Mon May 18 17:43:52 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Mon May 18 17:43:52 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Mon May 18 17:43:52 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Mon May 18 17:43:52 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #2996: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174353 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2997: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #2998: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #2999: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #3000: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3001: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3002: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3003: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3004: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #3005: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3006: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3007: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3008: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3009: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #3010: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3011: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3012: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3013: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3014: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #3015: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3016: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3017: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3018: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #3019: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3020: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3021: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3022: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #3023: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3024: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3025: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3026: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #3027: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3028: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3029: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3030: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #3031: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3032: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3033: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3034: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #3035: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3036: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3037: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3038: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #3039: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3040: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3041: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3042: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #3043: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3044: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3045: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3046: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #3047: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3048: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3049: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3050: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #3051: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3052: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3053: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3054: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #3055: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3056: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3057: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3058: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518214439Z nextupdate=20160518214439Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 21:44:39 2015 Next Update: Wed May 18 21:44:39 2016 CRL Extensions: chains.sh: #3059: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518214440Z addcert 2 20150518214440Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 21:44:40 2015 Next Update: Wed May 18 21:44:39 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:40 2015 CRL Extensions: chains.sh: #3060: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518214441Z nextupdate=20160518214441Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:44:41 2015 Next Update: Wed May 18 21:44:41 2016 CRL Extensions: chains.sh: #3061: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518214442Z addcert 2 20150518214442Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:44:42 2015 Next Update: Wed May 18 21:44:41 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:42 2015 CRL Extensions: chains.sh: #3062: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518214443Z addcert 4 20150518214443Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 21:44:43 2015 Next Update: Wed May 18 21:44:41 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:42 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Mon May 18 21:44:43 2015 CRL Extensions: chains.sh: #3063: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518214443Z nextupdate=20160518214443Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:44:43 2015 Next Update: Wed May 18 21:44:43 2016 CRL Extensions: chains.sh: #3064: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518214444Z addcert 2 20150518214444Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:44:44 2015 Next Update: Wed May 18 21:44:43 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:44 2015 CRL Extensions: chains.sh: #3065: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518214445Z addcert 3 20150518214445Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 21:44:45 2015 Next Update: Wed May 18 21:44:43 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:44 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 21:44:45 2015 CRL Extensions: chains.sh: #3066: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518214446Z nextupdate=20160518214446Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:44:46 2015 Next Update: Wed May 18 21:44:46 2016 CRL Extensions: chains.sh: #3067: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518214447Z addcert 2 20150518214447Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:44:47 2015 Next Update: Wed May 18 21:44:46 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:47 2015 CRL Extensions: chains.sh: #3068: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518214448Z addcert 3 20150518214448Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 21:44:48 2015 Next Update: Wed May 18 21:44:46 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 21:44:47 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 21:44:48 2015 CRL Extensions: chains.sh: #3069: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #3070: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #3071: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #3072: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3073: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3074: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3075: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3076: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #3077: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #3078: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #3079: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #3080: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #3081: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #3082: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #3083: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #3084: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #3085: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #3086: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #3087: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #3088: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #3089: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #3090: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #3091: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #3092: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #3093: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Mon May 18 17:45:02 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:45:02 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:45:07 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3094: Waiting for Server - FAILED kill -0 9935 >/dev/null 2>/dev/null httpserv with PID 9935 found at Mon May 18 17:45:08 EDT 2015 httpserv with PID 9935 started at Mon May 18 17:45:08 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3095: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 9935 at Mon May 18 17:45:09 EDT 2015 kill -USR1 9935 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 9935 killed at Mon May 18 17:45:10 EDT 2015 httpserv starting at Mon May 18 17:45:10 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:45:10 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:45:15 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3096: Waiting for Server - FAILED kill -0 10022 >/dev/null 2>/dev/null httpserv with PID 10022 found at Mon May 18 17:45:16 EDT 2015 httpserv with PID 10022 started at Mon May 18 17:45:16 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3097: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 10022 at Mon May 18 17:45:17 EDT 2015 kill -USR1 10022 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 10022 killed at Mon May 18 17:45:18 EDT 2015 httpserv starting at Mon May 18 17:45:18 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:45:18 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:45:23 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3098: Waiting for Server - FAILED kill -0 10109 >/dev/null 2>/dev/null httpserv with PID 10109 found at Mon May 18 17:45:23 EDT 2015 httpserv with PID 10109 started at Mon May 18 17:45:23 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3099: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174354 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3100: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3101: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3102: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174355 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3103: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3104: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3105: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3106: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174356 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3107: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3108: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174357 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3109: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3110: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3111: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3112: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3113: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518174358 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3114: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3115: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3116: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3117: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3118: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174355 (0x1ee2b693) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:45:29 2015 Not After : Mon May 18 21:45:29 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:18:63:a7:4b:55:0b:81:41:83:29:82:a4:13:24: 48:6b:b0:4b:9a:ff:5b:ec:c3:d7:6e:17:55:4f:32:2c: 17:01:d9:d9:c4:1c:f9:5a:8c:ec:f9:d5:ce:b6:d9:c1: 6a:40:97:f1:22:f9:b1:1b:3b:4b:f7:f9:80:86:ba:6c: 7e:f1:df:6c:d2:16:92:ef:86:f8:7b:41:86:6f:ff:84: d8:bd:3e:7e:71:9c:29:ea:99:55:00:ed:5c:b7:88:ed: 3b:02:d2:c7:79:8e:49:50:e9:26:15:c1:5f:23:b9:83: b2:ba:22:08:aa:28:06:36:bd:32:cf:11:3d:d9:a6:55 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:bd:fc:22:3d:d1:94:ce:47:ba:00:1a:9b:85:27:1b: 2b:18:b9:98:ab:7d:73:a2:5b:3b:6e:76:02:25:ba:c7: 96:28:46:0a:23:19:85:66:21:bb:a0:5d:c1:cf:26:e8: 5b:43:04:be:aa:e0:69:66:dc:b7:28:f1:b5:8f:6d:b2: d7:e5:6f:b3:4a:28:0e:1a:61:81:04:f5:00:28:49:cf: dc:55:00:0f:51:40:98:d1:0c:2b:77:c4:8f:17:7c:8b: 16:0c:ab:5a:55:6f:72:d1:b3:84:f0:d1:dc:70:6a:5f: 09:f7:6c:97:93:d3:36:1d:2e:36:2f:89:9a:2d:62:7a Fingerprint (SHA-256): 35:18:28:37:47:ED:A2:BD:BD:A5:44:C0:8C:CC:52:7A:90:BF:4C:6C:96:83:4E:C0:FC:4D:A5:C0:36:7C:6E:C2 Fingerprint (SHA1): FB:A7:25:E4:51:15:C4:D7:27:F8:2D:9E:AD:A0:0A:3B:56:48:55:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3119: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174354 (0x1ee2b692) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:45:26 2015 Not After : Mon May 18 21:45:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:56:92:08:46:ed:be:45:e0:73:07:7e:b6:3a:ef:91: 2d:f3:64:cb:14:c2:25:de:b7:80:a1:5f:34:53:ad:86: 06:16:73:13:b5:93:22:80:0d:f6:18:03:3d:ef:1b:5b: 16:a3:eb:1e:aa:70:5c:87:f1:8d:b5:d3:2c:ca:f6:ee: 76:78:9c:56:56:7b:cd:a6:ba:42:de:f1:a3:eb:44:2e: 57:bb:20:e5:bd:ba:db:e3:03:b4:30:b7:2f:ab:52:62: 6a:22:7e:83:b0:23:70:62:f9:bb:e4:19:44:97:29:45: e3:1d:c7:0f:19:9c:fd:d7:b9:ec:70:f0:db:1e:54:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:f9:5a:02:f8:f9:8f:3a:6b:95:03:6d:aa:e4:21:ad: 45:f6:9c:d6:ca:15:64:a1:61:4b:e3:ad:88:e4:5d:5a: 8a:49:c9:04:cb:98:19:e6:39:13:cf:73:6b:4e:fc:90: 26:7c:7a:69:8f:09:26:5f:e3:e7:53:c5:9e:1e:fb:ed: a5:10:71:06:cf:57:96:9b:e8:da:a1:fc:31:7c:60:3b: b2:c4:fc:71:79:d0:04:1a:2e:f7:4a:03:ae:d7:ea:ea: b0:ad:23:5d:2e:84:d3:49:6b:9c:23:fb:55:cf:8f:cb: 2a:bb:2a:1b:1b:49:74:e3:5a:06:89:7a:f1:bc:17:a0 Fingerprint (SHA-256): 57:A7:27:FE:91:30:A1:A0:4E:EC:D3:04:DD:13:02:01:92:BB:3E:84:78:BE:65:3B:B1:D7:47:DF:59:A4:C0:C9 Fingerprint (SHA1): 2E:C8:3D:78:D9:00:36:17:74:4F:7A:0D:3D:E8:2A:A8:B0:D6:57:E8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3120: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3121: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3122: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3123: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174354 (0x1ee2b692) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:45:26 2015 Not After : Mon May 18 21:45:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:56:92:08:46:ed:be:45:e0:73:07:7e:b6:3a:ef:91: 2d:f3:64:cb:14:c2:25:de:b7:80:a1:5f:34:53:ad:86: 06:16:73:13:b5:93:22:80:0d:f6:18:03:3d:ef:1b:5b: 16:a3:eb:1e:aa:70:5c:87:f1:8d:b5:d3:2c:ca:f6:ee: 76:78:9c:56:56:7b:cd:a6:ba:42:de:f1:a3:eb:44:2e: 57:bb:20:e5:bd:ba:db:e3:03:b4:30:b7:2f:ab:52:62: 6a:22:7e:83:b0:23:70:62:f9:bb:e4:19:44:97:29:45: e3:1d:c7:0f:19:9c:fd:d7:b9:ec:70:f0:db:1e:54:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:f9:5a:02:f8:f9:8f:3a:6b:95:03:6d:aa:e4:21:ad: 45:f6:9c:d6:ca:15:64:a1:61:4b:e3:ad:88:e4:5d:5a: 8a:49:c9:04:cb:98:19:e6:39:13:cf:73:6b:4e:fc:90: 26:7c:7a:69:8f:09:26:5f:e3:e7:53:c5:9e:1e:fb:ed: a5:10:71:06:cf:57:96:9b:e8:da:a1:fc:31:7c:60:3b: b2:c4:fc:71:79:d0:04:1a:2e:f7:4a:03:ae:d7:ea:ea: b0:ad:23:5d:2e:84:d3:49:6b:9c:23:fb:55:cf:8f:cb: 2a:bb:2a:1b:1b:49:74:e3:5a:06:89:7a:f1:bc:17:a0 Fingerprint (SHA-256): 57:A7:27:FE:91:30:A1:A0:4E:EC:D3:04:DD:13:02:01:92:BB:3E:84:78:BE:65:3B:B1:D7:47:DF:59:A4:C0:C9 Fingerprint (SHA1): 2E:C8:3D:78:D9:00:36:17:74:4F:7A:0D:3D:E8:2A:A8:B0:D6:57:E8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3124: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174355 (0x1ee2b693) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:45:29 2015 Not After : Mon May 18 21:45:29 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:18:63:a7:4b:55:0b:81:41:83:29:82:a4:13:24: 48:6b:b0:4b:9a:ff:5b:ec:c3:d7:6e:17:55:4f:32:2c: 17:01:d9:d9:c4:1c:f9:5a:8c:ec:f9:d5:ce:b6:d9:c1: 6a:40:97:f1:22:f9:b1:1b:3b:4b:f7:f9:80:86:ba:6c: 7e:f1:df:6c:d2:16:92:ef:86:f8:7b:41:86:6f:ff:84: d8:bd:3e:7e:71:9c:29:ea:99:55:00:ed:5c:b7:88:ed: 3b:02:d2:c7:79:8e:49:50:e9:26:15:c1:5f:23:b9:83: b2:ba:22:08:aa:28:06:36:bd:32:cf:11:3d:d9:a6:55 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:bd:fc:22:3d:d1:94:ce:47:ba:00:1a:9b:85:27:1b: 2b:18:b9:98:ab:7d:73:a2:5b:3b:6e:76:02:25:ba:c7: 96:28:46:0a:23:19:85:66:21:bb:a0:5d:c1:cf:26:e8: 5b:43:04:be:aa:e0:69:66:dc:b7:28:f1:b5:8f:6d:b2: d7:e5:6f:b3:4a:28:0e:1a:61:81:04:f5:00:28:49:cf: dc:55:00:0f:51:40:98:d1:0c:2b:77:c4:8f:17:7c:8b: 16:0c:ab:5a:55:6f:72:d1:b3:84:f0:d1:dc:70:6a:5f: 09:f7:6c:97:93:d3:36:1d:2e:36:2f:89:9a:2d:62:7a Fingerprint (SHA-256): 35:18:28:37:47:ED:A2:BD:BD:A5:44:C0:8C:CC:52:7A:90:BF:4C:6C:96:83:4E:C0:FC:4D:A5:C0:36:7C:6E:C2 Fingerprint (SHA1): FB:A7:25:E4:51:15:C4:D7:27:F8:2D:9E:AD:A0:0A:3B:56:48:55:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3125: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3126: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3127: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3128: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3129: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3130: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174355 (0x1ee2b693) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:45:29 2015 Not After : Mon May 18 21:45:29 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:18:63:a7:4b:55:0b:81:41:83:29:82:a4:13:24: 48:6b:b0:4b:9a:ff:5b:ec:c3:d7:6e:17:55:4f:32:2c: 17:01:d9:d9:c4:1c:f9:5a:8c:ec:f9:d5:ce:b6:d9:c1: 6a:40:97:f1:22:f9:b1:1b:3b:4b:f7:f9:80:86:ba:6c: 7e:f1:df:6c:d2:16:92:ef:86:f8:7b:41:86:6f:ff:84: d8:bd:3e:7e:71:9c:29:ea:99:55:00:ed:5c:b7:88:ed: 3b:02:d2:c7:79:8e:49:50:e9:26:15:c1:5f:23:b9:83: b2:ba:22:08:aa:28:06:36:bd:32:cf:11:3d:d9:a6:55 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:bd:fc:22:3d:d1:94:ce:47:ba:00:1a:9b:85:27:1b: 2b:18:b9:98:ab:7d:73:a2:5b:3b:6e:76:02:25:ba:c7: 96:28:46:0a:23:19:85:66:21:bb:a0:5d:c1:cf:26:e8: 5b:43:04:be:aa:e0:69:66:dc:b7:28:f1:b5:8f:6d:b2: d7:e5:6f:b3:4a:28:0e:1a:61:81:04:f5:00:28:49:cf: dc:55:00:0f:51:40:98:d1:0c:2b:77:c4:8f:17:7c:8b: 16:0c:ab:5a:55:6f:72:d1:b3:84:f0:d1:dc:70:6a:5f: 09:f7:6c:97:93:d3:36:1d:2e:36:2f:89:9a:2d:62:7a Fingerprint (SHA-256): 35:18:28:37:47:ED:A2:BD:BD:A5:44:C0:8C:CC:52:7A:90:BF:4C:6C:96:83:4E:C0:FC:4D:A5:C0:36:7C:6E:C2 Fingerprint (SHA1): FB:A7:25:E4:51:15:C4:D7:27:F8:2D:9E:AD:A0:0A:3B:56:48:55:31 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3131: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174355 (0x1ee2b693) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:45:29 2015 Not After : Mon May 18 21:45:29 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:18:63:a7:4b:55:0b:81:41:83:29:82:a4:13:24: 48:6b:b0:4b:9a:ff:5b:ec:c3:d7:6e:17:55:4f:32:2c: 17:01:d9:d9:c4:1c:f9:5a:8c:ec:f9:d5:ce:b6:d9:c1: 6a:40:97:f1:22:f9:b1:1b:3b:4b:f7:f9:80:86:ba:6c: 7e:f1:df:6c:d2:16:92:ef:86:f8:7b:41:86:6f:ff:84: d8:bd:3e:7e:71:9c:29:ea:99:55:00:ed:5c:b7:88:ed: 3b:02:d2:c7:79:8e:49:50:e9:26:15:c1:5f:23:b9:83: b2:ba:22:08:aa:28:06:36:bd:32:cf:11:3d:d9:a6:55 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:bd:fc:22:3d:d1:94:ce:47:ba:00:1a:9b:85:27:1b: 2b:18:b9:98:ab:7d:73:a2:5b:3b:6e:76:02:25:ba:c7: 96:28:46:0a:23:19:85:66:21:bb:a0:5d:c1:cf:26:e8: 5b:43:04:be:aa:e0:69:66:dc:b7:28:f1:b5:8f:6d:b2: d7:e5:6f:b3:4a:28:0e:1a:61:81:04:f5:00:28:49:cf: dc:55:00:0f:51:40:98:d1:0c:2b:77:c4:8f:17:7c:8b: 16:0c:ab:5a:55:6f:72:d1:b3:84:f0:d1:dc:70:6a:5f: 09:f7:6c:97:93:d3:36:1d:2e:36:2f:89:9a:2d:62:7a Fingerprint (SHA-256): 35:18:28:37:47:ED:A2:BD:BD:A5:44:C0:8C:CC:52:7A:90:BF:4C:6C:96:83:4E:C0:FC:4D:A5:C0:36:7C:6E:C2 Fingerprint (SHA1): FB:A7:25:E4:51:15:C4:D7:27:F8:2D:9E:AD:A0:0A:3B:56:48:55:31 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3132: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3133: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3134: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3135: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3136: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3137: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174354 (0x1ee2b692) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:45:26 2015 Not After : Mon May 18 21:45:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:56:92:08:46:ed:be:45:e0:73:07:7e:b6:3a:ef:91: 2d:f3:64:cb:14:c2:25:de:b7:80:a1:5f:34:53:ad:86: 06:16:73:13:b5:93:22:80:0d:f6:18:03:3d:ef:1b:5b: 16:a3:eb:1e:aa:70:5c:87:f1:8d:b5:d3:2c:ca:f6:ee: 76:78:9c:56:56:7b:cd:a6:ba:42:de:f1:a3:eb:44:2e: 57:bb:20:e5:bd:ba:db:e3:03:b4:30:b7:2f:ab:52:62: 6a:22:7e:83:b0:23:70:62:f9:bb:e4:19:44:97:29:45: e3:1d:c7:0f:19:9c:fd:d7:b9:ec:70:f0:db:1e:54:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:f9:5a:02:f8:f9:8f:3a:6b:95:03:6d:aa:e4:21:ad: 45:f6:9c:d6:ca:15:64:a1:61:4b:e3:ad:88:e4:5d:5a: 8a:49:c9:04:cb:98:19:e6:39:13:cf:73:6b:4e:fc:90: 26:7c:7a:69:8f:09:26:5f:e3:e7:53:c5:9e:1e:fb:ed: a5:10:71:06:cf:57:96:9b:e8:da:a1:fc:31:7c:60:3b: b2:c4:fc:71:79:d0:04:1a:2e:f7:4a:03:ae:d7:ea:ea: b0:ad:23:5d:2e:84:d3:49:6b:9c:23:fb:55:cf:8f:cb: 2a:bb:2a:1b:1b:49:74:e3:5a:06:89:7a:f1:bc:17:a0 Fingerprint (SHA-256): 57:A7:27:FE:91:30:A1:A0:4E:EC:D3:04:DD:13:02:01:92:BB:3E:84:78:BE:65:3B:B1:D7:47:DF:59:A4:C0:C9 Fingerprint (SHA1): 2E:C8:3D:78:D9:00:36:17:74:4F:7A:0D:3D:E8:2A:A8:B0:D6:57:E8 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3138: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174354 (0x1ee2b692) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:45:26 2015 Not After : Mon May 18 21:45:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:56:92:08:46:ed:be:45:e0:73:07:7e:b6:3a:ef:91: 2d:f3:64:cb:14:c2:25:de:b7:80:a1:5f:34:53:ad:86: 06:16:73:13:b5:93:22:80:0d:f6:18:03:3d:ef:1b:5b: 16:a3:eb:1e:aa:70:5c:87:f1:8d:b5:d3:2c:ca:f6:ee: 76:78:9c:56:56:7b:cd:a6:ba:42:de:f1:a3:eb:44:2e: 57:bb:20:e5:bd:ba:db:e3:03:b4:30:b7:2f:ab:52:62: 6a:22:7e:83:b0:23:70:62:f9:bb:e4:19:44:97:29:45: e3:1d:c7:0f:19:9c:fd:d7:b9:ec:70:f0:db:1e:54:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:f9:5a:02:f8:f9:8f:3a:6b:95:03:6d:aa:e4:21:ad: 45:f6:9c:d6:ca:15:64:a1:61:4b:e3:ad:88:e4:5d:5a: 8a:49:c9:04:cb:98:19:e6:39:13:cf:73:6b:4e:fc:90: 26:7c:7a:69:8f:09:26:5f:e3:e7:53:c5:9e:1e:fb:ed: a5:10:71:06:cf:57:96:9b:e8:da:a1:fc:31:7c:60:3b: b2:c4:fc:71:79:d0:04:1a:2e:f7:4a:03:ae:d7:ea:ea: b0:ad:23:5d:2e:84:d3:49:6b:9c:23:fb:55:cf:8f:cb: 2a:bb:2a:1b:1b:49:74:e3:5a:06:89:7a:f1:bc:17:a0 Fingerprint (SHA-256): 57:A7:27:FE:91:30:A1:A0:4E:EC:D3:04:DD:13:02:01:92:BB:3E:84:78:BE:65:3B:B1:D7:47:DF:59:A4:C0:C9 Fingerprint (SHA1): 2E:C8:3D:78:D9:00:36:17:74:4F:7A:0D:3D:E8:2A:A8:B0:D6:57:E8 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3139: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3140: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174359 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3141: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3142: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3143: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174360 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3144: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3145: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3146: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174361 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3147: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3148: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3149: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174362 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3150: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3151: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3152: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174363 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3153: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3154: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3155: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174364 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3156: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3157: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3158: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174365 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3159: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3160: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3161: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174366 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3162: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3163: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3164: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174367 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3165: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3166: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3167: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3168: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518174368 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3169: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3170: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518174369 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3171: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3172: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518174370 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3173: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3174: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3175: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3176: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3177: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518174371 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3178: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3179: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518174372 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3180: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3181: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518174373 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3182: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3183: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3184: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3185: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3186: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518174374 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3187: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3188: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518174375 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3189: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3190: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518174376 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3191: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3192: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #3193: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #3194: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3195: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518174377 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3196: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3197: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518174378 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3198: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3199: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518174379 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3200: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3201: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #3202: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3203: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3204: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518174380 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3205: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3206: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3207: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3208: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174381 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3209: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3210: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174359 (0x1ee2b697) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 21:45:54 2015 Not After : Mon May 18 21:45:54 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:07:8a:b2:ee:88:d7:e4:b2:7d:eb:3a:21:4c:ca:31: 3e:b8:a3:be:e2:d7:bb:26:56:c8:86:72:0f:d1:eb:78: 0a:18:3c:42:09:f6:c9:61:c6:7f:2b:8f:ba:2a:67:ca: 37:05:bb:4c:22:ad:1a:45:6c:a9:22:ae:d7:2b:be:80: 93:a7:c4:0b:48:46:b5:c9:d2:a0:00:d9:fb:7b:6a:a4: 60:3c:64:f4:b9:d1:23:15:3d:88:23:00:0a:7f:f1:47: e6:7d:7f:59:67:25:40:89:1d:8d:95:a8:ac:28:72:2b: 11:30:f2:12:3c:3e:cf:21:01:0f:a2:33:e6:e6:3b:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 28:71:32:fd:1c:61:cb:7a:f3:85:17:24:0e:1b:aa:98: 41:e0:57:8f:8d:0b:6c:8c:43:1f:5c:10:ad:1a:2a:01: 4b:09:9d:6b:a0:96:45:90:0a:2c:41:19:f8:d0:39:81: a7:b2:5c:df:b4:58:70:fe:fc:59:75:56:4e:54:80:b2: 41:70:40:94:59:05:64:46:1d:31:bd:6b:da:9e:7a:21: cf:8a:10:c8:c1:13:ea:d0:6b:d4:8d:ca:61:ba:66:a7: 21:18:71:4f:75:1f:5d:ef:a8:f3:ae:19:1e:5d:e5:fe: 9d:4e:8f:ed:b6:29:aa:d7:42:af:61:d2:58:96:20:c2 Fingerprint (SHA-256): E7:3C:B7:82:B7:7D:11:0A:14:6A:7A:B4:55:26:5A:31:F8:0D:83:13:10:73:CC:2F:08:79:CC:21:0D:5D:29:B0 Fingerprint (SHA1): A7:33:A4:92:8B:D6:42:80:57:68:71:34:F6:9A:58:E0:16:4A:2A:68 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3211: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174360 (0x1ee2b698) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 21:45:56 2015 Not After : Mon May 18 21:45:56 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:8e:2d:06:50:c7:29:08:53:f3:26:8d:c9:a2:5e:e5: db:db:cf:45:91:a6:07:5d:ff:66:26:d1:fb:b2:1a:21: 0d:fb:f2:7a:a8:fd:41:3a:39:b0:a5:73:c6:81:65:f7: 98:4e:f3:a5:40:f6:ab:d8:28:50:63:1a:1f:49:49:0d: d0:b3:53:96:ea:2a:9f:e7:37:e4:4b:91:1d:c0:25:f9: 06:74:9b:44:d0:52:a3:ed:63:e7:c9:ad:95:95:18:e1: 78:f4:f6:a1:49:66:b1:17:97:ce:c8:62:ae:24:64:d6: 99:7a:de:05:4e:f0:e5:62:73:e6:f6:ff:20:75:f0:57 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:bb:8d:01:ae:ec:a9:ca:fb:08:99:cb:83:36:ec:aa: 86:0f:9d:20:9a:65:a7:c5:64:de:30:85:b1:d3:75:8f: 02:0a:22:d1:c6:9e:97:b9:0d:6e:24:af:ae:13:31:9f: ff:c9:e6:f4:8e:ef:7d:70:b5:21:31:a0:df:c2:dd:1e: e0:dd:41:32:b7:a1:b3:31:71:eb:f9:91:5a:b0:f9:f1: 56:95:e2:6b:b8:12:9c:44:7f:b8:10:28:4e:fe:00:51: 4d:ca:28:02:2e:a7:6d:3e:6f:4d:3f:40:7f:c1:47:52: 8f:08:19:fd:30:90:4a:11:3c:3c:39:91:a7:fb:85:de Fingerprint (SHA-256): CA:F9:86:8E:F0:A9:35:DC:C5:05:ED:AB:EE:3B:43:32:14:14:08:67:FF:F7:7B:D3:F9:05:3C:30:FD:46:C8:89 Fingerprint (SHA1): 52:80:71:91:7F:4D:41:92:47:22:67:99:0B:27:33:7C:A6:6B:0F:D5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3212: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174361 (0x1ee2b699) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 21:45:59 2015 Not After : Mon May 18 21:45:59 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:0f:4d:df:aa:18:29:f3:58:3c:ae:0b:17:68:d1:4e: ef:c2:1a:f1:ca:94:1e:39:b7:ad:0a:19:6a:35:c6:65: 1d:02:60:e9:8b:8b:5f:a7:0b:f8:e5:b1:d8:bb:29:bd: af:b3:c2:94:af:0c:59:ac:20:c0:54:b1:64:a7:e4:88: 8d:e6:bf:b8:7a:bf:45:fe:da:0b:13:aa:dc:4e:90:f8: bf:36:13:02:67:3c:48:b9:75:bc:78:e5:e0:46:12:49: 32:96:aa:fe:eb:3d:3e:a4:b4:1f:0a:0d:49:44:23:f7: f6:b5:c5:c2:01:d4:de:b6:9f:da:fd:9a:12:22:16:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:4a:39:2d:62:1a:df:ca:90:0a:a9:b1:e8:9a:39:be: 35:54:67:fa:e8:ea:7c:d5:d1:e4:b9:fe:63:1e:46:c2: 9e:d2:12:1f:0e:b5:6e:bc:41:c3:93:a1:83:44:dd:58: 73:fb:4e:23:bf:0e:46:95:2e:d2:aa:d4:d0:46:84:71: 40:57:7c:39:19:29:ef:9c:4d:0c:28:a2:be:06:9b:14: 4f:d4:53:d5:5d:f0:da:f8:ab:d0:d7:74:fd:20:db:51: a8:11:c7:3c:10:af:fe:c4:9b:69:d2:e4:a0:21:b6:d1: 39:5d:34:0f:51:af:39:8b:af:45:a4:47:f6:23:a4:a4 Fingerprint (SHA-256): F3:80:0A:3B:F9:50:C8:4D:04:56:E5:C1:A9:57:41:58:BC:BC:5F:8C:16:C4:A4:5C:B1:93:3C:68:4D:AF:6B:28 Fingerprint (SHA1): 59:9F:F0:9E:AA:23:E3:87:75:84:55:06:ED:5D:D2:FC:FA:CB:80:94 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3213: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174362 (0x1ee2b69a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 21:46:01 2015 Not After : Mon May 18 21:46:01 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:28:21:f6:e4:8f:1c:cd:c4:4d:ef:55:f3:ad:f4:03: 11:8d:c4:87:59:ff:51:9c:ac:20:3d:75:70:14:7c:0c: 94:76:46:33:f9:3e:e8:10:af:f4:08:69:38:08:ee:3e: 80:d4:5a:20:4d:1a:27:67:ee:02:4d:c1:d5:1b:00:ba: d3:8c:62:11:a3:b3:1d:80:60:bf:ec:76:19:70:23:be: 23:98:81:4b:f2:4f:d4:b8:15:a8:fc:6e:db:e8:c9:b1: 64:fb:68:98:7f:50:68:0f:c9:47:92:eb:41:e7:35:52: dc:74:4e:50:94:ae:93:d1:54:fa:13:b7:14:94:bc:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:46:b8:a7:7d:5e:cf:c2:af:e8:8e:0c:41:82:eb:b0: 09:a5:20:1c:a7:34:1d:33:e2:8b:63:2f:f6:b2:22:15: 10:18:3f:93:fd:fc:f6:95:68:3f:d9:12:0a:78:4f:79: 01:ae:b2:0e:e1:e9:11:09:55:04:84:9f:f8:af:05:4b: 22:a2:af:f7:10:11:d3:66:f4:8e:64:77:67:56:52:d3: dc:cd:1d:c3:d0:5d:71:2e:f6:22:ea:f8:9f:67:68:66: ea:07:0f:28:bd:b2:8f:86:d2:e8:07:24:bd:eb:b2:99: 5e:76:0d:fb:6f:eb:0f:c2:b4:bc:a8:b2:cb:5a:83:57 Fingerprint (SHA-256): D1:7C:7D:F8:94:78:C7:C4:EA:4F:36:9B:41:9C:22:87:5F:A8:B3:C3:AD:A4:50:64:C1:69:26:EE:69:84:BF:B2 Fingerprint (SHA1): 41:40:62:DC:43:2B:B0:CD:6D:C8:94:F5:16:D4:CD:97:1C:37:22:7A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3214: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174363 (0x1ee2b69b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 21:46:04 2015 Not After : Mon May 18 21:46:04 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:5f:ab:28:b3:7d:87:15:0e:60:b3:18:a6:8f:d7:76: e9:a4:ed:b8:29:d6:56:cc:d8:7c:c1:df:da:19:f3:92: a8:52:6e:b9:e7:68:a7:01:fe:a5:35:8b:ad:85:80:32: 27:26:5c:8a:3c:b0:83:7f:a4:94:94:c9:7c:e1:08:06: eb:9c:5f:9a:79:7b:63:6f:3a:ff:a9:49:1d:1d:fb:4a: 52:07:ef:2b:25:d2:97:7f:de:3a:e1:fa:f4:63:95:ef: 42:e1:3c:87:10:76:88:27:1d:e6:5d:d0:80:a9:f7:67: ac:70:48:eb:97:88:42:ad:74:d6:03:81:18:f5:5b:39 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 93:da:d8:89:a2:c2:aa:db:b1:ce:da:e2:73:4b:6d:49: ab:79:57:e8:3e:df:69:0d:d6:08:c5:46:cd:4f:a5:4d: 62:36:42:3c:22:37:d9:78:e4:0b:ff:41:50:3b:74:a1: 73:f1:ec:05:7e:24:52:26:93:cc:e0:97:17:d1:04:2f: 44:ae:61:88:59:09:76:45:71:97:41:00:3e:c2:17:3f: 1b:80:01:ba:4b:5f:77:03:65:84:49:96:1c:44:54:b3: a9:55:74:47:56:d8:c0:6b:fb:53:85:fe:29:1d:cc:0c: 05:dc:7f:4e:9a:b7:b7:32:9a:14:44:3d:a9:5f:8d:cb Fingerprint (SHA-256): C7:33:55:6E:16:F9:EA:A8:BC:8B:11:2F:9D:B8:01:DA:2C:B8:56:D1:73:E5:01:64:7C:58:72:EB:31:F1:93:7E Fingerprint (SHA1): 58:29:6E:A3:A3:16:7C:74:32:7E:45:13:A5:0A:AA:73:7D:D3:B1:B1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3215: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174364 (0x1ee2b69c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 21:46:06 2015 Not After : Mon May 18 21:46:06 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:fb:06:ce:d9:94:c9:a8:31:b6:5c:c5:0b:52:9f:48: 35:22:79:3f:b3:7c:1d:1e:ce:18:30:60:48:30:76:2e: 38:f6:5c:02:11:8b:ff:7c:4c:c4:7d:af:6a:de:79:05: 86:ac:6f:a4:b1:84:e8:fb:be:c7:3a:1d:32:55:c3:16: 8b:2b:02:33:0a:01:fc:dc:b3:e7:4c:2e:04:ed:46:e3: 84:05:6d:38:79:fc:1a:71:e7:ec:f6:50:10:8d:8b:08: 18:62:c4:39:18:b6:41:ef:9a:b8:52:97:5d:fa:83:83: 72:ff:fd:3a:52:ac:1d:dc:35:28:60:23:8c:b2:3d:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 12:cf:9f:df:4d:d6:1d:78:43:25:7e:41:b3:17:45:25: b4:08:19:df:82:a6:9c:a6:63:69:d4:96:2f:85:36:50: a9:fb:bc:0a:43:16:97:aa:10:d3:9f:d2:ef:f5:6b:fc: d6:7c:d7:c6:cf:83:8e:00:76:ee:39:48:e6:88:34:25: fc:89:ce:4b:a4:de:b8:9b:48:2e:ff:6c:57:7d:d3:49: a4:25:42:e2:92:93:77:52:16:bd:55:02:36:49:90:b2: 3b:d3:58:be:26:ab:21:06:78:a5:ac:45:df:a5:3d:d6: eb:f5:e4:6e:8e:23:e8:8b:ee:d1:92:42:4a:e2:f2:0f Fingerprint (SHA-256): DC:A1:76:97:29:BC:59:3B:32:88:41:D0:46:31:9E:B0:31:5D:BF:89:C9:38:C3:A8:52:97:7C:9B:53:69:9B:F8 Fingerprint (SHA1): 70:5D:A2:3C:C9:81:1C:9F:9C:2E:3A:41:F4:F7:33:AF:F0:87:09:D9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3216: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174365 (0x1ee2b69d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 21:46:08 2015 Not After : Mon May 18 21:46:08 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:16:7e:77:31:49:33:17:33:c0:f3:fa:b3:66:be:9a: 09:2f:fc:e2:c8:36:57:b1:f2:8a:9a:bb:34:b1:dd:dc: 89:ae:f3:3e:41:59:24:9a:04:45:36:3c:56:3a:e3:4e: 63:11:95:0d:88:9f:0f:d9:88:de:5f:17:68:94:2e:28: 93:21:a2:91:0e:12:0d:4f:86:bb:c0:f3:b4:b5:7a:47: 31:ac:81:df:3a:ea:5b:d4:5a:6c:97:d8:e4:a3:bd:8b: 61:10:9e:69:f6:52:bb:b8:34:fd:f1:74:60:2b:9d:06: c1:d6:b7:a0:f7:92:07:28:f4:bc:e6:f5:b9:24:bc:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:23:20:a4:80:27:13:5e:c7:c8:68:28:8e:fb:7a:72: b0:4b:3e:eb:46:e8:b3:de:7b:97:67:4f:28:c9:f9:97: 1c:98:10:f4:5d:59:ed:03:9c:c9:86:b7:b6:62:3d:88: a0:64:b8:83:a6:c4:ea:0c:5f:67:4f:e8:c7:db:08:6e: 15:36:a6:d6:46:6a:33:c3:40:e3:bd:4f:2c:25:2d:54: 54:ce:48:20:07:21:84:b0:b9:16:73:13:24:21:62:d8: 20:17:d9:56:6c:8a:39:56:1c:20:9a:bc:56:f9:aa:40: 65:60:cc:5b:95:59:b2:04:15:32:da:32:70:31:81:c4 Fingerprint (SHA-256): 16:3E:A1:F0:23:6B:D3:D8:25:2E:16:13:BC:B4:88:28:11:7C:58:9E:CD:55:47:07:D4:F7:E8:01:F0:4A:19:71 Fingerprint (SHA1): 62:A4:FE:72:7C:07:D4:10:5B:76:9D:3A:4E:AA:15:EF:D7:C0:B3:A9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3217: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174366 (0x1ee2b69e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 21:46:11 2015 Not After : Mon May 18 21:46:11 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:31:41:6d:ea:50:3a:e0:8c:a5:c2:4e:58:01:ec:da: b4:af:d4:35:3f:33:89:5a:76:6a:e7:81:d4:1d:65:79: a3:ec:7e:6c:d3:34:4a:2e:88:9b:a5:9a:23:95:93:e8: 9e:15:09:df:0d:1e:c8:5d:27:91:d0:51:34:1c:ce:f3: b8:f6:fc:b5:88:38:26:4d:50:92:c9:25:da:97:b9:13: 11:8a:fa:cb:c7:b9:88:3b:b8:f3:31:f6:a2:00:a8:6f: d0:12:09:e4:63:6b:af:ab:7a:9c:a7:f1:8b:56:4c:e5: a3:59:55:d1:44:05:04:cc:bd:ad:00:f9:b7:55:bc:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:6c:00:26:cf:d4:40:fa:57:6f:cc:a6:4a:80:20:56: be:d5:a0:78:04:27:2e:04:46:be:b0:45:32:58:e1:39: c2:d8:96:da:14:40:af:2c:b5:ef:39:83:d7:9e:d4:5d: 32:a1:c7:15:de:73:74:e5:70:7a:ea:45:45:c3:62:b8: 06:cc:a8:a7:06:b0:5c:10:d9:90:44:71:42:2e:5b:15: cf:1a:90:db:d0:1c:5b:3c:16:8a:dd:ac:95:24:04:1c: c3:d7:f8:52:5f:a6:8a:0c:f7:ca:3c:35:c3:20:20:e8: 18:3c:4c:6e:6f:16:bf:da:1d:01:4f:e3:aa:46:67:27 Fingerprint (SHA-256): 8C:FE:47:7E:0D:CB:AC:3F:FE:45:B7:6F:EC:B1:2A:E8:1E:8A:52:95:F9:75:46:E0:E9:51:F8:A4:79:84:DC:59 Fingerprint (SHA1): 01:BC:57:90:7B:68:2A:DF:67:30:AB:18:6F:81:A1:BA:2B:A2:53:84 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3218: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174367 (0x1ee2b69f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 21:46:13 2015 Not After : Mon May 18 21:46:13 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:c2:f4:27:5d:64:ed:7f:32:06:80:19:61:8b:e9:d4: a5:2e:6c:67:be:4b:69:cb:4b:6e:3c:be:e9:6a:17:79: 84:0a:ea:dd:23:81:e6:c0:3d:80:64:69:c6:2b:e5:31: 5a:e4:b0:0d:fa:31:c2:80:74:aa:8f:4d:83:90:94:45: 43:e9:67:07:96:63:54:f7:64:6b:26:86:ae:d6:57:b6: d0:10:82:b6:f3:aa:80:06:8d:b8:de:04:80:76:59:9c: 0d:5b:79:36:5b:41:ed:a5:b2:30:b4:35:e9:11:66:f5: fb:bb:9a:37:6c:b1:7c:56:cb:ca:25:0e:24:25:80:ef Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b2:a1:02:e4:f5:36:98:32:77:4f:bc:ac:05:e5:03:9d: 4f:84:d5:a7:33:83:7f:30:41:f2:d0:d5:0e:49:d8:84: bd:66:31:3a:c1:9a:1a:df:7f:9f:be:39:9f:60:56:2a: 78:74:b9:e9:f5:2d:6f:f3:1f:2a:69:8e:90:78:dc:a1: 4a:85:35:f5:4f:cb:92:f6:a8:57:47:78:34:5b:db:07: 99:2a:d1:6d:92:ea:a7:63:ea:8e:93:a1:f8:cc:8d:ff: 9c:08:64:50:c3:2c:39:52:97:15:03:ca:be:0f:4f:3b: bf:37:44:59:3e:88:26:43:3d:6e:a5:43:4b:1d:b5:92 Fingerprint (SHA-256): 8E:28:05:BC:48:7D:95:19:BF:F1:B2:E1:2C:A4:24:38:B4:D9:7D:6A:87:79:D6:A8:D4:76:8E:E2:E0:4F:C4:1B Fingerprint (SHA1): 11:82:DA:84:86:08:27:88:47:94:FD:C7:C1:39:86:23:4B:D8:1F:C2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3219: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3220: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174382 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3221: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3222: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3223: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3224: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174383 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3225: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3226: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3227: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3228: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174384 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3229: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3230: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3231: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3232: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174385 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3233: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3234: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3235: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174382 (0x1ee2b6ae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:46:51 2015 Not After : Mon May 18 21:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:e5:30:29:11:5c:9d:3f:e2:9b:ab:ce:3a:1a:58:f3: e9:e6:79:f6:c0:1c:2c:05:53:e0:09:70:82:8e:80:0e: 04:4d:b5:13:ae:9e:13:7d:cc:90:53:5f:6e:fe:1f:e5: 74:6c:be:20:28:ac:1b:90:da:49:90:d3:07:e2:76:ac: 96:32:0c:6e:37:d3:8b:f4:44:73:15:7b:6d:53:e8:f9: d1:cc:3e:92:9d:c2:95:7b:c4:57:ce:e9:b7:c9:ab:bb: 8a:69:00:fc:2c:87:6a:08:35:f9:18:65:78:b7:4c:b0: 73:16:99:12:3e:a2:77:cd:df:da:bd:a7:7d:ca:a1:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:b5:2c:24:43:8b:ce:e5:5f:7c:ab:3c:ca:e2:2e:16: 91:09:82:bd:cf:e8:e5:30:93:55:15:56:7d:0f:7e:e0: 33:e4:98:92:83:bd:9b:69:18:f9:d4:65:a3:79:f6:71: 86:b4:6b:1c:0a:38:62:a3:91:cd:ce:95:dd:1e:14:fd: 66:47:17:00:16:77:29:46:89:1d:ce:3e:5e:f4:a7:0d: 16:0d:44:b0:4c:e9:9d:9f:e0:82:71:a3:ec:ee:3d:13: 0f:df:51:a5:5d:56:3c:e4:69:38:15:f7:05:a4:56:b0: d6:08:15:a1:bf:eb:5a:e3:28:e1:0b:b8:1f:08:ab:f4 Fingerprint (SHA-256): 01:24:79:F5:C9:2C:56:17:46:47:DC:B6:15:23:19:53:22:DA:2A:D0:98:74:E1:1F:DF:43:74:1C:22:3F:79:8A Fingerprint (SHA1): ED:E9:2F:C1:8B:AF:CF:17:C6:3F:33:6B:C9:EC:2D:3D:F9:17:30:01 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3236: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3237: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174383 (0x1ee2b6af) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:46:54 2015 Not After : Mon May 18 21:46:54 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:fd:0b:33:a0:8f:84:ba:23:90:ad:b9:a3:12:fd:31: bf:87:e1:9b:2f:95:b7:6f:b4:dd:1e:a4:59:55:c2:9c: 7c:20:98:c4:4d:0e:bb:58:aa:b8:6f:79:5c:3a:c2:6d: 0a:ca:5a:93:47:18:d9:47:1c:b4:c2:9f:46:00:fb:42: 08:75:f5:ee:9f:0e:b3:00:52:9c:5d:83:5b:fb:12:63: 9c:56:b8:bf:5d:e0:e9:7c:ef:33:58:dc:31:00:50:f2: 26:2b:72:15:eb:bc:4d:e2:f4:c5:c9:7c:59:ca:5a:7d: fd:ca:12:2c:85:f4:5e:ac:49:f4:2a:b3:bc:b8:0e:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:60:8a:13:f9:4b:ab:33:34:64:ea:f1:9e:dd:c8:59: a2:e3:5e:51:dd:1b:15:77:1e:8c:39:a2:3a:19:1d:f5: 5c:54:e1:f0:50:67:96:66:39:9f:b0:63:16:0f:95:ff: 87:c0:ad:94:13:ad:22:53:d8:54:fe:f0:14:34:7a:c4: 9c:2b:6a:f5:f9:36:57:ed:83:80:b8:ec:9b:fb:c5:6e: 3a:b7:ab:da:74:25:b1:20:ec:98:cd:1d:5e:63:5e:d5: d8:e6:54:7d:f5:39:ea:64:93:f5:ac:1b:d3:05:d6:bc: 99:c6:19:5a:77:a1:a5:4e:79:ab:64:fb:23:0a:99:59 Fingerprint (SHA-256): 21:0B:0D:23:8C:FD:B1:70:90:C6:E9:0D:D1:8D:88:F3:BB:AE:92:B4:AD:A5:31:28:C4:0C:63:98:5F:F8:2C:A3 Fingerprint (SHA1): 4C:DE:34:25:10:3A:75:1A:3A:E1:5B:2D:17:5A:4C:29:30:A2:E2:EC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3238: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3239: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174384 (0x1ee2b6b0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:46:56 2015 Not After : Mon May 18 21:46:56 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:ff:a4:f4:b7:90:94:4d:2e:c1:fe:9b:2e:ea:1c:d3: 28:f8:b3:17:9c:a4:0f:e6:3b:b5:0d:cf:99:c8:ef:5f: df:5b:02:e9:f3:2e:f2:b3:a3:79:a2:bd:d0:d5:6a:30: 0d:a4:1e:94:2c:1a:43:91:6e:79:d8:95:6d:25:e6:e5: 2c:7a:9f:4a:8d:b0:b3:9b:db:e6:ba:c1:b6:af:41:cf: e8:12:e9:d5:01:ee:fa:f7:b8:b2:0d:ed:a4:17:9a:1c: 9d:07:d2:95:ca:b7:05:a4:b4:37:7c:bc:03:00:56:47: c5:65:b9:8e:01:b9:1b:56:71:a1:c0:d5:08:9d:7b:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:14:86:92:1c:c6:f6:81:75:8c:65:88:8f:e5:68:50: 90:1c:83:24:27:88:d1:62:b9:3a:a9:6b:af:55:87:a6: 27:98:1e:89:2d:fa:47:5c:fa:39:97:ae:ca:a3:9f:96: c4:19:fc:69:aa:4b:55:6d:d5:77:6d:60:93:9d:45:90: fe:73:f4:5d:ae:e6:81:bf:0f:d2:70:53:c3:c4:86:4b: 75:b7:d3:3a:59:74:78:e8:b1:8b:ac:32:87:c2:c8:38: fa:f5:db:16:4f:bc:69:d1:f9:8e:ed:4e:14:3e:3a:3b: 16:2e:96:00:79:82:55:0c:88:9b:46:a2:d6:63:d9:40 Fingerprint (SHA-256): D1:7A:AB:2F:30:42:31:F1:E7:8D:97:23:A7:BF:BF:B5:D4:F5:D1:65:B4:9F:52:F7:8E:41:6A:86:B5:6F:6F:42 Fingerprint (SHA1): 30:A8:6D:ED:C4:1E:11:F5:C2:A6:86:BE:21:1C:61:7A:A1:48:34:DF Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3240: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3241: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3242: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3243: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3244: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174382 (0x1ee2b6ae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:46:51 2015 Not After : Mon May 18 21:46:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:e5:30:29:11:5c:9d:3f:e2:9b:ab:ce:3a:1a:58:f3: e9:e6:79:f6:c0:1c:2c:05:53:e0:09:70:82:8e:80:0e: 04:4d:b5:13:ae:9e:13:7d:cc:90:53:5f:6e:fe:1f:e5: 74:6c:be:20:28:ac:1b:90:da:49:90:d3:07:e2:76:ac: 96:32:0c:6e:37:d3:8b:f4:44:73:15:7b:6d:53:e8:f9: d1:cc:3e:92:9d:c2:95:7b:c4:57:ce:e9:b7:c9:ab:bb: 8a:69:00:fc:2c:87:6a:08:35:f9:18:65:78:b7:4c:b0: 73:16:99:12:3e:a2:77:cd:df:da:bd:a7:7d:ca:a1:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:b5:2c:24:43:8b:ce:e5:5f:7c:ab:3c:ca:e2:2e:16: 91:09:82:bd:cf:e8:e5:30:93:55:15:56:7d:0f:7e:e0: 33:e4:98:92:83:bd:9b:69:18:f9:d4:65:a3:79:f6:71: 86:b4:6b:1c:0a:38:62:a3:91:cd:ce:95:dd:1e:14:fd: 66:47:17:00:16:77:29:46:89:1d:ce:3e:5e:f4:a7:0d: 16:0d:44:b0:4c:e9:9d:9f:e0:82:71:a3:ec:ee:3d:13: 0f:df:51:a5:5d:56:3c:e4:69:38:15:f7:05:a4:56:b0: d6:08:15:a1:bf:eb:5a:e3:28:e1:0b:b8:1f:08:ab:f4 Fingerprint (SHA-256): 01:24:79:F5:C9:2C:56:17:46:47:DC:B6:15:23:19:53:22:DA:2A:D0:98:74:E1:1F:DF:43:74:1C:22:3F:79:8A Fingerprint (SHA1): ED:E9:2F:C1:8B:AF:CF:17:C6:3F:33:6B:C9:EC:2D:3D:F9:17:30:01 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3245: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3246: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174383 (0x1ee2b6af) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:46:54 2015 Not After : Mon May 18 21:46:54 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:fd:0b:33:a0:8f:84:ba:23:90:ad:b9:a3:12:fd:31: bf:87:e1:9b:2f:95:b7:6f:b4:dd:1e:a4:59:55:c2:9c: 7c:20:98:c4:4d:0e:bb:58:aa:b8:6f:79:5c:3a:c2:6d: 0a:ca:5a:93:47:18:d9:47:1c:b4:c2:9f:46:00:fb:42: 08:75:f5:ee:9f:0e:b3:00:52:9c:5d:83:5b:fb:12:63: 9c:56:b8:bf:5d:e0:e9:7c:ef:33:58:dc:31:00:50:f2: 26:2b:72:15:eb:bc:4d:e2:f4:c5:c9:7c:59:ca:5a:7d: fd:ca:12:2c:85:f4:5e:ac:49:f4:2a:b3:bc:b8:0e:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:60:8a:13:f9:4b:ab:33:34:64:ea:f1:9e:dd:c8:59: a2:e3:5e:51:dd:1b:15:77:1e:8c:39:a2:3a:19:1d:f5: 5c:54:e1:f0:50:67:96:66:39:9f:b0:63:16:0f:95:ff: 87:c0:ad:94:13:ad:22:53:d8:54:fe:f0:14:34:7a:c4: 9c:2b:6a:f5:f9:36:57:ed:83:80:b8:ec:9b:fb:c5:6e: 3a:b7:ab:da:74:25:b1:20:ec:98:cd:1d:5e:63:5e:d5: d8:e6:54:7d:f5:39:ea:64:93:f5:ac:1b:d3:05:d6:bc: 99:c6:19:5a:77:a1:a5:4e:79:ab:64:fb:23:0a:99:59 Fingerprint (SHA-256): 21:0B:0D:23:8C:FD:B1:70:90:C6:E9:0D:D1:8D:88:F3:BB:AE:92:B4:AD:A5:31:28:C4:0C:63:98:5F:F8:2C:A3 Fingerprint (SHA1): 4C:DE:34:25:10:3A:75:1A:3A:E1:5B:2D:17:5A:4C:29:30:A2:E2:EC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3247: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3248: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174384 (0x1ee2b6b0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:46:56 2015 Not After : Mon May 18 21:46:56 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:ff:a4:f4:b7:90:94:4d:2e:c1:fe:9b:2e:ea:1c:d3: 28:f8:b3:17:9c:a4:0f:e6:3b:b5:0d:cf:99:c8:ef:5f: df:5b:02:e9:f3:2e:f2:b3:a3:79:a2:bd:d0:d5:6a:30: 0d:a4:1e:94:2c:1a:43:91:6e:79:d8:95:6d:25:e6:e5: 2c:7a:9f:4a:8d:b0:b3:9b:db:e6:ba:c1:b6:af:41:cf: e8:12:e9:d5:01:ee:fa:f7:b8:b2:0d:ed:a4:17:9a:1c: 9d:07:d2:95:ca:b7:05:a4:b4:37:7c:bc:03:00:56:47: c5:65:b9:8e:01:b9:1b:56:71:a1:c0:d5:08:9d:7b:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3a:14:86:92:1c:c6:f6:81:75:8c:65:88:8f:e5:68:50: 90:1c:83:24:27:88:d1:62:b9:3a:a9:6b:af:55:87:a6: 27:98:1e:89:2d:fa:47:5c:fa:39:97:ae:ca:a3:9f:96: c4:19:fc:69:aa:4b:55:6d:d5:77:6d:60:93:9d:45:90: fe:73:f4:5d:ae:e6:81:bf:0f:d2:70:53:c3:c4:86:4b: 75:b7:d3:3a:59:74:78:e8:b1:8b:ac:32:87:c2:c8:38: fa:f5:db:16:4f:bc:69:d1:f9:8e:ed:4e:14:3e:3a:3b: 16:2e:96:00:79:82:55:0c:88:9b:46:a2:d6:63:d9:40 Fingerprint (SHA-256): D1:7A:AB:2F:30:42:31:F1:E7:8D:97:23:A7:BF:BF:B5:D4:F5:D1:65:B4:9F:52:F7:8E:41:6A:86:B5:6F:6F:42 Fingerprint (SHA1): 30:A8:6D:ED:C4:1E:11:F5:C2:A6:86:BE:21:1C:61:7A:A1:48:34:DF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3249: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3250: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3251: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174386 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3252: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3253: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3254: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3255: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174387 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3256: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3257: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3258: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3259: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174388 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3260: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3261: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3262: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3263: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518174389 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3264: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3265: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3266: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3267: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518174390 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3268: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3269: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3270: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174386 (0x1ee2b6b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:13 2015 Not After : Mon May 18 21:47:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:02:c0:37:c6:9b:e9:72:43:a8:8f:1d:86:f4:85:a4: c2:b0:c3:15:6b:3b:32:18:77:d1:1c:e0:36:37:6a:24: 81:08:a5:c5:03:3b:80:d3:5b:96:43:7f:6d:ce:4f:7b: 07:5d:a7:04:23:55:0b:04:28:55:fe:d1:d9:cb:f2:42: 85:84:df:6f:41:2d:83:ab:25:34:b5:d3:53:a7:f0:7d: f4:f5:1e:ea:77:b6:6b:f9:96:a5:23:bd:23:bb:3f:11: d6:39:9e:45:f2:7c:4b:ff:13:43:da:9e:2e:b5:b1:16: ac:e0:c7:5c:a6:eb:26:80:f9:25:9b:d2:c5:28:45:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:81:4d:07:56:93:ee:f0:dc:45:6c:9a:08:d9:82:d9: 0b:9a:5a:27:09:16:76:7c:8a:15:e9:bc:8e:5f:f7:b8: 86:d1:fd:d4:d6:54:86:65:f0:e4:26:1c:5d:9c:48:66: 71:68:8a:f1:96:27:98:3d:a6:2f:1c:bf:58:5d:9a:35: d3:31:86:b9:69:27:61:78:5e:b9:73:eb:3c:40:f0:bd: 0a:8c:fa:11:48:da:6c:6c:5b:d0:52:37:4e:e1:f5:cc: 2f:4a:02:26:4a:a4:e6:5a:52:d8:61:80:15:31:35:c0: ed:ef:81:95:9a:e8:d9:98:a6:1d:7d:df:59:b1:1c:a5 Fingerprint (SHA-256): 0C:F3:97:B4:66:B4:F9:35:35:5E:EC:08:3B:97:BB:99:ED:01:29:22:58:05:B3:F8:2B:0B:F3:24:0B:4B:3E:0C Fingerprint (SHA1): 8A:4F:36:EF:38:35:19:3A:4F:AB:3E:D1:07:BB:00:57:29:51:A0:C3 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3271: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3272: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174387 (0x1ee2b6b3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:15 2015 Not After : Mon May 18 21:47:15 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:4f:06:5b:8e:f2:65:c9:cf:f2:14:97:01:a7:70:ef: c6:80:3c:92:c1:87:d1:34:e4:7f:87:91:4d:d1:84:d6: 66:f4:91:b5:e0:34:5d:cc:21:d6:f4:c5:fd:9d:a7:d7: 36:47:93:33:ed:78:4e:fc:1c:b7:47:08:0f:7e:c3:ad: 16:33:96:43:3d:48:de:a4:ae:63:43:1c:51:ed:bd:35: 27:36:d0:f9:d7:ee:75:38:71:67:04:ae:aa:f0:e7:70: 1d:ab:60:9c:6d:15:3d:b8:1c:f4:39:ea:c6:e9:6b:ee: 68:bb:cc:37:c4:cf:e9:03:be:8d:fc:87:9a:5d:77:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:97:ab:05:b4:ad:ce:b4:3c:24:ba:90:cd:42:6b:ba: 73:32:ef:ac:08:37:cc:74:21:9c:03:32:40:79:3b:ee: ff:a3:0b:a6:c1:0c:5e:71:ac:a3:7b:bd:8b:02:76:b1: 36:41:a0:76:b8:1b:ec:65:31:e4:58:a2:3e:ae:68:76: 5a:3c:6e:17:93:b0:39:d0:8d:f5:bf:0b:9e:8a:1a:ec: 28:05:c1:aa:b0:1f:2f:cc:42:02:0a:14:fc:c7:38:ae: 56:63:e7:33:a8:4f:a8:24:45:98:a4:5f:d0:4b:ab:3c: 00:58:17:c1:2e:d8:bb:b8:88:85:63:82:4e:ba:60:71 Fingerprint (SHA-256): 48:6C:B1:97:C6:AF:B3:0D:7E:73:B1:70:E2:D6:ED:F4:6C:D3:8D:97:B7:A1:A1:B8:F5:D7:80:20:0E:C2:4B:66 Fingerprint (SHA1): 8C:3A:EA:AE:B6:04:83:D1:E2:F3:CC:A6:96:F6:97:1C:76:FE:E8:2C Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3273: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3274: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174388 (0x1ee2b6b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:47:18 2015 Not After : Mon May 18 21:47:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:b6:e9:96:97:46:2f:9f:10:e5:ef:ad:24:20:f9:bd: c2:76:88:42:50:d1:73:3e:bb:41:3e:0c:e7:13:12:cc: e1:fb:aa:12:b2:23:3c:bd:c1:e5:4b:56:b2:17:f1:4a: 66:ba:b0:b2:11:01:65:39:b8:a1:f1:8b:92:13:46:fb: 26:a5:c8:24:f8:b0:12:74:40:4e:77:aa:e0:82:ad:e2: 7f:42:04:0f:68:61:31:39:5e:6a:5c:d5:be:99:09:7b: 58:82:e6:16:0b:87:6f:af:df:8a:d5:ed:6a:85:d1:3a: b5:a8:ac:90:0a:f3:b1:c0:cb:4e:37:dd:96:bb:46:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:a0:e7:71:da:39:f8:4e:ac:be:05:61:95:2b:69:86: 97:30:60:65:ae:fd:48:77:0e:72:06:8c:de:f7:bf:1d: 83:dd:75:e6:3b:d0:19:90:76:54:e5:33:9e:d1:e1:4d: c9:3e:91:3e:88:0e:52:37:9c:6f:f4:b6:9e:bf:58:11: b2:a0:a0:98:6b:0b:4b:1b:da:a1:a5:a9:40:fb:50:39: 3a:77:cf:97:59:87:00:e9:d9:5f:30:b1:06:97:49:13: 34:3d:f3:1c:e5:86:c4:70:c9:2e:e7:a4:63:50:f4:db: d5:6d:3f:12:a6:b1:44:86:3e:5d:b2:d4:9a:1a:56:63 Fingerprint (SHA-256): B6:6F:A5:40:03:18:F3:0C:5C:6F:88:CA:0B:61:85:58:6F:3F:93:5B:B1:65:42:4C:28:A4:48:E4:A1:2D:4E:2E Fingerprint (SHA1): 13:97:08:98:25:44:50:A8:09:16:18:D6:05:7D:D6:FB:1C:0C:B5:45 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3275: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3276: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3277: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3278: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3279: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174386 (0x1ee2b6b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:13 2015 Not After : Mon May 18 21:47:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:02:c0:37:c6:9b:e9:72:43:a8:8f:1d:86:f4:85:a4: c2:b0:c3:15:6b:3b:32:18:77:d1:1c:e0:36:37:6a:24: 81:08:a5:c5:03:3b:80:d3:5b:96:43:7f:6d:ce:4f:7b: 07:5d:a7:04:23:55:0b:04:28:55:fe:d1:d9:cb:f2:42: 85:84:df:6f:41:2d:83:ab:25:34:b5:d3:53:a7:f0:7d: f4:f5:1e:ea:77:b6:6b:f9:96:a5:23:bd:23:bb:3f:11: d6:39:9e:45:f2:7c:4b:ff:13:43:da:9e:2e:b5:b1:16: ac:e0:c7:5c:a6:eb:26:80:f9:25:9b:d2:c5:28:45:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:81:4d:07:56:93:ee:f0:dc:45:6c:9a:08:d9:82:d9: 0b:9a:5a:27:09:16:76:7c:8a:15:e9:bc:8e:5f:f7:b8: 86:d1:fd:d4:d6:54:86:65:f0:e4:26:1c:5d:9c:48:66: 71:68:8a:f1:96:27:98:3d:a6:2f:1c:bf:58:5d:9a:35: d3:31:86:b9:69:27:61:78:5e:b9:73:eb:3c:40:f0:bd: 0a:8c:fa:11:48:da:6c:6c:5b:d0:52:37:4e:e1:f5:cc: 2f:4a:02:26:4a:a4:e6:5a:52:d8:61:80:15:31:35:c0: ed:ef:81:95:9a:e8:d9:98:a6:1d:7d:df:59:b1:1c:a5 Fingerprint (SHA-256): 0C:F3:97:B4:66:B4:F9:35:35:5E:EC:08:3B:97:BB:99:ED:01:29:22:58:05:B3:F8:2B:0B:F3:24:0B:4B:3E:0C Fingerprint (SHA1): 8A:4F:36:EF:38:35:19:3A:4F:AB:3E:D1:07:BB:00:57:29:51:A0:C3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3280: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3281: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174387 (0x1ee2b6b3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:15 2015 Not After : Mon May 18 21:47:15 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:4f:06:5b:8e:f2:65:c9:cf:f2:14:97:01:a7:70:ef: c6:80:3c:92:c1:87:d1:34:e4:7f:87:91:4d:d1:84:d6: 66:f4:91:b5:e0:34:5d:cc:21:d6:f4:c5:fd:9d:a7:d7: 36:47:93:33:ed:78:4e:fc:1c:b7:47:08:0f:7e:c3:ad: 16:33:96:43:3d:48:de:a4:ae:63:43:1c:51:ed:bd:35: 27:36:d0:f9:d7:ee:75:38:71:67:04:ae:aa:f0:e7:70: 1d:ab:60:9c:6d:15:3d:b8:1c:f4:39:ea:c6:e9:6b:ee: 68:bb:cc:37:c4:cf:e9:03:be:8d:fc:87:9a:5d:77:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:97:ab:05:b4:ad:ce:b4:3c:24:ba:90:cd:42:6b:ba: 73:32:ef:ac:08:37:cc:74:21:9c:03:32:40:79:3b:ee: ff:a3:0b:a6:c1:0c:5e:71:ac:a3:7b:bd:8b:02:76:b1: 36:41:a0:76:b8:1b:ec:65:31:e4:58:a2:3e:ae:68:76: 5a:3c:6e:17:93:b0:39:d0:8d:f5:bf:0b:9e:8a:1a:ec: 28:05:c1:aa:b0:1f:2f:cc:42:02:0a:14:fc:c7:38:ae: 56:63:e7:33:a8:4f:a8:24:45:98:a4:5f:d0:4b:ab:3c: 00:58:17:c1:2e:d8:bb:b8:88:85:63:82:4e:ba:60:71 Fingerprint (SHA-256): 48:6C:B1:97:C6:AF:B3:0D:7E:73:B1:70:E2:D6:ED:F4:6C:D3:8D:97:B7:A1:A1:B8:F5:D7:80:20:0E:C2:4B:66 Fingerprint (SHA1): 8C:3A:EA:AE:B6:04:83:D1:E2:F3:CC:A6:96:F6:97:1C:76:FE:E8:2C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3282: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3283: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174388 (0x1ee2b6b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:47:18 2015 Not After : Mon May 18 21:47:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:b6:e9:96:97:46:2f:9f:10:e5:ef:ad:24:20:f9:bd: c2:76:88:42:50:d1:73:3e:bb:41:3e:0c:e7:13:12:cc: e1:fb:aa:12:b2:23:3c:bd:c1:e5:4b:56:b2:17:f1:4a: 66:ba:b0:b2:11:01:65:39:b8:a1:f1:8b:92:13:46:fb: 26:a5:c8:24:f8:b0:12:74:40:4e:77:aa:e0:82:ad:e2: 7f:42:04:0f:68:61:31:39:5e:6a:5c:d5:be:99:09:7b: 58:82:e6:16:0b:87:6f:af:df:8a:d5:ed:6a:85:d1:3a: b5:a8:ac:90:0a:f3:b1:c0:cb:4e:37:dd:96:bb:46:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:a0:e7:71:da:39:f8:4e:ac:be:05:61:95:2b:69:86: 97:30:60:65:ae:fd:48:77:0e:72:06:8c:de:f7:bf:1d: 83:dd:75:e6:3b:d0:19:90:76:54:e5:33:9e:d1:e1:4d: c9:3e:91:3e:88:0e:52:37:9c:6f:f4:b6:9e:bf:58:11: b2:a0:a0:98:6b:0b:4b:1b:da:a1:a5:a9:40:fb:50:39: 3a:77:cf:97:59:87:00:e9:d9:5f:30:b1:06:97:49:13: 34:3d:f3:1c:e5:86:c4:70:c9:2e:e7:a4:63:50:f4:db: d5:6d:3f:12:a6:b1:44:86:3e:5d:b2:d4:9a:1a:56:63 Fingerprint (SHA-256): B6:6F:A5:40:03:18:F3:0C:5C:6F:88:CA:0B:61:85:58:6F:3F:93:5B:B1:65:42:4C:28:A4:48:E4:A1:2D:4E:2E Fingerprint (SHA1): 13:97:08:98:25:44:50:A8:09:16:18:D6:05:7D:D6:FB:1C:0C:B5:45 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3284: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3285: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174386 (0x1ee2b6b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:13 2015 Not After : Mon May 18 21:47:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:02:c0:37:c6:9b:e9:72:43:a8:8f:1d:86:f4:85:a4: c2:b0:c3:15:6b:3b:32:18:77:d1:1c:e0:36:37:6a:24: 81:08:a5:c5:03:3b:80:d3:5b:96:43:7f:6d:ce:4f:7b: 07:5d:a7:04:23:55:0b:04:28:55:fe:d1:d9:cb:f2:42: 85:84:df:6f:41:2d:83:ab:25:34:b5:d3:53:a7:f0:7d: f4:f5:1e:ea:77:b6:6b:f9:96:a5:23:bd:23:bb:3f:11: d6:39:9e:45:f2:7c:4b:ff:13:43:da:9e:2e:b5:b1:16: ac:e0:c7:5c:a6:eb:26:80:f9:25:9b:d2:c5:28:45:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:81:4d:07:56:93:ee:f0:dc:45:6c:9a:08:d9:82:d9: 0b:9a:5a:27:09:16:76:7c:8a:15:e9:bc:8e:5f:f7:b8: 86:d1:fd:d4:d6:54:86:65:f0:e4:26:1c:5d:9c:48:66: 71:68:8a:f1:96:27:98:3d:a6:2f:1c:bf:58:5d:9a:35: d3:31:86:b9:69:27:61:78:5e:b9:73:eb:3c:40:f0:bd: 0a:8c:fa:11:48:da:6c:6c:5b:d0:52:37:4e:e1:f5:cc: 2f:4a:02:26:4a:a4:e6:5a:52:d8:61:80:15:31:35:c0: ed:ef:81:95:9a:e8:d9:98:a6:1d:7d:df:59:b1:1c:a5 Fingerprint (SHA-256): 0C:F3:97:B4:66:B4:F9:35:35:5E:EC:08:3B:97:BB:99:ED:01:29:22:58:05:B3:F8:2B:0B:F3:24:0B:4B:3E:0C Fingerprint (SHA1): 8A:4F:36:EF:38:35:19:3A:4F:AB:3E:D1:07:BB:00:57:29:51:A0:C3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3286: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174386 (0x1ee2b6b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:13 2015 Not After : Mon May 18 21:47:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:02:c0:37:c6:9b:e9:72:43:a8:8f:1d:86:f4:85:a4: c2:b0:c3:15:6b:3b:32:18:77:d1:1c:e0:36:37:6a:24: 81:08:a5:c5:03:3b:80:d3:5b:96:43:7f:6d:ce:4f:7b: 07:5d:a7:04:23:55:0b:04:28:55:fe:d1:d9:cb:f2:42: 85:84:df:6f:41:2d:83:ab:25:34:b5:d3:53:a7:f0:7d: f4:f5:1e:ea:77:b6:6b:f9:96:a5:23:bd:23:bb:3f:11: d6:39:9e:45:f2:7c:4b:ff:13:43:da:9e:2e:b5:b1:16: ac:e0:c7:5c:a6:eb:26:80:f9:25:9b:d2:c5:28:45:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:81:4d:07:56:93:ee:f0:dc:45:6c:9a:08:d9:82:d9: 0b:9a:5a:27:09:16:76:7c:8a:15:e9:bc:8e:5f:f7:b8: 86:d1:fd:d4:d6:54:86:65:f0:e4:26:1c:5d:9c:48:66: 71:68:8a:f1:96:27:98:3d:a6:2f:1c:bf:58:5d:9a:35: d3:31:86:b9:69:27:61:78:5e:b9:73:eb:3c:40:f0:bd: 0a:8c:fa:11:48:da:6c:6c:5b:d0:52:37:4e:e1:f5:cc: 2f:4a:02:26:4a:a4:e6:5a:52:d8:61:80:15:31:35:c0: ed:ef:81:95:9a:e8:d9:98:a6:1d:7d:df:59:b1:1c:a5 Fingerprint (SHA-256): 0C:F3:97:B4:66:B4:F9:35:35:5E:EC:08:3B:97:BB:99:ED:01:29:22:58:05:B3:F8:2B:0B:F3:24:0B:4B:3E:0C Fingerprint (SHA1): 8A:4F:36:EF:38:35:19:3A:4F:AB:3E:D1:07:BB:00:57:29:51:A0:C3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3287: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174387 (0x1ee2b6b3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:15 2015 Not After : Mon May 18 21:47:15 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:4f:06:5b:8e:f2:65:c9:cf:f2:14:97:01:a7:70:ef: c6:80:3c:92:c1:87:d1:34:e4:7f:87:91:4d:d1:84:d6: 66:f4:91:b5:e0:34:5d:cc:21:d6:f4:c5:fd:9d:a7:d7: 36:47:93:33:ed:78:4e:fc:1c:b7:47:08:0f:7e:c3:ad: 16:33:96:43:3d:48:de:a4:ae:63:43:1c:51:ed:bd:35: 27:36:d0:f9:d7:ee:75:38:71:67:04:ae:aa:f0:e7:70: 1d:ab:60:9c:6d:15:3d:b8:1c:f4:39:ea:c6:e9:6b:ee: 68:bb:cc:37:c4:cf:e9:03:be:8d:fc:87:9a:5d:77:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:97:ab:05:b4:ad:ce:b4:3c:24:ba:90:cd:42:6b:ba: 73:32:ef:ac:08:37:cc:74:21:9c:03:32:40:79:3b:ee: ff:a3:0b:a6:c1:0c:5e:71:ac:a3:7b:bd:8b:02:76:b1: 36:41:a0:76:b8:1b:ec:65:31:e4:58:a2:3e:ae:68:76: 5a:3c:6e:17:93:b0:39:d0:8d:f5:bf:0b:9e:8a:1a:ec: 28:05:c1:aa:b0:1f:2f:cc:42:02:0a:14:fc:c7:38:ae: 56:63:e7:33:a8:4f:a8:24:45:98:a4:5f:d0:4b:ab:3c: 00:58:17:c1:2e:d8:bb:b8:88:85:63:82:4e:ba:60:71 Fingerprint (SHA-256): 48:6C:B1:97:C6:AF:B3:0D:7E:73:B1:70:E2:D6:ED:F4:6C:D3:8D:97:B7:A1:A1:B8:F5:D7:80:20:0E:C2:4B:66 Fingerprint (SHA1): 8C:3A:EA:AE:B6:04:83:D1:E2:F3:CC:A6:96:F6:97:1C:76:FE:E8:2C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3288: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174387 (0x1ee2b6b3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:47:15 2015 Not After : Mon May 18 21:47:15 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:4f:06:5b:8e:f2:65:c9:cf:f2:14:97:01:a7:70:ef: c6:80:3c:92:c1:87:d1:34:e4:7f:87:91:4d:d1:84:d6: 66:f4:91:b5:e0:34:5d:cc:21:d6:f4:c5:fd:9d:a7:d7: 36:47:93:33:ed:78:4e:fc:1c:b7:47:08:0f:7e:c3:ad: 16:33:96:43:3d:48:de:a4:ae:63:43:1c:51:ed:bd:35: 27:36:d0:f9:d7:ee:75:38:71:67:04:ae:aa:f0:e7:70: 1d:ab:60:9c:6d:15:3d:b8:1c:f4:39:ea:c6:e9:6b:ee: 68:bb:cc:37:c4:cf:e9:03:be:8d:fc:87:9a:5d:77:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:97:ab:05:b4:ad:ce:b4:3c:24:ba:90:cd:42:6b:ba: 73:32:ef:ac:08:37:cc:74:21:9c:03:32:40:79:3b:ee: ff:a3:0b:a6:c1:0c:5e:71:ac:a3:7b:bd:8b:02:76:b1: 36:41:a0:76:b8:1b:ec:65:31:e4:58:a2:3e:ae:68:76: 5a:3c:6e:17:93:b0:39:d0:8d:f5:bf:0b:9e:8a:1a:ec: 28:05:c1:aa:b0:1f:2f:cc:42:02:0a:14:fc:c7:38:ae: 56:63:e7:33:a8:4f:a8:24:45:98:a4:5f:d0:4b:ab:3c: 00:58:17:c1:2e:d8:bb:b8:88:85:63:82:4e:ba:60:71 Fingerprint (SHA-256): 48:6C:B1:97:C6:AF:B3:0D:7E:73:B1:70:E2:D6:ED:F4:6C:D3:8D:97:B7:A1:A1:B8:F5:D7:80:20:0E:C2:4B:66 Fingerprint (SHA1): 8C:3A:EA:AE:B6:04:83:D1:E2:F3:CC:A6:96:F6:97:1C:76:FE:E8:2C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3289: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174388 (0x1ee2b6b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:47:18 2015 Not After : Mon May 18 21:47:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:b6:e9:96:97:46:2f:9f:10:e5:ef:ad:24:20:f9:bd: c2:76:88:42:50:d1:73:3e:bb:41:3e:0c:e7:13:12:cc: e1:fb:aa:12:b2:23:3c:bd:c1:e5:4b:56:b2:17:f1:4a: 66:ba:b0:b2:11:01:65:39:b8:a1:f1:8b:92:13:46:fb: 26:a5:c8:24:f8:b0:12:74:40:4e:77:aa:e0:82:ad:e2: 7f:42:04:0f:68:61:31:39:5e:6a:5c:d5:be:99:09:7b: 58:82:e6:16:0b:87:6f:af:df:8a:d5:ed:6a:85:d1:3a: b5:a8:ac:90:0a:f3:b1:c0:cb:4e:37:dd:96:bb:46:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:a0:e7:71:da:39:f8:4e:ac:be:05:61:95:2b:69:86: 97:30:60:65:ae:fd:48:77:0e:72:06:8c:de:f7:bf:1d: 83:dd:75:e6:3b:d0:19:90:76:54:e5:33:9e:d1:e1:4d: c9:3e:91:3e:88:0e:52:37:9c:6f:f4:b6:9e:bf:58:11: b2:a0:a0:98:6b:0b:4b:1b:da:a1:a5:a9:40:fb:50:39: 3a:77:cf:97:59:87:00:e9:d9:5f:30:b1:06:97:49:13: 34:3d:f3:1c:e5:86:c4:70:c9:2e:e7:a4:63:50:f4:db: d5:6d:3f:12:a6:b1:44:86:3e:5d:b2:d4:9a:1a:56:63 Fingerprint (SHA-256): B6:6F:A5:40:03:18:F3:0C:5C:6F:88:CA:0B:61:85:58:6F:3F:93:5B:B1:65:42:4C:28:A4:48:E4:A1:2D:4E:2E Fingerprint (SHA1): 13:97:08:98:25:44:50:A8:09:16:18:D6:05:7D:D6:FB:1C:0C:B5:45 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3290: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174388 (0x1ee2b6b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:47:18 2015 Not After : Mon May 18 21:47:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:b6:e9:96:97:46:2f:9f:10:e5:ef:ad:24:20:f9:bd: c2:76:88:42:50:d1:73:3e:bb:41:3e:0c:e7:13:12:cc: e1:fb:aa:12:b2:23:3c:bd:c1:e5:4b:56:b2:17:f1:4a: 66:ba:b0:b2:11:01:65:39:b8:a1:f1:8b:92:13:46:fb: 26:a5:c8:24:f8:b0:12:74:40:4e:77:aa:e0:82:ad:e2: 7f:42:04:0f:68:61:31:39:5e:6a:5c:d5:be:99:09:7b: 58:82:e6:16:0b:87:6f:af:df:8a:d5:ed:6a:85:d1:3a: b5:a8:ac:90:0a:f3:b1:c0:cb:4e:37:dd:96:bb:46:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:a0:e7:71:da:39:f8:4e:ac:be:05:61:95:2b:69:86: 97:30:60:65:ae:fd:48:77:0e:72:06:8c:de:f7:bf:1d: 83:dd:75:e6:3b:d0:19:90:76:54:e5:33:9e:d1:e1:4d: c9:3e:91:3e:88:0e:52:37:9c:6f:f4:b6:9e:bf:58:11: b2:a0:a0:98:6b:0b:4b:1b:da:a1:a5:a9:40:fb:50:39: 3a:77:cf:97:59:87:00:e9:d9:5f:30:b1:06:97:49:13: 34:3d:f3:1c:e5:86:c4:70:c9:2e:e7:a4:63:50:f4:db: d5:6d:3f:12:a6:b1:44:86:3e:5d:b2:d4:9a:1a:56:63 Fingerprint (SHA-256): B6:6F:A5:40:03:18:F3:0C:5C:6F:88:CA:0B:61:85:58:6F:3F:93:5B:B1:65:42:4C:28:A4:48:E4:A1:2D:4E:2E Fingerprint (SHA1): 13:97:08:98:25:44:50:A8:09:16:18:D6:05:7D:D6:FB:1C:0C:B5:45 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3291: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3292: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174391 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3293: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3294: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3295: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3296: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174392 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3297: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3298: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3299: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3300: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174393 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3301: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3302: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3303: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3304: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518174394 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3305: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3306: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3307: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3308: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518174395 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3309: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3310: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3311: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3312: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518174396 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3313: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3314: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #3315: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3316: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518174397 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3317: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3318: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3319: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #3320: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #3321: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3322: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #3323: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174391 (0x1ee2b6b7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:47:43 2015 Not After : Mon May 18 21:47:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:16:5a:e2:7a:ec:6a:b7:fa:ca:c5:6c:54:06:eb:22: 1c:45:9f:11:1c:22:1c:2a:62:bb:ce:f6:e6:79:8a:2c: fc:1f:88:a5:2a:ff:85:8b:a9:72:15:71:c2:2d:8d:6c: ad:fc:97:0c:c5:a6:67:d0:af:51:8f:3f:60:76:96:6e: 5f:cf:3c:03:63:fe:65:88:9c:2b:ac:33:e2:e2:b6:2b: 1e:d1:07:e5:ce:99:f4:03:be:b3:e9:37:6a:76:6e:a8: 1e:8d:ae:56:8b:92:12:df:9d:24:24:19:a1:c5:f4:55: 07:7b:b9:7b:03:b1:1d:ab:39:11:56:06:2a:ed:75:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:0c:21:33:17:4a:7d:c7:95:57:b4:78:5b:fe:a9:ac: 22:0d:d8:1d:0d:85:66:53:07:79:66:aa:01:f3:de:0a: 1a:f7:97:a6:10:cf:f2:f8:9d:8b:a7:c7:85:04:fb:f7: d9:c6:2f:bb:3c:10:8a:24:4d:f7:2c:5c:06:28:de:da: c4:7b:00:64:e4:60:cb:db:9a:99:e9:4d:23:d3:ab:63: 51:30:0a:43:00:48:d9:d7:87:35:6f:56:9c:22:64:dc: 2f:b7:8e:c4:2c:80:da:3b:4c:46:a8:1f:00:b2:7a:e9: b7:75:6a:fe:2d:46:1a:19:0b:3d:7a:6f:2f:85:a2:2a Fingerprint (SHA-256): 51:F8:7A:2A:1C:73:29:50:23:BC:65:87:3C:F9:28:AE:61:89:4F:D8:B2:B0:AE:BD:2C:F7:C6:D0:2D:C3:A2:CB Fingerprint (SHA1): 33:76:BE:31:03:6C:B8:B1:CA:D2:F7:EE:C8:A6:9D:04:54:44:14:EA Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3324: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3325: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3326: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3327: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174391 (0x1ee2b6b7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:47:43 2015 Not After : Mon May 18 21:47:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:16:5a:e2:7a:ec:6a:b7:fa:ca:c5:6c:54:06:eb:22: 1c:45:9f:11:1c:22:1c:2a:62:bb:ce:f6:e6:79:8a:2c: fc:1f:88:a5:2a:ff:85:8b:a9:72:15:71:c2:2d:8d:6c: ad:fc:97:0c:c5:a6:67:d0:af:51:8f:3f:60:76:96:6e: 5f:cf:3c:03:63:fe:65:88:9c:2b:ac:33:e2:e2:b6:2b: 1e:d1:07:e5:ce:99:f4:03:be:b3:e9:37:6a:76:6e:a8: 1e:8d:ae:56:8b:92:12:df:9d:24:24:19:a1:c5:f4:55: 07:7b:b9:7b:03:b1:1d:ab:39:11:56:06:2a:ed:75:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:0c:21:33:17:4a:7d:c7:95:57:b4:78:5b:fe:a9:ac: 22:0d:d8:1d:0d:85:66:53:07:79:66:aa:01:f3:de:0a: 1a:f7:97:a6:10:cf:f2:f8:9d:8b:a7:c7:85:04:fb:f7: d9:c6:2f:bb:3c:10:8a:24:4d:f7:2c:5c:06:28:de:da: c4:7b:00:64:e4:60:cb:db:9a:99:e9:4d:23:d3:ab:63: 51:30:0a:43:00:48:d9:d7:87:35:6f:56:9c:22:64:dc: 2f:b7:8e:c4:2c:80:da:3b:4c:46:a8:1f:00:b2:7a:e9: b7:75:6a:fe:2d:46:1a:19:0b:3d:7a:6f:2f:85:a2:2a Fingerprint (SHA-256): 51:F8:7A:2A:1C:73:29:50:23:BC:65:87:3C:F9:28:AE:61:89:4F:D8:B2:B0:AE:BD:2C:F7:C6:D0:2D:C3:A2:CB Fingerprint (SHA1): 33:76:BE:31:03:6C:B8:B1:CA:D2:F7:EE:C8:A6:9D:04:54:44:14:EA Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3328: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3329: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3330: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174398 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3331: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3332: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3333: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3334: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174399 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3335: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3336: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #3337: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3338: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518174400 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3339: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3340: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #3341: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3342: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518174401 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3343: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3344: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3345: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3346: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518174402 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3347: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3348: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #3349: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3350: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518174403 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3351: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3352: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #3353: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3354: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518174404 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3355: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3356: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3357: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3358: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518174405 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3359: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3360: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #3361: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3362: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518174406 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3363: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3364: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #3365: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3366: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518174407 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3367: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3368: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3369: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3370: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518174408 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3371: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3372: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #3373: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3374: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518174409 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3375: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3376: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #3377: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3378: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518174410 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3379: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3380: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3381: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3382: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518174411 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3383: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3384: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #3385: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3386: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518174412 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3387: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3388: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #3389: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3390: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518174413 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3391: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3392: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #3393: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3394: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518174414 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3395: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3396: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #3397: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3398: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518174415 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3399: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3400: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #3401: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3402: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518174416 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3403: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3404: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #3405: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3406: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518174417 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3407: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3408: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #3409: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3410: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518174418 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3411: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3412: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #3413: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3414: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518174419 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3415: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3416: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #3417: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3418: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518174420 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3419: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3420: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #3421: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3422: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518174421 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3423: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3424: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #3425: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3426: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518174422 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3427: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3428: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #3429: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3430: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518174423 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3431: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3432: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #3433: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3434: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518174424 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3435: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3436: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #3437: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3438: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518174425 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3439: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3440: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #3441: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3442: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518174426 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3443: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3444: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #3445: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3446: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518174427 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3447: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3448: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3449: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3450: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3451: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3452: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3453: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3454: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3455: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3456: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3457: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3458: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3459: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3460: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3461: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3462: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3463: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3464: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3465: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3466: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3467: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3468: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3469: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3470: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3471: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174398 (0x1ee2b6be) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:48:11 2015 Not After : Mon May 18 21:48:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b8:13:66:ae:ab:ed:b8:43:51:26:05:f0:e5:7a:09: ba:e1:a4:7b:d6:a8:28:bf:7f:b7:96:b3:91:b5:c3:b6: e4:8b:00:71:16:f4:c9:06:a8:e6:03:a8:e7:f1:1c:03: 06:86:50:06:08:6a:54:09:de:37:5a:ae:4e:ed:b3:82: 09:50:0b:79:90:a9:4a:72:4a:d6:52:b3:a9:c7:0a:d9: 6b:2d:49:53:06:ad:c6:e5:8f:e3:37:0b:c4:cb:29:0a: 46:ee:12:48:c5:ec:f6:4a:0a:6a:db:8e:42:40:6c:55: c5:a2:90:59:3a:ea:f9:53:46:53:b8:94:34:36:9e:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:e9:6f:63:b8:b8:b2:11:57:ed:90:10:9f:13:a0:69: b6:9b:0f:c9:cb:5a:b5:d2:f7:8a:0d:c7:3d:b6:92:ad: cd:4f:cf:7e:97:66:16:af:6b:50:a6:bf:41:b1:1e:ea: 89:4e:cb:78:37:12:81:4d:dc:fc:9f:7e:af:d7:5b:69: d1:11:17:5b:76:09:87:16:21:fe:47:f1:b9:1d:5f:c4: b4:11:b2:b5:87:94:93:ef:33:c1:6a:7b:12:46:5f:51: 00:ca:db:d7:4f:0c:0a:0e:3d:52:7b:47:87:83:e0:33: f7:5a:56:81:92:dc:4c:fb:67:64:d3:78:35:cf:ac:7f Fingerprint (SHA-256): 9B:E7:F7:1B:81:71:64:9B:EB:B5:E9:85:FE:E0:78:34:51:68:74:33:55:DF:CB:2F:76:E2:58:7C:B0:A3:7C:C1 Fingerprint (SHA1): 68:98:FD:C7:B0:9C:86:6E:1F:FD:35:6A:FF:4A:F3:DD:C0:2A:48:08 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3472: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3473: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3474: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174428 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3475: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3476: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #3477: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3478: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518174429 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3479: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3480: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #3481: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3482: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518174430 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3483: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3484: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #3485: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3486: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518174431 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3487: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3488: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #3489: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3490: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518174432 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3491: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3492: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #3493: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3494: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518174433 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3495: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3496: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #3497: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3498: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518174434 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3499: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3500: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3501: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174428 (0x1ee2b6dc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:06 2015 Not After : Mon May 18 21:50:06 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:91:f2:ce:d0:ac:fd:55:d3:74:1f:1a:70:e2:69:61: f7:ef:f0:9d:82:d5:44:73:f9:82:1b:02:30:24:e9:26: 06:58:5b:96:72:b3:7a:22:52:25:e3:bd:27:90:39:b0: 2f:ed:79:77:ba:3c:63:81:b1:2a:c5:19:28:de:9b:85: aa:e4:95:4f:af:ae:4a:d7:2f:bd:90:74:f1:2f:2b:70: b6:2b:bd:93:a9:3e:b4:7d:5b:8b:35:cc:fd:e7:65:86: ad:72:25:77:1b:c8:e2:91:b9:82:e5:62:bc:2d:7d:52: f6:df:9b:e7:4e:1f:87:78:ad:94:4c:81:4b:1c:dd:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:82:8f:6c:46:f7:b9:80:ad:52:57:2b:60:9c:f4:0f: ad:d9:4b:6f:d5:85:58:31:0d:d5:da:7c:3f:70:99:38: 68:17:f1:68:d0:b5:33:b0:0a:89:ea:fe:13:af:2c:96: 22:4b:c6:68:5f:45:bb:8f:06:9d:60:1b:62:2a:5e:69: 3f:b5:ac:73:c8:46:5a:14:11:84:6c:9b:80:4e:a0:8d: 06:5b:ff:25:70:71:d5:90:d8:22:13:a3:e8:1c:79:e4: ef:ea:ae:bf:25:90:4d:2a:ba:d9:b8:64:37:14:3c:c4: 8f:a8:26:6e:cc:99:bf:81:db:80:4f:b7:34:32:e3:7e Fingerprint (SHA-256): 69:30:7A:02:00:D1:87:30:D4:FB:EF:5E:C4:2A:BC:C8:8F:95:69:5F:4C:39:02:C7:9B:F1:A0:68:A7:C3:58:AB Fingerprint (SHA1): 7B:C5:D3:D6:8E:D6:F8:22:7D:D6:8A:BE:A5:B7:D4:C3:04:12:03:42 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3502: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3503: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3504: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3505: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174428 (0x1ee2b6dc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:06 2015 Not After : Mon May 18 21:50:06 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:91:f2:ce:d0:ac:fd:55:d3:74:1f:1a:70:e2:69:61: f7:ef:f0:9d:82:d5:44:73:f9:82:1b:02:30:24:e9:26: 06:58:5b:96:72:b3:7a:22:52:25:e3:bd:27:90:39:b0: 2f:ed:79:77:ba:3c:63:81:b1:2a:c5:19:28:de:9b:85: aa:e4:95:4f:af:ae:4a:d7:2f:bd:90:74:f1:2f:2b:70: b6:2b:bd:93:a9:3e:b4:7d:5b:8b:35:cc:fd:e7:65:86: ad:72:25:77:1b:c8:e2:91:b9:82:e5:62:bc:2d:7d:52: f6:df:9b:e7:4e:1f:87:78:ad:94:4c:81:4b:1c:dd:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:82:8f:6c:46:f7:b9:80:ad:52:57:2b:60:9c:f4:0f: ad:d9:4b:6f:d5:85:58:31:0d:d5:da:7c:3f:70:99:38: 68:17:f1:68:d0:b5:33:b0:0a:89:ea:fe:13:af:2c:96: 22:4b:c6:68:5f:45:bb:8f:06:9d:60:1b:62:2a:5e:69: 3f:b5:ac:73:c8:46:5a:14:11:84:6c:9b:80:4e:a0:8d: 06:5b:ff:25:70:71:d5:90:d8:22:13:a3:e8:1c:79:e4: ef:ea:ae:bf:25:90:4d:2a:ba:d9:b8:64:37:14:3c:c4: 8f:a8:26:6e:cc:99:bf:81:db:80:4f:b7:34:32:e3:7e Fingerprint (SHA-256): 69:30:7A:02:00:D1:87:30:D4:FB:EF:5E:C4:2A:BC:C8:8F:95:69:5F:4C:39:02:C7:9B:F1:A0:68:A7:C3:58:AB Fingerprint (SHA1): 7B:C5:D3:D6:8E:D6:F8:22:7D:D6:8A:BE:A5:B7:D4:C3:04:12:03:42 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3506: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3507: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3508: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3509: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174435 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3510: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3511: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3512: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3513: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174436 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3514: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3515: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3516: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3517: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174437 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3518: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3519: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3520: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3521: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174438 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3522: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3523: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3524: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3525: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3526: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3527: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174435 (0x1ee2b6e3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:33 2015 Not After : Mon May 18 21:50:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:c4:2d:4b:7e:2f:cd:79:ac:fb:26:f8:fb:9a:95:20: 9a:a3:a2:35:e7:2d:e3:32:85:8c:82:0d:8f:f2:ee:35: 3d:d9:25:f7:ac:a0:e7:7d:21:2e:23:38:16:ce:9a:d3: ad:71:5f:3b:24:e4:06:6b:b5:ae:75:5e:91:7d:50:84: f3:84:85:d5:5e:27:5e:27:cb:35:ee:85:9b:3c:cc:ec: 24:f2:d5:42:bd:1d:64:92:76:ae:c4:57:7f:e5:af:b1: 28:82:09:87:33:cf:50:53:d6:aa:dc:23:75:d9:ec:0e: 54:28:86:e0:73:d3:69:85:fd:29:96:4c:15:55:0e:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:23:c0:15:fa:d3:b7:3e:23:2e:40:c5:01:55:c5:92: 46:e7:69:f4:be:0d:14:4c:fb:b4:0c:ae:aa:06:0d:1e: 92:2a:c6:3e:60:f9:3b:b0:68:30:af:5f:0b:4d:fc:61: 17:30:4a:05:5a:a1:52:0a:72:e7:ad:b0:e1:60:42:a8: 6a:a6:5e:3e:a4:0e:c6:0d:0a:65:db:f3:81:6f:86:9e: 19:ab:e5:4f:68:d5:c2:0b:65:96:79:57:bc:4d:20:79: 2c:c5:fe:38:da:c0:67:68:4b:3f:68:20:78:dc:1c:ea: a7:81:d9:4f:e7:45:83:d1:73:d4:a8:3a:db:75:5a:97 Fingerprint (SHA-256): 1E:EE:46:94:49:F0:83:2E:0D:3A:E0:C0:88:2C:FD:E5:81:E3:07:2E:E8:6D:62:24:99:F6:38:76:04:22:6D:4E Fingerprint (SHA1): 28:A7:7B:AA:DF:D2:FE:3F:25:7E:BB:1F:31:7A:83:0D:48:E8:C3:52 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3528: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3529: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3530: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174436 (0x1ee2b6e4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:35 2015 Not After : Mon May 18 21:50:35 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:f8:e1:24:7e:e7:6f:15:84:95:13:81:bc:35:ed:3e: 28:9b:66:66:32:f5:fd:37:34:d9:04:fa:cd:e8:9d:30: e9:7a:dc:37:5b:c7:a4:e9:fd:e3:44:98:7a:88:dc:33: 81:c6:f4:7f:af:50:47:16:df:c4:67:74:ff:cb:c5:4d: 33:5c:40:f6:ef:7a:80:89:be:3a:ca:19:de:84:25:41: 30:d7:c6:ab:18:cc:90:5f:41:40:23:c7:b7:a8:94:3f: b2:bd:7e:d9:78:68:d7:22:37:6b:31:e8:45:a5:07:3d: 7e:71:47:f5:8b:8a:a8:f6:83:8d:27:67:18:d5:2e:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:77:61:d5:a6:57:0a:be:de:58:40:78:28:b7:ac:fa: 38:15:14:3e:f6:7a:00:81:c8:b5:a6:1a:b0:58:b5:f6: 1e:ea:d4:b1:97:bd:71:01:71:c5:75:0a:e8:00:5e:8d: b4:02:e1:af:62:3b:59:28:1b:5a:5e:36:e1:69:9e:9a: be:21:60:93:f2:ab:80:1d:83:5d:c9:2b:8a:8c:c9:55: 3b:81:71:d7:da:64:61:ef:37:61:95:8a:61:22:86:33: fb:bf:3f:2a:dd:0c:93:9e:f1:b0:b8:c0:fc:4a:a5:6d: 5f:37:9c:30:94:12:bd:9d:a8:79:14:72:9d:18:82:92 Fingerprint (SHA-256): 11:BE:B9:31:F8:F7:3E:82:F6:46:8C:DA:92:FD:8E:E6:89:A1:BC:18:FD:13:31:4D:30:62:99:D3:EA:8A:2A:80 Fingerprint (SHA1): D1:1D:01:6F:79:E4:0D:80:18:DB:31:FE:9B:0E:B9:F0:46:41:42:A9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3531: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3532: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174437 (0x1ee2b6e5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:50:38 2015 Not After : Mon May 18 21:50:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:07:ec:10:ad:35:5f:2c:3b:7b:26:0e:e2:38:69:97: 6f:31:c6:a5:58:15:2d:43:22:5f:f0:34:d7:11:b5:e3: 3e:f1:47:5a:c8:99:62:fc:fd:85:e5:c8:41:8d:8d:28: fb:eb:4b:19:29:89:10:81:18:b3:8f:23:31:b3:31:89: 9d:e2:24:42:d6:45:49:c9:48:7d:5e:86:4e:15:b4:48: 64:e1:cf:25:8d:7b:fc:a3:55:18:92:88:a4:92:12:c4: e8:11:63:0b:49:d9:f0:56:10:17:ae:49:4a:d4:5c:ec: 62:06:c2:35:3d:9d:e3:f3:b6:2e:28:7e:65:08:5e:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 83:b1:72:a1:7b:86:6e:ef:7e:64:d2:29:df:08:d9:00: eb:f5:5a:70:a2:f0:21:01:2f:34:43:7c:36:5f:04:32: 84:cf:22:1a:70:b1:7d:d2:99:f8:52:2c:e3:05:d5:fc: 5f:ac:ed:fb:a7:92:cd:0f:58:ec:54:e2:33:54:b6:f3: 03:9a:cf:ae:a9:31:44:1d:72:34:0e:f9:cc:43:96:9e: 6d:08:9a:8e:d5:08:07:78:e6:8d:48:3a:d6:d1:5a:e8: 96:09:74:58:01:58:11:d5:96:bd:1f:cf:d6:91:3b:87: f4:7b:ac:e8:7b:92:23:b2:56:5d:ea:63:9e:98:12:73 Fingerprint (SHA-256): 08:8D:14:8F:5D:51:B8:D8:9B:DF:45:8F:EC:61:4C:2D:CA:77:77:D3:6D:4C:6B:7A:AB:33:64:9C:01:DE:D0:54 Fingerprint (SHA1): 91:96:AD:A6:52:AB:0E:2B:FA:E3:1C:12:62:9F:C4:70:9F:34:A8:33 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3533: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3534: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174439 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3535: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3536: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3537: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3538: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174440 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3539: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3540: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3541: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3542: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174441 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3543: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3544: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3545: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3546: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518174442 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3547: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3548: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3549: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3550: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518174443 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3551: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3552: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3553: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3554: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3555: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3556: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #3557: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174439 (0x1ee2b6e7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:50 2015 Not After : Mon May 18 21:50:50 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:9c:0f:79:60:ef:06:ef:23:6c:31:c5:9f:e1:fa:b6: ce:05:6b:e9:2b:ae:f2:3d:63:cf:dd:17:51:b8:01:f6: 02:15:09:9e:0a:c2:a7:56:bc:c1:79:1c:cc:8a:5b:c8: d8:b8:f9:8c:3b:bb:35:49:35:fc:5c:c6:44:df:75:13: 26:26:d3:3c:1d:62:e8:80:94:eb:21:1c:b7:15:8f:e8: c1:3f:f3:eb:c5:b7:37:0c:88:8d:9c:c5:7c:1a:ca:0e: eb:1a:00:e4:a0:00:0f:6b:0a:16:9a:b4:19:51:0d:02: 5e:a1:c9:a4:56:0c:3f:b8:f0:e8:d9:d4:ac:2e:5d:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:40:d9:ea:79:84:d0:e4:33:0c:11:a9:32:f1:26:10: bf:64:af:cf:03:48:4f:cf:72:8c:06:e5:31:11:93:0b: 1b:50:86:4b:15:77:b2:93:8d:4e:bc:b5:05:e7:08:81: 23:6d:53:e0:fa:03:9d:00:87:4a:89:68:ec:b7:b0:a8: 03:fd:20:56:3d:38:02:34:90:8d:ff:bf:83:78:ab:09: 51:01:a9:3b:06:75:c0:f5:64:42:4d:30:4b:ef:4e:47: 41:28:fb:ef:22:57:5d:a2:f7:db:33:a5:2a:ee:fe:ce: 09:0f:c4:90:d3:c6:34:77:76:d0:21:63:bd:ae:7b:64 Fingerprint (SHA-256): E4:EF:A1:BA:2F:78:21:57:EF:9C:1A:4D:19:3B:C5:1D:69:78:76:71:EE:05:6B:A3:C7:3F:03:6D:6B:4A:6E:47 Fingerprint (SHA1): 6C:43:20:2A:22:26:6F:FE:C0:EA:92:22:A2:42:F1:05:E4:F2:DF:66 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3558: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3559: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174440 (0x1ee2b6e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:50:53 2015 Not After : Mon May 18 21:50:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:6a:f4:84:1b:48:dd:4a:65:3e:40:06:ed:f4:5e:2b: 13:01:92:37:c9:bb:4d:8a:a0:48:7b:33:72:14:81:a5: 0e:3b:59:1e:8d:88:45:ee:5b:bd:47:92:a3:1e:0f:d5: de:77:e3:58:13:f9:ed:4c:1c:11:9b:f7:fe:ed:42:49: ec:0d:6c:62:e7:1c:90:c4:fc:0b:c1:44:36:95:4d:93: b9:3a:6c:a3:a3:4c:00:a4:6b:73:0a:0a:0d:d1:ad:fe: e0:b0:f6:aa:fe:17:51:62:c4:df:8b:2c:63:7b:ca:56: 41:a3:4b:e7:43:61:4f:40:18:0f:ad:3a:60:91:56:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:38:8c:fd:84:17:31:47:0f:77:71:18:6d:7d:e5:fe: 0d:f5:16:68:b6:1b:95:81:15:2f:12:22:14:26:4d:b3: 38:78:2f:01:72:be:be:9f:3b:fb:bc:10:a0:b6:75:ab: 56:d8:07:8d:8d:c0:16:b9:fd:96:7f:84:2a:99:7b:64: 97:59:47:b5:43:57:60:7a:99:fa:ec:39:e5:7e:a0:01: d0:24:b6:03:ce:8a:36:c4:98:1b:3c:83:54:f0:e9:cc: df:9b:fd:5e:68:e8:47:28:61:57:58:df:83:3e:7b:0c: 9b:1f:30:ca:fb:70:7f:ee:02:e6:2f:48:13:c8:eb:29 Fingerprint (SHA-256): 2A:A1:03:60:3A:82:09:6B:81:27:FB:72:AE:60:84:C1:87:1A:FF:19:A6:16:19:10:BA:22:7D:4D:60:C5:00:E6 Fingerprint (SHA1): F2:6D:F6:52:76:F0:ED:21:B8:D8:66:CC:96:BC:7E:DA:6D:B6:C8:98 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3560: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3561: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3562: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174441 (0x1ee2b6e9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:50:56 2015 Not After : Mon May 18 21:50:56 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:12:90:08:03:f4:54:cd:12:14:06:bb:45:ad:a9:1f: 05:06:20:e7:85:6f:11:3b:4b:0b:09:63:d7:f4:74:8f: 92:99:c3:37:db:7c:5e:63:5c:9b:bd:aa:5b:79:bc:75: 9a:d1:12:c1:39:c6:c1:c4:54:22:6c:cb:78:87:ea:92: 44:4d:bf:a4:d3:58:8a:bf:be:10:73:aa:f6:a1:46:84: 3a:6d:2b:6a:82:30:b7:b8:72:0c:3e:20:ff:b8:86:a7: 0d:7d:a5:b3:03:42:a3:26:76:93:ca:77:33:56:e6:43: 75:46:a7:b4:19:8a:5e:6b:33:35:a3:2a:50:d4:9f:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:67:0d:ea:80:54:eb:ce:97:36:21:43:96:42:d7:15: bc:14:44:7c:ba:65:f7:a6:54:5d:3d:f3:2e:ea:ef:7f: 53:ec:b1:7f:80:3b:25:e2:38:60:f7:3e:30:69:42:3d: e5:0e:8c:4a:a1:d7:40:08:97:98:29:e0:96:58:71:69: 7a:10:83:96:a9:f2:f2:ba:db:fe:37:84:82:82:c6:e6: be:1b:ef:33:d7:76:c7:ac:0a:d2:85:01:bd:10:64:39: 80:e5:56:49:26:12:14:74:18:a9:e1:7c:11:38:3a:04: 60:ad:4d:28:8e:8b:6b:9a:27:2d:21:e5:ec:0d:ca:ab Fingerprint (SHA-256): 0E:7B:1E:A0:2B:12:B7:A7:E9:11:51:77:F7:81:89:4E:78:58:6E:26:7D:98:1F:C7:5A:ED:8F:70:68:2F:03:6C Fingerprint (SHA1): E9:41:42:B7:6D:B7:A7:CE:49:37:33:79:87:40:E3:38:FD:75:41:0E Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3563: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3564: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174444 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3565: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3566: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3567: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3568: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174445 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3569: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3570: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3571: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3572: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174446 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518174353.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3573: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3574: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3575: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3576: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174447 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3577: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3578: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #3579: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174444 (0x1ee2b6ec) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:51:12 2015 Not After : Mon May 18 21:51:12 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:8b:f7:17:27:b4:cf:95:6c:dc:26:26:4d:7e:08:67: 75:f2:9c:92:57:6e:41:2d:87:12:f1:6f:3a:6a:99:82: f5:e9:63:c6:b7:60:94:bf:39:0a:cf:64:76:3f:ec:89: 03:40:69:ea:32:27:55:5e:76:1f:45:97:70:b4:5d:15: 64:84:7e:91:f9:6c:8e:7b:c7:57:13:14:36:85:3b:e9: 3b:69:e0:9d:8e:34:f0:b5:ad:17:e9:03:c3:16:73:c1: 38:4b:94:a5:f5:a2:68:6b:b5:d9:ad:2b:43:07:4a:07: a0:e2:c9:9b:ac:2e:cb:e1:ee:65:d5:73:05:e1:d3:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:0b:08:92:1c:0d:aa:ca:4b:09:5b:c8:8c:09:97:d5: c1:ba:31:ff:6c:7b:06:5f:5b:3f:9c:e4:63:d4:61:19: d0:69:b5:eb:7f:bd:d1:0a:8c:b6:ea:06:3f:93:98:5e: 95:f6:d4:95:09:91:44:bd:08:8d:1a:a3:f0:66:a1:da: cb:33:92:40:8c:ca:0c:58:e8:9c:5d:16:e5:78:3a:46: f8:ab:dd:51:ed:a6:27:21:75:e7:cf:13:59:7c:2e:0a: b1:84:dd:42:91:b2:f8:02:2c:c4:90:6a:48:63:8a:01: 22:04:00:ca:3d:14:f6:ef:8c:6f:4d:8c:41:6f:5e:87 Fingerprint (SHA-256): B5:87:24:FB:B9:78:6E:BB:CE:AB:F1:8B:92:D7:88:AC:9D:A2:0C:3B:E6:D2:FF:8A:BE:E4:4A:72:95:E2:F4:26 Fingerprint (SHA1): CC:18:8C:AE:2F:42:46:49:F4:68:91:B3:74:17:99:16:FE:D1:54:C0 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3580: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3581: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174448 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3582: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3583: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3584: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174449 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3585: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3586: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3587: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3588: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174450 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3589: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3590: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174451 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3591: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3592: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3593: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3594: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3595: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174452 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518174354.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3596: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3597: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3598: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3599: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174453 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3600: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3601: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3602: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3603: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174449 (0x1ee2b6f1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:31 2015 Not After : Mon May 18 21:51:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:3a:82:a1:13:ac:30:96:ff:96:c5:ec:36:a6:af:d2: ac:9d:ac:ca:a7:8c:4c:b2:d3:41:c0:11:1c:06:f9:bb: 5b:2e:9a:05:69:76:a2:1a:b9:76:5d:78:dd:0a:0b:48: 51:45:f9:e3:f3:15:96:88:4d:3a:d3:81:a1:e4:f0:b3: 8b:1d:f9:1c:ed:5b:e4:c3:46:19:7b:70:ba:a2:ae:90: dc:8f:92:4c:5d:c8:8a:1e:b1:63:68:7d:6d:4d:48:9d: cb:2c:48:ed:e9:8d:58:f7:48:ea:b8:72:4d:8f:af:44: 3a:70:4a:da:88:60:51:30:e5:38:61:f7:70:84:6e:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:15:55:c3:32:8a:2c:ad:a4:0a:4e:7c:4c:98:47:32: 9d:fa:75:a0:65:ed:22:fa:af:21:e0:1c:45:26:da:cf: 35:1e:7e:7c:6c:da:33:59:f7:9d:9f:6f:60:01:20:54: a3:7d:54:0e:50:34:e9:15:46:76:3f:ab:80:c3:5a:b9: c8:93:c8:51:7a:e9:9f:02:19:f7:91:7f:d2:9f:dc:a6: cc:a7:f7:4d:5b:43:36:49:c9:8c:9e:36:0f:ba:7a:4f: e0:ba:e4:99:06:98:65:8c:f6:d6:9d:4c:97:31:c6:dc: 72:3d:b8:75:8e:fe:63:21:4d:d9:f6:a0:a5:24:98:7a Fingerprint (SHA-256): 25:AA:0D:3E:D7:6A:9A:C2:E4:19:F0:56:41:42:BD:99:B4:CB:2B:18:79:61:39:7F:64:A4:CF:55:42:02:32:CF Fingerprint (SHA1): 9D:7B:7B:8B:24:7A:E3:81:19:C2:6E:ED:AE:04:F6:AA:88:F6:BC:72 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3604: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174449 (0x1ee2b6f1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:31 2015 Not After : Mon May 18 21:51:31 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:3a:82:a1:13:ac:30:96:ff:96:c5:ec:36:a6:af:d2: ac:9d:ac:ca:a7:8c:4c:b2:d3:41:c0:11:1c:06:f9:bb: 5b:2e:9a:05:69:76:a2:1a:b9:76:5d:78:dd:0a:0b:48: 51:45:f9:e3:f3:15:96:88:4d:3a:d3:81:a1:e4:f0:b3: 8b:1d:f9:1c:ed:5b:e4:c3:46:19:7b:70:ba:a2:ae:90: dc:8f:92:4c:5d:c8:8a:1e:b1:63:68:7d:6d:4d:48:9d: cb:2c:48:ed:e9:8d:58:f7:48:ea:b8:72:4d:8f:af:44: 3a:70:4a:da:88:60:51:30:e5:38:61:f7:70:84:6e:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:15:55:c3:32:8a:2c:ad:a4:0a:4e:7c:4c:98:47:32: 9d:fa:75:a0:65:ed:22:fa:af:21:e0:1c:45:26:da:cf: 35:1e:7e:7c:6c:da:33:59:f7:9d:9f:6f:60:01:20:54: a3:7d:54:0e:50:34:e9:15:46:76:3f:ab:80:c3:5a:b9: c8:93:c8:51:7a:e9:9f:02:19:f7:91:7f:d2:9f:dc:a6: cc:a7:f7:4d:5b:43:36:49:c9:8c:9e:36:0f:ba:7a:4f: e0:ba:e4:99:06:98:65:8c:f6:d6:9d:4c:97:31:c6:dc: 72:3d:b8:75:8e:fe:63:21:4d:d9:f6:a0:a5:24:98:7a Fingerprint (SHA-256): 25:AA:0D:3E:D7:6A:9A:C2:E4:19:F0:56:41:42:BD:99:B4:CB:2B:18:79:61:39:7F:64:A4:CF:55:42:02:32:CF Fingerprint (SHA1): 9D:7B:7B:8B:24:7A:E3:81:19:C2:6E:ED:AE:04:F6:AA:88:F6:BC:72 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3605: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3606: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174454 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3607: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3608: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3609: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174455 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3610: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3611: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3612: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3613: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174456 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3614: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3615: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174457 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3616: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3617: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3618: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3619: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3620: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174458 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518174355.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3621: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3622: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3623: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3624: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174459 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3625: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3626: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3627: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3628: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518174460 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518174356.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3629: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3630: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3631: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3632: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174461 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3633: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3634: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3635: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3636: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174455 (0x1ee2b6f7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:50 2015 Not After : Mon May 18 21:51:50 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:a3:74:dd:78:e1:11:1a:29:87:bb:c2:73:bb:d0:aa: 1f:ba:85:b5:d3:30:dc:f1:bc:a9:80:64:7f:69:ff:71: 67:42:ec:a0:22:02:18:33:9c:33:95:0d:57:f5:da:03: c8:71:27:33:7e:03:b0:fa:ec:47:fb:bc:12:7d:8f:8f: 2f:fd:e5:8e:8f:c2:a8:1e:6a:5c:42:ee:25:8a:a2:d1: 0e:0c:cb:31:bd:83:d2:0e:7d:ca:92:15:ca:6f:b7:84: 76:62:7a:09:0e:a7:d9:d7:38:27:a5:84:92:f2:a2:99: d9:08:a9:4b:10:dd:d0:f9:a6:b2:ad:ca:53:a7:fa:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:dc:10:06:b5:e5:18:11:57:63:4d:85:4a:3c:82:17: 42:a9:4f:3a:63:d8:a7:e9:81:65:2c:d2:72:b5:b5:70: 0e:12:6d:8c:c8:85:91:37:f1:c2:b3:e0:c6:78:52:2f: 15:f5:bd:8d:0a:f9:b1:d1:aa:53:69:46:b6:a2:92:91: 10:88:a3:48:c7:ba:8b:f4:79:1f:df:c0:1c:ff:8e:45: cd:4a:ec:fa:a1:8a:84:9c:d1:5d:98:8a:ed:fc:1b:ab: 5c:cc:69:8e:b2:f0:0d:d3:bd:1f:0e:a9:1d:b4:05:63: af:47:45:e0:9b:bb:c0:ff:9e:6b:35:9f:d5:f6:58:91 Fingerprint (SHA-256): 62:D7:C3:E7:86:B3:5F:26:BA:AD:19:FA:39:87:6D:3D:34:54:79:E4:36:93:56:CA:32:3C:EA:A9:97:D8:FD:A1 Fingerprint (SHA1): E3:21:DE:E0:03:3B:52:D0:80:3F:1E:8F:3C:5B:9C:95:BF:FC:D6:5D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3637: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174455 (0x1ee2b6f7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:50 2015 Not After : Mon May 18 21:51:50 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:a3:74:dd:78:e1:11:1a:29:87:bb:c2:73:bb:d0:aa: 1f:ba:85:b5:d3:30:dc:f1:bc:a9:80:64:7f:69:ff:71: 67:42:ec:a0:22:02:18:33:9c:33:95:0d:57:f5:da:03: c8:71:27:33:7e:03:b0:fa:ec:47:fb:bc:12:7d:8f:8f: 2f:fd:e5:8e:8f:c2:a8:1e:6a:5c:42:ee:25:8a:a2:d1: 0e:0c:cb:31:bd:83:d2:0e:7d:ca:92:15:ca:6f:b7:84: 76:62:7a:09:0e:a7:d9:d7:38:27:a5:84:92:f2:a2:99: d9:08:a9:4b:10:dd:d0:f9:a6:b2:ad:ca:53:a7:fa:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:dc:10:06:b5:e5:18:11:57:63:4d:85:4a:3c:82:17: 42:a9:4f:3a:63:d8:a7:e9:81:65:2c:d2:72:b5:b5:70: 0e:12:6d:8c:c8:85:91:37:f1:c2:b3:e0:c6:78:52:2f: 15:f5:bd:8d:0a:f9:b1:d1:aa:53:69:46:b6:a2:92:91: 10:88:a3:48:c7:ba:8b:f4:79:1f:df:c0:1c:ff:8e:45: cd:4a:ec:fa:a1:8a:84:9c:d1:5d:98:8a:ed:fc:1b:ab: 5c:cc:69:8e:b2:f0:0d:d3:bd:1f:0e:a9:1d:b4:05:63: af:47:45:e0:9b:bb:c0:ff:9e:6b:35:9f:d5:f6:58:91 Fingerprint (SHA-256): 62:D7:C3:E7:86:B3:5F:26:BA:AD:19:FA:39:87:6D:3D:34:54:79:E4:36:93:56:CA:32:3C:EA:A9:97:D8:FD:A1 Fingerprint (SHA1): E3:21:DE:E0:03:3B:52:D0:80:3F:1E:8F:3C:5B:9C:95:BF:FC:D6:5D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3638: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #3639: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174454 (0x1ee2b6f6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:51:48 2015 Not After : Mon May 18 21:51:48 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:4c:eb:8d:74:50:d1:2d:1d:48:82:7d:f8:25:f6:1d: 5e:56:df:1c:0b:c0:c2:bb:0e:69:85:1d:fc:d9:5f:5d: 50:27:1a:1e:51:25:dc:bf:8e:fd:aa:0b:a5:dd:11:c2: f5:c3:5b:bd:32:f6:98:b9:6d:6e:09:0f:0a:a5:d9:63: 5f:e4:0b:4c:48:08:db:9a:43:e1:d1:17:40:df:c5:85: 6a:1d:18:31:36:2f:c9:5f:c2:8d:7c:fd:b9:c9:45:56: 76:3f:f9:97:1b:43:11:1f:11:07:f1:7c:d3:ad:69:ed: 99:9e:85:5a:ef:a4:0d:b9:c2:aa:18:39:b7:74:2e:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 14:c6:77:18:1e:e1:57:0d:bf:dd:6f:de:28:9b:70:a1: 40:f5:b2:48:31:1c:7d:09:d7:03:74:0c:1e:af:59:77: d4:0b:f0:61:e0:81:3d:af:f0:9f:91:87:43:d6:53:9c: 8d:62:d8:3a:ce:bd:93:4a:49:df:9a:e1:af:15:cc:c1: ef:08:96:1b:63:c9:a7:67:79:0e:45:34:73:44:be:28: 10:dc:45:91:0b:44:6d:74:23:aa:2d:ea:ea:ae:36:77: 22:31:55:56:77:be:99:9d:22:ec:34:13:17:c1:e4:72: 9b:55:1e:bd:68:a5:11:46:76:e6:96:ed:53:f0:6b:f6 Fingerprint (SHA-256): 31:B8:45:C4:93:FF:B1:F0:30:3D:23:6C:7B:CF:11:16:28:8D:3B:B8:7F:18:F6:40:E6:08:BA:BF:0E:1D:0A:F2 Fingerprint (SHA1): E6:91:5E:96:17:A3:9C:67:93:A3:8F:AD:79:00:E0:36:92:5E:DC:DB Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3640: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174455 (0x1ee2b6f7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:50 2015 Not After : Mon May 18 21:51:50 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:a3:74:dd:78:e1:11:1a:29:87:bb:c2:73:bb:d0:aa: 1f:ba:85:b5:d3:30:dc:f1:bc:a9:80:64:7f:69:ff:71: 67:42:ec:a0:22:02:18:33:9c:33:95:0d:57:f5:da:03: c8:71:27:33:7e:03:b0:fa:ec:47:fb:bc:12:7d:8f:8f: 2f:fd:e5:8e:8f:c2:a8:1e:6a:5c:42:ee:25:8a:a2:d1: 0e:0c:cb:31:bd:83:d2:0e:7d:ca:92:15:ca:6f:b7:84: 76:62:7a:09:0e:a7:d9:d7:38:27:a5:84:92:f2:a2:99: d9:08:a9:4b:10:dd:d0:f9:a6:b2:ad:ca:53:a7:fa:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:dc:10:06:b5:e5:18:11:57:63:4d:85:4a:3c:82:17: 42:a9:4f:3a:63:d8:a7:e9:81:65:2c:d2:72:b5:b5:70: 0e:12:6d:8c:c8:85:91:37:f1:c2:b3:e0:c6:78:52:2f: 15:f5:bd:8d:0a:f9:b1:d1:aa:53:69:46:b6:a2:92:91: 10:88:a3:48:c7:ba:8b:f4:79:1f:df:c0:1c:ff:8e:45: cd:4a:ec:fa:a1:8a:84:9c:d1:5d:98:8a:ed:fc:1b:ab: 5c:cc:69:8e:b2:f0:0d:d3:bd:1f:0e:a9:1d:b4:05:63: af:47:45:e0:9b:bb:c0:ff:9e:6b:35:9f:d5:f6:58:91 Fingerprint (SHA-256): 62:D7:C3:E7:86:B3:5F:26:BA:AD:19:FA:39:87:6D:3D:34:54:79:E4:36:93:56:CA:32:3C:EA:A9:97:D8:FD:A1 Fingerprint (SHA1): E3:21:DE:E0:03:3B:52:D0:80:3F:1E:8F:3C:5B:9C:95:BF:FC:D6:5D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3641: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174455 (0x1ee2b6f7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:51:50 2015 Not After : Mon May 18 21:51:50 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:a3:74:dd:78:e1:11:1a:29:87:bb:c2:73:bb:d0:aa: 1f:ba:85:b5:d3:30:dc:f1:bc:a9:80:64:7f:69:ff:71: 67:42:ec:a0:22:02:18:33:9c:33:95:0d:57:f5:da:03: c8:71:27:33:7e:03:b0:fa:ec:47:fb:bc:12:7d:8f:8f: 2f:fd:e5:8e:8f:c2:a8:1e:6a:5c:42:ee:25:8a:a2:d1: 0e:0c:cb:31:bd:83:d2:0e:7d:ca:92:15:ca:6f:b7:84: 76:62:7a:09:0e:a7:d9:d7:38:27:a5:84:92:f2:a2:99: d9:08:a9:4b:10:dd:d0:f9:a6:b2:ad:ca:53:a7:fa:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:dc:10:06:b5:e5:18:11:57:63:4d:85:4a:3c:82:17: 42:a9:4f:3a:63:d8:a7:e9:81:65:2c:d2:72:b5:b5:70: 0e:12:6d:8c:c8:85:91:37:f1:c2:b3:e0:c6:78:52:2f: 15:f5:bd:8d:0a:f9:b1:d1:aa:53:69:46:b6:a2:92:91: 10:88:a3:48:c7:ba:8b:f4:79:1f:df:c0:1c:ff:8e:45: cd:4a:ec:fa:a1:8a:84:9c:d1:5d:98:8a:ed:fc:1b:ab: 5c:cc:69:8e:b2:f0:0d:d3:bd:1f:0e:a9:1d:b4:05:63: af:47:45:e0:9b:bb:c0:ff:9e:6b:35:9f:d5:f6:58:91 Fingerprint (SHA-256): 62:D7:C3:E7:86:B3:5F:26:BA:AD:19:FA:39:87:6D:3D:34:54:79:E4:36:93:56:CA:32:3C:EA:A9:97:D8:FD:A1 Fingerprint (SHA1): E3:21:DE:E0:03:3B:52:D0:80:3F:1E:8F:3C:5B:9C:95:BF:FC:D6:5D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3642: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3643: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174462 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3644: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3645: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3646: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174463 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3647: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3648: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #3649: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3650: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518174464 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3651: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3652: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #3653: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3654: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518174465 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3655: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3656: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3657: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3658: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518174466 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3659: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3660: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518174467 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3661: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3662: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #3663: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3664: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3665: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174468 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3666: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3667: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3668: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3669: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518174469 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3670: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3671: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3672: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3673: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174470 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3674: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3675: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3676: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3677: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174471 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3678: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3679: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3680: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174462 (0x1ee2b6fe) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:52:16 2015 Not After : Mon May 18 21:52:16 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ef:dd:f7:2e:b7:4f:ea:f4:66:64:cd:7b:9a:6d:d2:d9: ef:0c:62:54:17:8d:bb:1b:36:5d:1a:27:c0:ca:d5:04: 2a:51:9a:1c:1f:79:e2:68:ec:99:ce:cc:21:f2:42:a9: 5d:61:3f:ce:a0:13:30:04:e6:32:19:a6:2b:dd:ad:a8: 17:48:96:a1:c8:0d:26:44:8d:11:c0:02:03:aa:78:79: 4d:ba:eb:d4:80:d3:ce:f3:a9:29:b6:21:a6:b5:aa:f8: 76:80:d6:de:9d:6d:5b:07:f1:bb:26:48:a7:7b:26:3b: 43:88:57:86:2c:bc:af:ef:83:0d:e8:4d:03:ef:f0:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:99:18:7b:29:d9:14:4b:e6:96:09:ed:8b:ca:a9:fe: c2:4e:ef:43:17:c6:45:ed:24:72:2a:34:67:5e:ed:09: 76:ed:68:87:2c:57:2e:28:49:c9:b7:0e:0d:d5:73:07: 4f:4c:07:0a:f7:09:9a:5b:24:6d:d5:27:6d:c1:40:cb: 20:70:38:58:55:65:d5:51:ee:6d:40:1e:bf:89:35:47: 7f:b5:66:59:e9:ae:7c:c0:76:3e:54:85:0b:06:8b:61: e0:e0:aa:13:d5:14:9a:d7:42:25:4d:f0:5e:5c:cf:42: 0a:02:2b:30:8c:c6:4d:74:28:64:60:97:b9:9e:90:ec Fingerprint (SHA-256): 18:5E:C3:C8:62:FD:81:18:08:0C:20:2B:36:70:C8:9A:84:92:60:E8:B3:A4:CF:F3:4D:94:00:C2:CD:80:98:27 Fingerprint (SHA1): 3F:C6:8A:A9:C5:2A:AC:A4:00:74:62:8D:AF:BC:91:C6:E0:98:9B:A7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #3681: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3682: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3683: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3684: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3685: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3686: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3687: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3688: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3689: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174463 (0x1ee2b6ff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:52:19 2015 Not After : Mon May 18 21:52:19 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:1a:2a:2e:d3:46:ed:54:a2:b8:09:34:b5:fc:6d:61: c9:db:be:13:95:57:bd:25:2c:06:93:b0:e0:a9:ca:9b: 34:be:e5:3e:9f:53:57:64:4c:07:54:a0:90:a8:25:ed: d1:51:5a:37:49:5d:8d:d2:0f:b1:a6:e7:11:b6:12:74: 45:55:e4:4b:ae:7f:d9:3f:49:50:aa:f6:bc:75:4d:7d: 15:bb:6c:40:e1:ba:ac:19:f2:d5:9c:7f:c9:4b:17:e0: b6:cf:f1:14:74:b7:3e:ae:42:31:7a:91:c8:8d:1c:46: 3c:31:91:3e:a1:13:e3:cb:f8:eb:03:74:08:ad:dc:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:96:e7:ac:28:12:74:88:ef:66:3e:b7:7d:fb:db:d3: fd:18:ec:b2:50:c6:bc:a4:fe:6c:03:00:74:3a:99:50: 3c:8f:85:45:77:3d:7d:ca:dd:9e:43:fe:93:2d:9a:53: 7d:d3:31:4f:6a:be:14:e5:bc:24:91:7a:ec:7d:29:a0: 06:23:fa:28:43:97:90:20:f7:52:96:06:6e:3a:b1:e1: e8:7a:72:eb:7a:bf:fe:6c:53:fe:62:f1:98:a8:0b:b9: f2:93:95:8f:26:97:e1:67:0a:ed:b3:79:46:8f:70:a8: 2a:13:52:db:8c:fa:1c:96:13:52:51:22:5d:f7:21:ce Fingerprint (SHA-256): E7:02:00:F5:FC:A5:E1:FD:C2:3E:FE:BF:14:3B:84:05:0D:23:80:A8:92:AA:02:D7:DB:C5:57:23:60:85:22:62 Fingerprint (SHA1): 2E:69:4B:5A:87:C1:06:AD:C3:A4:15:3D:FE:36:43:EF:A9:3B:C7:4C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #3690: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3691: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3692: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3693: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3694: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3695: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3696: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #3697: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #3698: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #3699: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #3700: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #3701: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #3702: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #3703: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3704: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3705: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3706: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3707: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3708: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174472 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3709: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3710: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3711: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3712: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174473 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3713: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3714: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3715: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3716: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174474 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3717: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3718: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3719: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3720: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518174475 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3721: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3722: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3723: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3724: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174476 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3725: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3726: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3727: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3728: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518174477 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3729: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3730: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3731: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3732: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518174478 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3733: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3734: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #3735: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3736: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518174479 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3737: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3738: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3739: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3740: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518174480 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3741: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3742: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3743: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174472 (0x1ee2b708) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:04 2015 Not After : Mon May 18 21:53:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 61:91:09:76:fd:02:d8:8d:6c:b3:83:95:50:47:41:81: 71:bb:f9:9c:e5:78:58:de:c4:90:a5:90:3d:31:fb:97: 86:47:cc:b5:a6:ba:d4:51:cd:69:1b:67:6a:71:d0:53: 0a:a6:c9:7a:ad:fb:94:6d:42:7d:ef:1a:fb:90:fc:ec: 82:5b:87:4a:ab:d5:9e:07:ed:a0:53:6a:ac:d5:c2:e0: 27:7b:00:1a:1a:5a:40:65:66:77:00:d4:1b:90:f7:3f: ea:50:2d:b4:f8:a9:d7:6c:81:59:f2:95:b8:1d:5b:d8: 39:82:6b:b3:3f:6a:45:8c:f6:b7:67:4f:50:35:56:d6 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:58:d2:e8:f4:e8:09:71:9d:de:d7:cc:d5: a6:ff:aa:44:5d:1d:31:0e:02:15:00:90:74:45:2c:be: fa:96:ff:93:d3:67:47:76:a7:e8:c7:49:98:07:40 Fingerprint (SHA-256): 0F:D3:9F:CB:3C:53:8E:A1:D7:A2:38:83:D9:D8:FF:4E:92:A4:EC:5B:62:76:C0:4A:BA:CA:64:7E:0F:4C:C1:6D Fingerprint (SHA1): 59:D3:38:5C:88:4D:24:5A:7C:1C:D7:11:70:BC:A9:45:31:D3:56:AB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3744: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174472 (0x1ee2b708) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:04 2015 Not After : Mon May 18 21:53:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 61:91:09:76:fd:02:d8:8d:6c:b3:83:95:50:47:41:81: 71:bb:f9:9c:e5:78:58:de:c4:90:a5:90:3d:31:fb:97: 86:47:cc:b5:a6:ba:d4:51:cd:69:1b:67:6a:71:d0:53: 0a:a6:c9:7a:ad:fb:94:6d:42:7d:ef:1a:fb:90:fc:ec: 82:5b:87:4a:ab:d5:9e:07:ed:a0:53:6a:ac:d5:c2:e0: 27:7b:00:1a:1a:5a:40:65:66:77:00:d4:1b:90:f7:3f: ea:50:2d:b4:f8:a9:d7:6c:81:59:f2:95:b8:1d:5b:d8: 39:82:6b:b3:3f:6a:45:8c:f6:b7:67:4f:50:35:56:d6 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:58:d2:e8:f4:e8:09:71:9d:de:d7:cc:d5: a6:ff:aa:44:5d:1d:31:0e:02:15:00:90:74:45:2c:be: fa:96:ff:93:d3:67:47:76:a7:e8:c7:49:98:07:40 Fingerprint (SHA-256): 0F:D3:9F:CB:3C:53:8E:A1:D7:A2:38:83:D9:D8:FF:4E:92:A4:EC:5B:62:76:C0:4A:BA:CA:64:7E:0F:4C:C1:6D Fingerprint (SHA1): 59:D3:38:5C:88:4D:24:5A:7C:1C:D7:11:70:BC:A9:45:31:D3:56:AB Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3745: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174472 (0x1ee2b708) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:04 2015 Not After : Mon May 18 21:53:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 61:91:09:76:fd:02:d8:8d:6c:b3:83:95:50:47:41:81: 71:bb:f9:9c:e5:78:58:de:c4:90:a5:90:3d:31:fb:97: 86:47:cc:b5:a6:ba:d4:51:cd:69:1b:67:6a:71:d0:53: 0a:a6:c9:7a:ad:fb:94:6d:42:7d:ef:1a:fb:90:fc:ec: 82:5b:87:4a:ab:d5:9e:07:ed:a0:53:6a:ac:d5:c2:e0: 27:7b:00:1a:1a:5a:40:65:66:77:00:d4:1b:90:f7:3f: ea:50:2d:b4:f8:a9:d7:6c:81:59:f2:95:b8:1d:5b:d8: 39:82:6b:b3:3f:6a:45:8c:f6:b7:67:4f:50:35:56:d6 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:58:d2:e8:f4:e8:09:71:9d:de:d7:cc:d5: a6:ff:aa:44:5d:1d:31:0e:02:15:00:90:74:45:2c:be: fa:96:ff:93:d3:67:47:76:a7:e8:c7:49:98:07:40 Fingerprint (SHA-256): 0F:D3:9F:CB:3C:53:8E:A1:D7:A2:38:83:D9:D8:FF:4E:92:A4:EC:5B:62:76:C0:4A:BA:CA:64:7E:0F:4C:C1:6D Fingerprint (SHA1): 59:D3:38:5C:88:4D:24:5A:7C:1C:D7:11:70:BC:A9:45:31:D3:56:AB Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3746: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174472 (0x1ee2b708) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:04 2015 Not After : Mon May 18 21:53:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 61:91:09:76:fd:02:d8:8d:6c:b3:83:95:50:47:41:81: 71:bb:f9:9c:e5:78:58:de:c4:90:a5:90:3d:31:fb:97: 86:47:cc:b5:a6:ba:d4:51:cd:69:1b:67:6a:71:d0:53: 0a:a6:c9:7a:ad:fb:94:6d:42:7d:ef:1a:fb:90:fc:ec: 82:5b:87:4a:ab:d5:9e:07:ed:a0:53:6a:ac:d5:c2:e0: 27:7b:00:1a:1a:5a:40:65:66:77:00:d4:1b:90:f7:3f: ea:50:2d:b4:f8:a9:d7:6c:81:59:f2:95:b8:1d:5b:d8: 39:82:6b:b3:3f:6a:45:8c:f6:b7:67:4f:50:35:56:d6 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:58:d2:e8:f4:e8:09:71:9d:de:d7:cc:d5: a6:ff:aa:44:5d:1d:31:0e:02:15:00:90:74:45:2c:be: fa:96:ff:93:d3:67:47:76:a7:e8:c7:49:98:07:40 Fingerprint (SHA-256): 0F:D3:9F:CB:3C:53:8E:A1:D7:A2:38:83:D9:D8:FF:4E:92:A4:EC:5B:62:76:C0:4A:BA:CA:64:7E:0F:4C:C1:6D Fingerprint (SHA1): 59:D3:38:5C:88:4D:24:5A:7C:1C:D7:11:70:BC:A9:45:31:D3:56:AB Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #3747: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3748: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3749: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3750: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3751: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3752: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3753: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3754: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3755: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3756: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3757: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3758: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3759: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3760: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3761: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3762: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #3763: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3764: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3765: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3766: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3767: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3768: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3769: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3770: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3771: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3772: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3773: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3774: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518215352Z nextupdate=20160518215352Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:53:52 2015 Next Update: Wed May 18 21:53:52 2016 CRL Extensions: chains.sh: #3775: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518215353Z nextupdate=20160518215353Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:53:53 2015 Next Update: Wed May 18 21:53:53 2016 CRL Extensions: chains.sh: #3776: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518215353Z nextupdate=20160518215353Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:53:53 2015 Next Update: Wed May 18 21:53:53 2016 CRL Extensions: chains.sh: #3777: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518215354Z nextupdate=20160518215354Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:53:54 2015 Next Update: Wed May 18 21:53:54 2016 CRL Extensions: chains.sh: #3778: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518215355Z addcert 14 20150518215355Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:53:55 2015 Next Update: Wed May 18 21:53:53 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 21:53:55 2015 CRL Extensions: chains.sh: #3779: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518215356Z addcert 15 20150518215356Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:53:56 2015 Next Update: Wed May 18 21:53:53 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 21:53:56 2015 CRL Extensions: chains.sh: #3780: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3781: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3782: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3783: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #3784: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #3785: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #3786: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #3787: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #3788: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #3789: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:32 2015 Not After : Mon May 18 21:53:32 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:f6:23:a0:02:e4:73:e3:8d:1a:4f:67:cb:8f:ca:7a: 29:43:d7:f1:3f:89:9e:02:25:a3:85:47:9d:69:ea:82: 70:28:da:80:07:88:f0:f0:72:2b:dc:d2:80:c5:4a:70: fa:1a:e4:23:26:34:3e:91:6c:4e:d8:59:62:5d:3d:b4: 38:f2:d0:d2:c4:58:01:cc:b5:2c:63:17:15:ab:38:74: b9:64:9e:ec:23:eb:67:71:65:10:ec:e1:35:44:0a:2f: bd:9d:85:fd:a5:d6:b4:73:a2:bd:64:7c:ad:c8:f8:4c: d0:32:27:74:d4:62:57:55:9f:8d:85:81:94:17:74:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:66:fa:a2:f9:27:3f:de:48:69:1f:d8:bc:95:2f:7f: 02:bf:e8:b4:a5:65:9b:fe:1a:06:53:08:f8:ca:4c:0f: 99:dc:97:4c:4c:1a:16:ef:b2:ce:53:50:8a:20:b9:8b: a7:01:a8:cd:ca:fa:bb:af:70:d3:90:8c:c9:bf:bf:d7: 88:3f:37:0a:44:14:a9:26:d5:e2:d8:30:a3:1a:bc:35: 3a:02:71:ab:ad:fa:91:e4:95:f9:4e:05:15:54:06:35: 0e:bd:87:5d:14:5f:bb:eb:ec:38:eb:77:90:c5:32:16: 2f:33:d7:ed:3b:a8:f8:7b:79:09:60:2d:3b:18:35:09 Fingerprint (SHA-256): E8:01:BA:C6:6C:DD:5B:42:3C:89:EF:99:50:F8:00:9F:AE:83:DD:D0:F4:C2:AF:3C:37:20:C3:A4:F4:AB:1F:FF Fingerprint (SHA1): CB:FF:9C:BB:B3:93:72:40:4B:C7:19:C8:67:8D:0D:AF:4A:EC:84:54 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3790: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3791: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:53:32 2015 Not After : Mon May 18 21:53:32 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:f6:23:a0:02:e4:73:e3:8d:1a:4f:67:cb:8f:ca:7a: 29:43:d7:f1:3f:89:9e:02:25:a3:85:47:9d:69:ea:82: 70:28:da:80:07:88:f0:f0:72:2b:dc:d2:80:c5:4a:70: fa:1a:e4:23:26:34:3e:91:6c:4e:d8:59:62:5d:3d:b4: 38:f2:d0:d2:c4:58:01:cc:b5:2c:63:17:15:ab:38:74: b9:64:9e:ec:23:eb:67:71:65:10:ec:e1:35:44:0a:2f: bd:9d:85:fd:a5:d6:b4:73:a2:bd:64:7c:ad:c8:f8:4c: d0:32:27:74:d4:62:57:55:9f:8d:85:81:94:17:74:fb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:66:fa:a2:f9:27:3f:de:48:69:1f:d8:bc:95:2f:7f: 02:bf:e8:b4:a5:65:9b:fe:1a:06:53:08:f8:ca:4c:0f: 99:dc:97:4c:4c:1a:16:ef:b2:ce:53:50:8a:20:b9:8b: a7:01:a8:cd:ca:fa:bb:af:70:d3:90:8c:c9:bf:bf:d7: 88:3f:37:0a:44:14:a9:26:d5:e2:d8:30:a3:1a:bc:35: 3a:02:71:ab:ad:fa:91:e4:95:f9:4e:05:15:54:06:35: 0e:bd:87:5d:14:5f:bb:eb:ec:38:eb:77:90:c5:32:16: 2f:33:d7:ed:3b:a8:f8:7b:79:09:60:2d:3b:18:35:09 Fingerprint (SHA-256): E8:01:BA:C6:6C:DD:5B:42:3C:89:EF:99:50:F8:00:9F:AE:83:DD:D0:F4:C2:AF:3C:37:20:C3:A4:F4:AB:1F:FF Fingerprint (SHA1): CB:FF:9C:BB:B3:93:72:40:4B:C7:19:C8:67:8D:0D:AF:4A:EC:84:54 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3792: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3793: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3794: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174481 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3795: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3796: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3797: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3798: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518174482 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3799: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3800: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3801: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174372.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3802: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174357.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3803: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3804: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3805: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174372.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3806: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518174483 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3807: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3808: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3809: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174372.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3810: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174358.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3811: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3812: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3813: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3814: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518174484 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3815: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3816: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3817: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174372.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3818: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174359.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3819: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3820: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3821: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174372.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3822: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174360.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3823: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3824: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518215431Z nextupdate=20160518215431Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 21:54:31 2015 Next Update: Wed May 18 21:54:31 2016 CRL Extensions: chains.sh: #3825: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518215432Z nextupdate=20160518215432Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:54:32 2015 Next Update: Wed May 18 21:54:32 2016 CRL Extensions: chains.sh: #3826: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518215433Z nextupdate=20160518215433Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 21:54:33 2015 Next Update: Wed May 18 21:54:33 2016 CRL Extensions: chains.sh: #3827: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518215433Z nextupdate=20160518215433Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 21:54:33 2015 Next Update: Wed May 18 21:54:33 2016 CRL Extensions: chains.sh: #3828: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518215434Z addcert 20 20150518215434Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:54:34 2015 Next Update: Wed May 18 21:54:32 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:54:34 2015 CRL Extensions: chains.sh: #3829: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518215435Z addcert 40 20150518215435Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 21:54:35 2015 Next Update: Wed May 18 21:54:32 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 21:54:34 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 21:54:35 2015 CRL Extensions: chains.sh: #3830: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3831: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3832: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3833: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174481 (0x1ee2b711) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:54:07 2015 Not After : Mon May 18 21:54:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:87:69:29:69:64:d5:24:88:91:8a:77:ea:1e:ee:fa: 67:32:c4:5b:45:fb:8e:18:90:fe:29:38:94:14:c4:5f: cc:08:98:6d:18:11:7c:46:ee:ff:dd:df:24:87:d3:1a: 4f:99:09:17:5b:3e:1f:a9:33:03:52:8f:73:d9:fe:ee: 51:10:87:f1:32:bb:e4:31:2c:9c:3d:71:53:82:97:39: 67:93:ba:97:59:0e:4c:ed:bb:e0:e3:9a:b7:9f:81:88: 2a:e6:c8:54:e4:71:e7:4b:4f:07:09:b7:43:16:42:00: 17:e4:7e:ae:ce:f3:19:ae:a0:34:0f:1c:3e:0b:49:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f7:8d:c6:5e:ab:01:d7:f4:19:a4:ba:48:d9:3b:26: ce:09:f2:49:0e:53:a8:17:05:06:4b:97:48:66:d7:ab: f1:e8:c2:99:39:d0:9d:b3:fc:62:41:8c:df:5b:96:93: 54:ae:de:ee:35:c8:8c:cc:62:44:f9:22:5f:b1:4a:a9: fa:fc:66:fe:5f:2d:ef:a6:8a:1e:4e:ed:b3:61:6c:c0: a0:e9:fa:3b:2a:f7:4d:24:70:cb:c8:ef:ed:96:5f:87: fb:4c:cc:a6:60:61:29:eb:68:c0:e6:41:4c:ff:50:77: eb:c0:ad:06:c6:dd:79:6b:63:71:f9:9a:0b:eb:d3:9a Fingerprint (SHA-256): 6F:63:77:70:2D:5E:29:0B:78:96:FA:1F:86:D0:E2:44:99:30:80:93:6C:C9:6B:43:A5:F0:7B:E8:86:92:8F:64 Fingerprint (SHA1): F3:69:DB:3B:1C:D4:3B:8B:ED:7C:84:28:05:CA:BA:48:12:7D:F0:87 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3834: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3835: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174481 (0x1ee2b711) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:54:07 2015 Not After : Mon May 18 21:54:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:87:69:29:69:64:d5:24:88:91:8a:77:ea:1e:ee:fa: 67:32:c4:5b:45:fb:8e:18:90:fe:29:38:94:14:c4:5f: cc:08:98:6d:18:11:7c:46:ee:ff:dd:df:24:87:d3:1a: 4f:99:09:17:5b:3e:1f:a9:33:03:52:8f:73:d9:fe:ee: 51:10:87:f1:32:bb:e4:31:2c:9c:3d:71:53:82:97:39: 67:93:ba:97:59:0e:4c:ed:bb:e0:e3:9a:b7:9f:81:88: 2a:e6:c8:54:e4:71:e7:4b:4f:07:09:b7:43:16:42:00: 17:e4:7e:ae:ce:f3:19:ae:a0:34:0f:1c:3e:0b:49:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0d:f7:8d:c6:5e:ab:01:d7:f4:19:a4:ba:48:d9:3b:26: ce:09:f2:49:0e:53:a8:17:05:06:4b:97:48:66:d7:ab: f1:e8:c2:99:39:d0:9d:b3:fc:62:41:8c:df:5b:96:93: 54:ae:de:ee:35:c8:8c:cc:62:44:f9:22:5f:b1:4a:a9: fa:fc:66:fe:5f:2d:ef:a6:8a:1e:4e:ed:b3:61:6c:c0: a0:e9:fa:3b:2a:f7:4d:24:70:cb:c8:ef:ed:96:5f:87: fb:4c:cc:a6:60:61:29:eb:68:c0:e6:41:4c:ff:50:77: eb:c0:ad:06:c6:dd:79:6b:63:71:f9:9a:0b:eb:d3:9a Fingerprint (SHA-256): 6F:63:77:70:2D:5E:29:0B:78:96:FA:1F:86:D0:E2:44:99:30:80:93:6C:C9:6B:43:A5:F0:7B:E8:86:92:8F:64 Fingerprint (SHA1): F3:69:DB:3B:1C:D4:3B:8B:ED:7C:84:28:05:CA:BA:48:12:7D:F0:87 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3836: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3837: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3838: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174485 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3839: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3840: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3841: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3842: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174486 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3843: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3844: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3845: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3846: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174487 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3847: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3848: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3849: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3850: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518174488 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3851: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3852: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #3853: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174489 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3854: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #3855: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #3856: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3857: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518174490 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3858: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3859: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3860: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3861: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518174491 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3862: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3863: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #3864: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #3865: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #3866: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174485 (0x1ee2b715) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:54:42 2015 Not After : Mon May 18 21:54:42 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:22:f3:2a:7d:71:0c:af:d7:cf:e6:2a:1c:e8:a6:ad: ed:e9:82:66:cc:fb:4a:69:40:f2:72:c1:2b:07:2e:68: 20:72:00:c6:cb:5d:79:e8:6a:ce:c4:2c:e3:8d:d0:cf: 9e:a9:ce:22:bc:bf:48:75:5a:9b:15:d9:d2:c6:d5:63: 00:2c:e2:d0:b1:94:e3:ab:de:c0:91:3d:60:0f:3b:89: f0:f6:e4:79:57:ad:a3:d1:4d:96:72:2b:40:86:2c:92: f9:1c:10:bf:4d:92:c1:94:9c:a9:32:b0:1a:96:97:3f: dd:b9:88:e5:57:4a:6c:52:a8:52:3b:cc:fd:7d:48:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:15:a0:b0:02:93:db:74:9d:f8:bf:be:01:b0:df:81: e4:a9:26:91:17:40:e1:cd:9b:72:1e:4c:4c:41:d8:ec: 39:51:f7:a2:68:d6:19:b2:c3:55:4b:f2:90:f2:a7:75: 5d:49:89:28:3b:42:21:ba:e6:63:5c:73:47:a0:85:80: 1f:0e:35:3c:96:7c:1b:61:92:12:e2:07:88:1b:51:5a: a5:b4:14:2e:72:04:b2:d7:12:51:6e:47:62:74:af:ff: f2:40:88:65:5a:80:6e:fe:f5:dd:2b:75:d0:a6:74:3a: 11:66:f7:89:0a:5e:61:2b:56:08:5f:ed:cb:13:bb:d6 Fingerprint (SHA-256): 9C:BF:56:7E:0A:80:8B:1A:14:F3:87:F5:E8:28:90:23:06:88:FC:EB:C9:DA:E2:C7:22:13:A6:95:27:15:19:21 Fingerprint (SHA1): 55:57:0D:CC:5D:DE:2E:ED:D3:4F:25:5E:EF:21:23:33:E2:87:2F:3B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3867: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174487 (0x1ee2b717) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:54:48 2015 Not After : Mon May 18 21:54:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:28:c6:d0:d2:e0:a4:4a:95:ec:80:91:bf:78:4d:ac: 15:f8:01:8f:09:d9:93:b5:9e:72:3b:b5:26:3f:f7:c5: 62:1d:44:4c:e9:9a:33:9a:2b:0f:67:46:b5:17:90:52: 2f:90:6f:da:2e:90:1a:34:6b:2f:86:86:40:e2:51:65: d7:05:5d:42:44:31:9f:00:23:45:3d:84:7f:93:59:bc: 73:c9:46:96:a7:92:99:24:c9:90:99:bc:e2:1c:e6:77: f7:a5:e0:45:ae:29:e9:a3:04:8c:04:f9:d9:ca:be:21: e7:7e:2e:97:dc:75:85:c7:9d:3a:7d:53:1f:32:77:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b3:74:8c:98:ab:59:9d:f2:3e:90:09:3a:25:bd:8f:e2: de:20:ba:5a:f2:04:70:d1:d8:20:ae:71:02:71:2d:ed: 07:76:48:1d:6b:82:76:6b:9f:27:8a:66:38:1b:f7:95: 91:d2:45:72:9c:34:20:23:05:b5:f5:82:98:99:27:ec: ed:0b:fb:66:2d:02:59:4d:0b:e1:ee:0c:f3:41:11:a9: b5:a7:08:0b:96:5e:16:3e:ed:aa:3d:5f:7e:8d:cf:f2: 7f:21:74:ca:96:79:cc:57:7c:9c:95:9a:77:31:59:4b: 35:df:df:e3:cc:63:c7:0d:96:be:0f:bb:bc:b3:ae:fd Fingerprint (SHA-256): 9A:03:97:80:6B:C2:9A:02:47:6D:C7:A2:9C:3F:E1:71:84:BB:B2:C6:F6:37:A5:6F:22:8E:4C:D0:FF:B7:7C:0C Fingerprint (SHA1): 4A:97:B7:6D:79:41:0F:15:CC:C0:CB:32:9E:98:03:52:F4:7F:D9:7B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3868: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174485 (0x1ee2b715) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:54:42 2015 Not After : Mon May 18 21:54:42 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:22:f3:2a:7d:71:0c:af:d7:cf:e6:2a:1c:e8:a6:ad: ed:e9:82:66:cc:fb:4a:69:40:f2:72:c1:2b:07:2e:68: 20:72:00:c6:cb:5d:79:e8:6a:ce:c4:2c:e3:8d:d0:cf: 9e:a9:ce:22:bc:bf:48:75:5a:9b:15:d9:d2:c6:d5:63: 00:2c:e2:d0:b1:94:e3:ab:de:c0:91:3d:60:0f:3b:89: f0:f6:e4:79:57:ad:a3:d1:4d:96:72:2b:40:86:2c:92: f9:1c:10:bf:4d:92:c1:94:9c:a9:32:b0:1a:96:97:3f: dd:b9:88:e5:57:4a:6c:52:a8:52:3b:cc:fd:7d:48:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:15:a0:b0:02:93:db:74:9d:f8:bf:be:01:b0:df:81: e4:a9:26:91:17:40:e1:cd:9b:72:1e:4c:4c:41:d8:ec: 39:51:f7:a2:68:d6:19:b2:c3:55:4b:f2:90:f2:a7:75: 5d:49:89:28:3b:42:21:ba:e6:63:5c:73:47:a0:85:80: 1f:0e:35:3c:96:7c:1b:61:92:12:e2:07:88:1b:51:5a: a5:b4:14:2e:72:04:b2:d7:12:51:6e:47:62:74:af:ff: f2:40:88:65:5a:80:6e:fe:f5:dd:2b:75:d0:a6:74:3a: 11:66:f7:89:0a:5e:61:2b:56:08:5f:ed:cb:13:bb:d6 Fingerprint (SHA-256): 9C:BF:56:7E:0A:80:8B:1A:14:F3:87:F5:E8:28:90:23:06:88:FC:EB:C9:DA:E2:C7:22:13:A6:95:27:15:19:21 Fingerprint (SHA1): 55:57:0D:CC:5D:DE:2E:ED:D3:4F:25:5E:EF:21:23:33:E2:87:2F:3B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3869: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #3870: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174485 (0x1ee2b715) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:54:42 2015 Not After : Mon May 18 21:54:42 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:22:f3:2a:7d:71:0c:af:d7:cf:e6:2a:1c:e8:a6:ad: ed:e9:82:66:cc:fb:4a:69:40:f2:72:c1:2b:07:2e:68: 20:72:00:c6:cb:5d:79:e8:6a:ce:c4:2c:e3:8d:d0:cf: 9e:a9:ce:22:bc:bf:48:75:5a:9b:15:d9:d2:c6:d5:63: 00:2c:e2:d0:b1:94:e3:ab:de:c0:91:3d:60:0f:3b:89: f0:f6:e4:79:57:ad:a3:d1:4d:96:72:2b:40:86:2c:92: f9:1c:10:bf:4d:92:c1:94:9c:a9:32:b0:1a:96:97:3f: dd:b9:88:e5:57:4a:6c:52:a8:52:3b:cc:fd:7d:48:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:15:a0:b0:02:93:db:74:9d:f8:bf:be:01:b0:df:81: e4:a9:26:91:17:40:e1:cd:9b:72:1e:4c:4c:41:d8:ec: 39:51:f7:a2:68:d6:19:b2:c3:55:4b:f2:90:f2:a7:75: 5d:49:89:28:3b:42:21:ba:e6:63:5c:73:47:a0:85:80: 1f:0e:35:3c:96:7c:1b:61:92:12:e2:07:88:1b:51:5a: a5:b4:14:2e:72:04:b2:d7:12:51:6e:47:62:74:af:ff: f2:40:88:65:5a:80:6e:fe:f5:dd:2b:75:d0:a6:74:3a: 11:66:f7:89:0a:5e:61:2b:56:08:5f:ed:cb:13:bb:d6 Fingerprint (SHA-256): 9C:BF:56:7E:0A:80:8B:1A:14:F3:87:F5:E8:28:90:23:06:88:FC:EB:C9:DA:E2:C7:22:13:A6:95:27:15:19:21 Fingerprint (SHA1): 55:57:0D:CC:5D:DE:2E:ED:D3:4F:25:5E:EF:21:23:33:E2:87:2F:3B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3871: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174487 (0x1ee2b717) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:54:48 2015 Not After : Mon May 18 21:54:48 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:28:c6:d0:d2:e0:a4:4a:95:ec:80:91:bf:78:4d:ac: 15:f8:01:8f:09:d9:93:b5:9e:72:3b:b5:26:3f:f7:c5: 62:1d:44:4c:e9:9a:33:9a:2b:0f:67:46:b5:17:90:52: 2f:90:6f:da:2e:90:1a:34:6b:2f:86:86:40:e2:51:65: d7:05:5d:42:44:31:9f:00:23:45:3d:84:7f:93:59:bc: 73:c9:46:96:a7:92:99:24:c9:90:99:bc:e2:1c:e6:77: f7:a5:e0:45:ae:29:e9:a3:04:8c:04:f9:d9:ca:be:21: e7:7e:2e:97:dc:75:85:c7:9d:3a:7d:53:1f:32:77:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b3:74:8c:98:ab:59:9d:f2:3e:90:09:3a:25:bd:8f:e2: de:20:ba:5a:f2:04:70:d1:d8:20:ae:71:02:71:2d:ed: 07:76:48:1d:6b:82:76:6b:9f:27:8a:66:38:1b:f7:95: 91:d2:45:72:9c:34:20:23:05:b5:f5:82:98:99:27:ec: ed:0b:fb:66:2d:02:59:4d:0b:e1:ee:0c:f3:41:11:a9: b5:a7:08:0b:96:5e:16:3e:ed:aa:3d:5f:7e:8d:cf:f2: 7f:21:74:ca:96:79:cc:57:7c:9c:95:9a:77:31:59:4b: 35:df:df:e3:cc:63:c7:0d:96:be:0f:bb:bc:b3:ae:fd Fingerprint (SHA-256): 9A:03:97:80:6B:C2:9A:02:47:6D:C7:A2:9C:3F:E1:71:84:BB:B2:C6:F6:37:A5:6F:22:8E:4C:D0:FF:B7:7C:0C Fingerprint (SHA1): 4A:97:B7:6D:79:41:0F:15:CC:C0:CB:32:9E:98:03:52:F4:7F:D9:7B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3872: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #3873: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #3874: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #3875: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174485 (0x1ee2b715) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:54:42 2015 Not After : Mon May 18 21:54:42 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:22:f3:2a:7d:71:0c:af:d7:cf:e6:2a:1c:e8:a6:ad: ed:e9:82:66:cc:fb:4a:69:40:f2:72:c1:2b:07:2e:68: 20:72:00:c6:cb:5d:79:e8:6a:ce:c4:2c:e3:8d:d0:cf: 9e:a9:ce:22:bc:bf:48:75:5a:9b:15:d9:d2:c6:d5:63: 00:2c:e2:d0:b1:94:e3:ab:de:c0:91:3d:60:0f:3b:89: f0:f6:e4:79:57:ad:a3:d1:4d:96:72:2b:40:86:2c:92: f9:1c:10:bf:4d:92:c1:94:9c:a9:32:b0:1a:96:97:3f: dd:b9:88:e5:57:4a:6c:52:a8:52:3b:cc:fd:7d:48:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:15:a0:b0:02:93:db:74:9d:f8:bf:be:01:b0:df:81: e4:a9:26:91:17:40:e1:cd:9b:72:1e:4c:4c:41:d8:ec: 39:51:f7:a2:68:d6:19:b2:c3:55:4b:f2:90:f2:a7:75: 5d:49:89:28:3b:42:21:ba:e6:63:5c:73:47:a0:85:80: 1f:0e:35:3c:96:7c:1b:61:92:12:e2:07:88:1b:51:5a: a5:b4:14:2e:72:04:b2:d7:12:51:6e:47:62:74:af:ff: f2:40:88:65:5a:80:6e:fe:f5:dd:2b:75:d0:a6:74:3a: 11:66:f7:89:0a:5e:61:2b:56:08:5f:ed:cb:13:bb:d6 Fingerprint (SHA-256): 9C:BF:56:7E:0A:80:8B:1A:14:F3:87:F5:E8:28:90:23:06:88:FC:EB:C9:DA:E2:C7:22:13:A6:95:27:15:19:21 Fingerprint (SHA1): 55:57:0D:CC:5D:DE:2E:ED:D3:4F:25:5E:EF:21:23:33:E2:87:2F:3B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3876: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174489 (0x1ee2b719) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:54:53 2015 Not After : Mon May 18 21:54:53 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:33:20:b8:d8:c9:80:ec:f3:74:de:7a:e2:ec:c3:81: aa:b8:1a:28:ef:bf:8f:b2:52:f3:b6:f6:1c:72:1d:7a: c3:ed:25:19:fa:d5:ca:ec:8e:72:51:95:bc:9d:33:cd: 28:8c:37:55:41:a5:26:79:04:94:e7:55:b0:b2:c4:f9: bb:f4:78:c4:a3:de:f0:47:59:05:4e:9a:06:46:9a:ff: e5:19:6d:bb:62:f4:6b:68:53:42:ff:b6:a2:bc:8a:ab: 19:b8:b9:3f:94:e0:b7:50:73:8c:5d:36:de:a8:2a:c6: 85:62:67:87:d2:1e:15:b2:62:8c:88:06:78:9c:d7:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:de:6e:5a:dc:f4:32:46:92:a2:70:96:d5:1b:61:37: 59:23:29:b9:cd:f7:0f:b4:91:a9:c7:99:4f:9a:9c:72: 05:f2:f9:09:25:33:7f:40:b9:d2:6e:7e:02:4c:28:8d: 7a:25:02:36:42:75:b5:2e:81:08:75:17:81:b5:79:d7: d2:3b:7b:24:25:a7:c6:de:e0:98:b3:df:72:1c:b8:3d: c3:2d:dd:d3:36:ac:8e:88:cd:21:df:53:ff:6e:21:b4: 35:db:a9:8d:46:3d:c2:dd:7a:df:9a:d7:50:b2:f8:f0: 7e:f7:94:1e:14:1a:28:af:1c:f0:29:9e:6c:25:f7:ca Fingerprint (SHA-256): 15:CF:60:32:78:93:C4:8B:BB:B3:8B:43:44:0A:67:B8:41:4A:68:FA:F6:70:75:FA:25:3D:D1:5F:B5:FA:6D:6D Fingerprint (SHA1): D0:CB:52:07:22:6B:3B:50:28:E5:90:F5:21:89:77:7B:2D:70:D9:38 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #3877: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174485 (0x1ee2b715) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:54:42 2015 Not After : Mon May 18 21:54:42 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:22:f3:2a:7d:71:0c:af:d7:cf:e6:2a:1c:e8:a6:ad: ed:e9:82:66:cc:fb:4a:69:40:f2:72:c1:2b:07:2e:68: 20:72:00:c6:cb:5d:79:e8:6a:ce:c4:2c:e3:8d:d0:cf: 9e:a9:ce:22:bc:bf:48:75:5a:9b:15:d9:d2:c6:d5:63: 00:2c:e2:d0:b1:94:e3:ab:de:c0:91:3d:60:0f:3b:89: f0:f6:e4:79:57:ad:a3:d1:4d:96:72:2b:40:86:2c:92: f9:1c:10:bf:4d:92:c1:94:9c:a9:32:b0:1a:96:97:3f: dd:b9:88:e5:57:4a:6c:52:a8:52:3b:cc:fd:7d:48:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:15:a0:b0:02:93:db:74:9d:f8:bf:be:01:b0:df:81: e4:a9:26:91:17:40:e1:cd:9b:72:1e:4c:4c:41:d8:ec: 39:51:f7:a2:68:d6:19:b2:c3:55:4b:f2:90:f2:a7:75: 5d:49:89:28:3b:42:21:ba:e6:63:5c:73:47:a0:85:80: 1f:0e:35:3c:96:7c:1b:61:92:12:e2:07:88:1b:51:5a: a5:b4:14:2e:72:04:b2:d7:12:51:6e:47:62:74:af:ff: f2:40:88:65:5a:80:6e:fe:f5:dd:2b:75:d0:a6:74:3a: 11:66:f7:89:0a:5e:61:2b:56:08:5f:ed:cb:13:bb:d6 Fingerprint (SHA-256): 9C:BF:56:7E:0A:80:8B:1A:14:F3:87:F5:E8:28:90:23:06:88:FC:EB:C9:DA:E2:C7:22:13:A6:95:27:15:19:21 Fingerprint (SHA1): 55:57:0D:CC:5D:DE:2E:ED:D3:4F:25:5E:EF:21:23:33:E2:87:2F:3B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3878: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #3879: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #3880: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #3881: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #3882: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #3883: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174490 (0x1ee2b71a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 21:54:56 2015 Not After : Mon May 18 21:54:56 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:33:3d:81:16:ec:b2:d1:62:d1:84:4e:12:83:63:80: 45:c4:40:a9:d1:f6:4a:2c:93:a1:50:92:a6:66:65:9e: c3:e8:25:70:07:61:31:4b:6e:90:da:05:35:44:2d:0e: 63:80:8b:23:d4:90:ee:f8:55:92:de:e9:dc:83:d3:92: a6:0c:04:b9:08:bf:10:f6:a7:39:08:71:12:9c:19:52: 7a:74:44:a6:72:eb:f7:93:99:1a:9d:51:4d:d7:ec:2a: 3c:6f:cd:3f:c3:af:37:90:35:ae:d2:42:20:8c:e6:e5: 09:88:cd:f9:24:fb:8c:b6:92:69:33:fc:f1:35:1e:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:10:d3:a3:11:c9:4c:62:40:29:ae:2f:28:49:c8:b0: 0e:59:43:ba:79:ad:e7:ae:ae:46:71:83:e3:a2:5e:a7: 7e:ce:73:8f:36:fc:54:fc:0a:be:74:b3:be:08:9b:9e: 7a:5f:d6:92:76:11:f4:f1:68:0f:8a:34:60:70:23:48: d2:05:b2:35:77:0d:86:ee:ca:b5:12:8f:0a:20:2e:77: c7:28:ff:c6:51:ba:77:f4:a2:df:5d:98:8b:d6:7b:9c: 7a:f1:c2:41:c0:da:1d:01:a8:07:b6:c6:70:e3:e4:f5: 20:b0:21:45:44:76:c2:e3:14:89:89:99:5f:4c:75:f7 Fingerprint (SHA-256): 0E:78:43:87:17:24:5F:2A:41:3A:B1:DC:16:E3:79:12:04:CC:66:C8:5B:D6:33:2E:40:50:6C:5C:49:97:C1:27 Fingerprint (SHA1): 47:31:0B:79:01:1B:B4:D0:95:7C:EA:A4:B3:DD:08:9C:94:E2:73:BB Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #3884: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #3885: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #3886: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #3887: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #3888: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3889: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3890: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3891: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3892: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3893: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3894: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3895: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3896: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3897: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3898: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3899: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3900: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3901: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3902: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #3903: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3904: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3905: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3906: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3907: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 10109 at Mon May 18 17:55:28 EDT 2015 kill -USR1 10109 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 10109 killed at Mon May 18 17:55:28 EDT 2015 httpserv starting at Mon May 18 17:55:28 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 17:55:28 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 17:55:34 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3908: Waiting for Server - FAILED kill -0 25742 >/dev/null 2>/dev/null httpserv with PID 25742 found at Mon May 18 17:55:34 EDT 2015 httpserv with PID 25742 started at Mon May 18 17:55:34 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3909: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174492 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3910: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3911: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3912: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174493 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3913: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3914: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3915: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3916: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174494 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3917: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3918: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174495 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3919: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3920: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3921: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3922: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3923: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518174496 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3924: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3925: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3926: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3927: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3928: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174493 (0x1ee2b71d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:55:40 2015 Not After : Mon May 18 21:55:40 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:4d:cc:48:9d:8a:a0:9b:e1:0f:18:55:ad:ad:94:40: d5:ac:f7:5e:4d:70:a3:44:4f:df:ed:85:a1:7e:f0:fb: 04:e0:68:bb:82:4e:22:2b:d3:f1:1b:32:07:ff:d4:00: b1:22:c5:c5:19:33:dd:43:2b:ab:30:1d:1a:23:8c:92: 07:64:70:5e:85:ff:ee:4e:44:d5:f6:05:6a:62:5e:23: 41:c8:b1:79:f5:55:2c:46:fe:e6:90:c1:0b:3b:de:ff: f3:74:70:a5:48:d8:25:e2:c4:59:62:3a:5e:6d:5a:4f: 17:b3:35:9e:0d:bb:a3:2b:7e:1e:da:a4:07:1a:5f:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:36:1a:17:d6:5f:af:6d:b0:d8:f6:e6:5f:7f:bd:15: 67:02:c4:f3:2d:83:b7:4c:f3:1c:1a:2f:4d:59:f1:d2: 3e:5b:92:b4:3b:51:ea:74:7b:d6:b2:41:6b:c0:52:20: 27:ef:fe:d6:32:23:e1:dd:72:b5:8c:08:d5:45:d6:99: 36:2c:2a:1c:91:30:af:6c:9a:b6:61:4f:4a:12:d0:0c: d2:de:f6:07:fb:2c:ba:01:26:14:3f:05:45:b3:79:9a: cf:a2:d1:b3:e0:b0:c2:a0:19:70:63:35:ff:32:b8:e0: 35:e2:e8:91:b7:4b:70:85:d4:4e:65:34:92:89:f9:71 Fingerprint (SHA-256): 94:BE:A4:F3:47:21:A6:97:85:86:D5:E4:6D:F1:78:0F:E1:16:4E:29:05:20:60:24:90:10:C2:87:1A:6C:6C:F4 Fingerprint (SHA1): 7B:E8:7C:D8:91:6D:9C:F9:17:F6:74:B8:E1:24:D0:BB:C2:6E:B0:A4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3929: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174492 (0x1ee2b71c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:55:37 2015 Not After : Mon May 18 21:55:37 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:28:a8:dc:e6:f3:4d:dd:ad:7a:5a:e1:93:ce:d2:6e: 9a:30:e5:fa:bb:04:19:89:51:4d:66:70:27:e2:1a:7b: 77:55:fb:f6:5e:b8:5a:14:2b:61:74:0d:4d:da:79:d9: 45:35:d3:df:58:87:31:ee:6b:0a:dc:db:30:d8:0b:b7: de:6f:48:2d:36:01:cd:e9:52:cd:4a:aa:e0:cd:26:25: e2:bb:5a:6c:7b:80:a8:05:b3:24:51:5d:1c:0c:52:35: f5:19:bb:6d:90:4b:f4:6b:15:1c:41:7a:68:9a:07:b0: 68:e7:77:5e:c7:71:d1:d0:fe:d9:54:4d:b1:27:7e:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:d1:2c:df:47:7e:a6:45:d4:ca:4c:d4:36:16:d0:69: 13:d4:7a:6e:3b:79:a5:b1:da:20:53:c2:d1:12:47:50: 1b:62:93:f3:49:a7:f0:38:0d:16:4b:d8:49:90:e6:85: ac:7f:4c:c2:8d:13:32:5f:fd:24:e1:8f:9d:e0:54:25: c6:a5:9e:8c:9a:9d:bc:d0:65:51:7f:ce:53:5f:a2:46: 8b:1d:b1:ce:2f:f4:ac:69:18:25:cd:5f:02:b8:ab:75: 4c:6d:18:71:a1:db:53:61:70:19:52:fc:fd:2e:1f:ef: 74:be:19:ec:5b:9f:eb:31:ca:51:89:bc:d6:da:7c:9a Fingerprint (SHA-256): 97:97:A1:14:B7:FB:27:06:EC:20:9A:C6:08:59:D4:8C:E4:B0:3E:E4:02:3E:AF:D0:C2:6D:BA:8F:94:EE:B5:D0 Fingerprint (SHA1): 75:E1:73:6A:F0:F9:77:9C:11:EA:52:5D:62:CC:D4:A8:A9:FB:09:EC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3930: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3931: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3932: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3933: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174492 (0x1ee2b71c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:55:37 2015 Not After : Mon May 18 21:55:37 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:28:a8:dc:e6:f3:4d:dd:ad:7a:5a:e1:93:ce:d2:6e: 9a:30:e5:fa:bb:04:19:89:51:4d:66:70:27:e2:1a:7b: 77:55:fb:f6:5e:b8:5a:14:2b:61:74:0d:4d:da:79:d9: 45:35:d3:df:58:87:31:ee:6b:0a:dc:db:30:d8:0b:b7: de:6f:48:2d:36:01:cd:e9:52:cd:4a:aa:e0:cd:26:25: e2:bb:5a:6c:7b:80:a8:05:b3:24:51:5d:1c:0c:52:35: f5:19:bb:6d:90:4b:f4:6b:15:1c:41:7a:68:9a:07:b0: 68:e7:77:5e:c7:71:d1:d0:fe:d9:54:4d:b1:27:7e:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:d1:2c:df:47:7e:a6:45:d4:ca:4c:d4:36:16:d0:69: 13:d4:7a:6e:3b:79:a5:b1:da:20:53:c2:d1:12:47:50: 1b:62:93:f3:49:a7:f0:38:0d:16:4b:d8:49:90:e6:85: ac:7f:4c:c2:8d:13:32:5f:fd:24:e1:8f:9d:e0:54:25: c6:a5:9e:8c:9a:9d:bc:d0:65:51:7f:ce:53:5f:a2:46: 8b:1d:b1:ce:2f:f4:ac:69:18:25:cd:5f:02:b8:ab:75: 4c:6d:18:71:a1:db:53:61:70:19:52:fc:fd:2e:1f:ef: 74:be:19:ec:5b:9f:eb:31:ca:51:89:bc:d6:da:7c:9a Fingerprint (SHA-256): 97:97:A1:14:B7:FB:27:06:EC:20:9A:C6:08:59:D4:8C:E4:B0:3E:E4:02:3E:AF:D0:C2:6D:BA:8F:94:EE:B5:D0 Fingerprint (SHA1): 75:E1:73:6A:F0:F9:77:9C:11:EA:52:5D:62:CC:D4:A8:A9:FB:09:EC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3934: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174493 (0x1ee2b71d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:55:40 2015 Not After : Mon May 18 21:55:40 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:4d:cc:48:9d:8a:a0:9b:e1:0f:18:55:ad:ad:94:40: d5:ac:f7:5e:4d:70:a3:44:4f:df:ed:85:a1:7e:f0:fb: 04:e0:68:bb:82:4e:22:2b:d3:f1:1b:32:07:ff:d4:00: b1:22:c5:c5:19:33:dd:43:2b:ab:30:1d:1a:23:8c:92: 07:64:70:5e:85:ff:ee:4e:44:d5:f6:05:6a:62:5e:23: 41:c8:b1:79:f5:55:2c:46:fe:e6:90:c1:0b:3b:de:ff: f3:74:70:a5:48:d8:25:e2:c4:59:62:3a:5e:6d:5a:4f: 17:b3:35:9e:0d:bb:a3:2b:7e:1e:da:a4:07:1a:5f:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:36:1a:17:d6:5f:af:6d:b0:d8:f6:e6:5f:7f:bd:15: 67:02:c4:f3:2d:83:b7:4c:f3:1c:1a:2f:4d:59:f1:d2: 3e:5b:92:b4:3b:51:ea:74:7b:d6:b2:41:6b:c0:52:20: 27:ef:fe:d6:32:23:e1:dd:72:b5:8c:08:d5:45:d6:99: 36:2c:2a:1c:91:30:af:6c:9a:b6:61:4f:4a:12:d0:0c: d2:de:f6:07:fb:2c:ba:01:26:14:3f:05:45:b3:79:9a: cf:a2:d1:b3:e0:b0:c2:a0:19:70:63:35:ff:32:b8:e0: 35:e2:e8:91:b7:4b:70:85:d4:4e:65:34:92:89:f9:71 Fingerprint (SHA-256): 94:BE:A4:F3:47:21:A6:97:85:86:D5:E4:6D:F1:78:0F:E1:16:4E:29:05:20:60:24:90:10:C2:87:1A:6C:6C:F4 Fingerprint (SHA1): 7B:E8:7C:D8:91:6D:9C:F9:17:F6:74:B8:E1:24:D0:BB:C2:6E:B0:A4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3935: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3936: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3937: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3938: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3939: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3940: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174493 (0x1ee2b71d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:55:40 2015 Not After : Mon May 18 21:55:40 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:4d:cc:48:9d:8a:a0:9b:e1:0f:18:55:ad:ad:94:40: d5:ac:f7:5e:4d:70:a3:44:4f:df:ed:85:a1:7e:f0:fb: 04:e0:68:bb:82:4e:22:2b:d3:f1:1b:32:07:ff:d4:00: b1:22:c5:c5:19:33:dd:43:2b:ab:30:1d:1a:23:8c:92: 07:64:70:5e:85:ff:ee:4e:44:d5:f6:05:6a:62:5e:23: 41:c8:b1:79:f5:55:2c:46:fe:e6:90:c1:0b:3b:de:ff: f3:74:70:a5:48:d8:25:e2:c4:59:62:3a:5e:6d:5a:4f: 17:b3:35:9e:0d:bb:a3:2b:7e:1e:da:a4:07:1a:5f:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:36:1a:17:d6:5f:af:6d:b0:d8:f6:e6:5f:7f:bd:15: 67:02:c4:f3:2d:83:b7:4c:f3:1c:1a:2f:4d:59:f1:d2: 3e:5b:92:b4:3b:51:ea:74:7b:d6:b2:41:6b:c0:52:20: 27:ef:fe:d6:32:23:e1:dd:72:b5:8c:08:d5:45:d6:99: 36:2c:2a:1c:91:30:af:6c:9a:b6:61:4f:4a:12:d0:0c: d2:de:f6:07:fb:2c:ba:01:26:14:3f:05:45:b3:79:9a: cf:a2:d1:b3:e0:b0:c2:a0:19:70:63:35:ff:32:b8:e0: 35:e2:e8:91:b7:4b:70:85:d4:4e:65:34:92:89:f9:71 Fingerprint (SHA-256): 94:BE:A4:F3:47:21:A6:97:85:86:D5:E4:6D:F1:78:0F:E1:16:4E:29:05:20:60:24:90:10:C2:87:1A:6C:6C:F4 Fingerprint (SHA1): 7B:E8:7C:D8:91:6D:9C:F9:17:F6:74:B8:E1:24:D0:BB:C2:6E:B0:A4 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3941: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174493 (0x1ee2b71d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 21:55:40 2015 Not After : Mon May 18 21:55:40 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:4d:cc:48:9d:8a:a0:9b:e1:0f:18:55:ad:ad:94:40: d5:ac:f7:5e:4d:70:a3:44:4f:df:ed:85:a1:7e:f0:fb: 04:e0:68:bb:82:4e:22:2b:d3:f1:1b:32:07:ff:d4:00: b1:22:c5:c5:19:33:dd:43:2b:ab:30:1d:1a:23:8c:92: 07:64:70:5e:85:ff:ee:4e:44:d5:f6:05:6a:62:5e:23: 41:c8:b1:79:f5:55:2c:46:fe:e6:90:c1:0b:3b:de:ff: f3:74:70:a5:48:d8:25:e2:c4:59:62:3a:5e:6d:5a:4f: 17:b3:35:9e:0d:bb:a3:2b:7e:1e:da:a4:07:1a:5f:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:36:1a:17:d6:5f:af:6d:b0:d8:f6:e6:5f:7f:bd:15: 67:02:c4:f3:2d:83:b7:4c:f3:1c:1a:2f:4d:59:f1:d2: 3e:5b:92:b4:3b:51:ea:74:7b:d6:b2:41:6b:c0:52:20: 27:ef:fe:d6:32:23:e1:dd:72:b5:8c:08:d5:45:d6:99: 36:2c:2a:1c:91:30:af:6c:9a:b6:61:4f:4a:12:d0:0c: d2:de:f6:07:fb:2c:ba:01:26:14:3f:05:45:b3:79:9a: cf:a2:d1:b3:e0:b0:c2:a0:19:70:63:35:ff:32:b8:e0: 35:e2:e8:91:b7:4b:70:85:d4:4e:65:34:92:89:f9:71 Fingerprint (SHA-256): 94:BE:A4:F3:47:21:A6:97:85:86:D5:E4:6D:F1:78:0F:E1:16:4E:29:05:20:60:24:90:10:C2:87:1A:6C:6C:F4 Fingerprint (SHA1): 7B:E8:7C:D8:91:6D:9C:F9:17:F6:74:B8:E1:24:D0:BB:C2:6E:B0:A4 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3942: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3943: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3944: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3945: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3946: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3947: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174492 (0x1ee2b71c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:55:37 2015 Not After : Mon May 18 21:55:37 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:28:a8:dc:e6:f3:4d:dd:ad:7a:5a:e1:93:ce:d2:6e: 9a:30:e5:fa:bb:04:19:89:51:4d:66:70:27:e2:1a:7b: 77:55:fb:f6:5e:b8:5a:14:2b:61:74:0d:4d:da:79:d9: 45:35:d3:df:58:87:31:ee:6b:0a:dc:db:30:d8:0b:b7: de:6f:48:2d:36:01:cd:e9:52:cd:4a:aa:e0:cd:26:25: e2:bb:5a:6c:7b:80:a8:05:b3:24:51:5d:1c:0c:52:35: f5:19:bb:6d:90:4b:f4:6b:15:1c:41:7a:68:9a:07:b0: 68:e7:77:5e:c7:71:d1:d0:fe:d9:54:4d:b1:27:7e:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:d1:2c:df:47:7e:a6:45:d4:ca:4c:d4:36:16:d0:69: 13:d4:7a:6e:3b:79:a5:b1:da:20:53:c2:d1:12:47:50: 1b:62:93:f3:49:a7:f0:38:0d:16:4b:d8:49:90:e6:85: ac:7f:4c:c2:8d:13:32:5f:fd:24:e1:8f:9d:e0:54:25: c6:a5:9e:8c:9a:9d:bc:d0:65:51:7f:ce:53:5f:a2:46: 8b:1d:b1:ce:2f:f4:ac:69:18:25:cd:5f:02:b8:ab:75: 4c:6d:18:71:a1:db:53:61:70:19:52:fc:fd:2e:1f:ef: 74:be:19:ec:5b:9f:eb:31:ca:51:89:bc:d6:da:7c:9a Fingerprint (SHA-256): 97:97:A1:14:B7:FB:27:06:EC:20:9A:C6:08:59:D4:8C:E4:B0:3E:E4:02:3E:AF:D0:C2:6D:BA:8F:94:EE:B5:D0 Fingerprint (SHA1): 75:E1:73:6A:F0:F9:77:9C:11:EA:52:5D:62:CC:D4:A8:A9:FB:09:EC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3948: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174492 (0x1ee2b71c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 21:55:37 2015 Not After : Mon May 18 21:55:37 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:28:a8:dc:e6:f3:4d:dd:ad:7a:5a:e1:93:ce:d2:6e: 9a:30:e5:fa:bb:04:19:89:51:4d:66:70:27:e2:1a:7b: 77:55:fb:f6:5e:b8:5a:14:2b:61:74:0d:4d:da:79:d9: 45:35:d3:df:58:87:31:ee:6b:0a:dc:db:30:d8:0b:b7: de:6f:48:2d:36:01:cd:e9:52:cd:4a:aa:e0:cd:26:25: e2:bb:5a:6c:7b:80:a8:05:b3:24:51:5d:1c:0c:52:35: f5:19:bb:6d:90:4b:f4:6b:15:1c:41:7a:68:9a:07:b0: 68:e7:77:5e:c7:71:d1:d0:fe:d9:54:4d:b1:27:7e:9f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:d1:2c:df:47:7e:a6:45:d4:ca:4c:d4:36:16:d0:69: 13:d4:7a:6e:3b:79:a5:b1:da:20:53:c2:d1:12:47:50: 1b:62:93:f3:49:a7:f0:38:0d:16:4b:d8:49:90:e6:85: ac:7f:4c:c2:8d:13:32:5f:fd:24:e1:8f:9d:e0:54:25: c6:a5:9e:8c:9a:9d:bc:d0:65:51:7f:ce:53:5f:a2:46: 8b:1d:b1:ce:2f:f4:ac:69:18:25:cd:5f:02:b8:ab:75: 4c:6d:18:71:a1:db:53:61:70:19:52:fc:fd:2e:1f:ef: 74:be:19:ec:5b:9f:eb:31:ca:51:89:bc:d6:da:7c:9a Fingerprint (SHA-256): 97:97:A1:14:B7:FB:27:06:EC:20:9A:C6:08:59:D4:8C:E4:B0:3E:E4:02:3E:AF:D0:C2:6D:BA:8F:94:EE:B5:D0 Fingerprint (SHA1): 75:E1:73:6A:F0:F9:77:9C:11:EA:52:5D:62:CC:D4:A8:A9:FB:09:EC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3949: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3950: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174497 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3951: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3952: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3953: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174498 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3954: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3955: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3956: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174499 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3957: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3958: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3959: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174500 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3960: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3961: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3962: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174501 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3963: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3964: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3965: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174502 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3966: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3967: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3968: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174503 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3969: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3970: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3971: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174504 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3972: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3973: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3974: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174505 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3975: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3976: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3977: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3978: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518174506 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3979: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3980: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518174507 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3981: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3982: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518174508 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3983: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3984: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3985: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3986: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3987: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518174509 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3988: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3989: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518174510 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3990: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3991: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518174511 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3992: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3993: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3994: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3995: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3996: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518174512 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3997: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3998: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518174513 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3999: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4000: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518174514 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4001: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4002: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #4003: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #4004: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4005: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518174515 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4006: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4007: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518174516 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4008: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4009: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518174517 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4010: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4011: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #4012: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4013: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4014: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518174518 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4015: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4016: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4017: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4018: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174519 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4019: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4020: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174497 (0x1ee2b721) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 21:56:06 2015 Not After : Mon May 18 21:56:06 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:7e:35:e4:fb:38:0e:f9:07:73:ae:69:43:35:00:75: e7:cf:53:5e:25:22:0a:2f:bb:02:4b:dd:5d:be:c6:3e: ab:5e:42:8e:00:fb:98:7a:9a:b7:f0:dd:f7:29:c9:57: 90:02:f2:e4:68:7e:54:dc:0a:2a:93:23:b0:da:7e:91: 44:ea:c2:2c:bd:b2:46:8c:22:11:ee:6f:3f:13:b9:61: d5:db:26:03:43:6f:2e:99:38:5d:2f:71:26:4c:01:41: ae:98:b3:60:6c:04:0e:57:fc:57:79:99:d3:ae:7d:80: db:dd:5a:58:6f:2a:96:53:cc:97:5e:70:47:ca:e3:35 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 77:3a:7d:e4:40:63:fa:ec:33:7c:ce:e2:6c:25:b7:e9: 72:41:b9:fa:92:2b:d3:5d:da:86:03:db:21:23:2c:cc: 57:22:be:b1:0c:81:b8:62:fc:7f:ec:fc:eb:f1:5a:63: e4:c5:1d:f0:fb:b1:9e:a9:12:36:66:b3:ee:65:71:0f: ea:df:58:91:4f:52:5e:ba:51:27:93:83:68:3f:dc:36: 44:02:24:33:b3:03:92:4d:1f:dd:32:48:9a:b2:50:25: 04:45:13:a4:d5:6a:f8:53:4d:9f:28:0f:1a:62:de:8a: a4:b3:f5:1e:f6:8c:d1:e7:42:67:83:cf:1e:7e:15:d8 Fingerprint (SHA-256): 97:4B:78:62:E7:1F:20:CD:7D:A8:9D:6E:81:F8:8A:C6:75:46:29:73:D0:5B:6B:9D:98:20:42:EA:87:F5:0A:D0 Fingerprint (SHA1): D0:FD:DF:45:B7:BF:0D:E3:28:E5:54:E5:BF:2C:98:36:ED:C4:3B:42 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4021: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174498 (0x1ee2b722) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 21:56:09 2015 Not After : Mon May 18 21:56:09 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:33:9d:e8:e6:1b:1c:88:9b:05:f3:d8:fd:cd:0a:04: c0:7c:40:3b:97:e0:75:b7:9f:f9:08:46:b1:b6:ab:80: f6:8e:f8:c2:af:98:78:a0:11:e0:39:99:74:0c:0e:8e: 12:a4:1d:c9:75:e1:6b:2f:95:85:4e:22:12:bd:af:c7: 42:d5:9a:67:90:bd:fc:f2:e9:01:2d:79:71:e3:e3:81: 77:5a:0a:21:93:23:cc:29:50:8a:a8:06:4e:8b:e3:c4: 31:81:81:1c:23:75:87:eb:f2:d3:42:5f:da:ef:09:96: 72:55:dd:23:2f:80:11:03:ae:0f:3c:b0:05:e5:44:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c9:5e:52:20:bc:85:2a:86:f9:74:d5:89:0e:52:60:36: 33:f6:01:c0:5e:ac:be:09:e4:11:a7:44:62:0c:cc:59: 04:e3:78:c9:3d:2c:62:6c:7d:2c:af:eb:34:15:46:2c: 36:51:d8:15:87:9a:e4:b0:38:ed:e2:d4:bb:16:7b:ae: d7:79:a6:e8:85:7e:30:4b:a1:45:9a:32:24:f1:55:dc: 05:2e:52:5f:07:0b:dd:ec:78:3d:ce:50:69:49:d4:5f: 3d:e3:8b:74:12:28:c4:77:53:4d:cc:22:f4:0c:14:33: 67:8c:8c:ac:cc:d4:2e:35:33:31:93:51:dc:d5:02:01 Fingerprint (SHA-256): 7B:25:A9:0A:57:4D:CA:D6:4F:AD:D3:B4:19:29:B4:BF:B3:BE:7D:D1:0A:2B:B1:1D:88:DA:5E:0C:72:5F:5F:5C Fingerprint (SHA1): ED:77:46:15:0A:AD:0C:01:A8:9C:E8:E2:CD:56:8B:C5:BF:23:5E:7D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4022: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174499 (0x1ee2b723) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 21:56:12 2015 Not After : Mon May 18 21:56:12 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ad:93:a0:79:7b:d0:f6:bf:7b:79:37:c7:af:a7:2c: 20:02:cb:74:76:69:30:2e:81:ae:97:d2:2a:f9:53:0c: b0:16:69:89:13:13:c8:bd:5e:ec:36:31:68:11:de:ff: f8:8e:a4:40:8a:8f:d2:1f:ae:9e:1c:19:6f:b4:42:84: af:6f:0c:b4:72:73:87:75:71:f6:2f:fc:46:9e:e8:55: f3:c9:43:e7:34:69:6a:fc:44:17:6e:de:7a:c3:02:3f: 2f:89:95:50:aa:04:2e:62:9d:a7:b4:77:f4:47:39:44: 1f:ca:56:73:6d:b9:4b:c6:0c:a8:9e:78:e4:5a:fb:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 48:f2:97:58:ed:df:58:5b:c2:cc:4a:73:fa:b4:47:e7: 43:b4:de:8a:ea:91:73:f7:81:21:9a:36:60:de:cc:85: 9a:4b:2e:7a:82:b9:67:6c:ee:6e:a1:5f:0a:c4:3b:8d: 01:3d:d6:f3:5b:1a:d9:e2:32:88:5d:c4:e7:16:ff:54: af:65:41:13:26:a4:98:6a:e4:3e:b0:b1:54:ad:9b:ef: 10:6a:fa:38:61:da:34:20:ec:eb:36:8d:a1:19:08:5b: 34:1d:c8:28:da:0f:61:a5:77:98:3f:e5:7e:16:e1:fa: 29:97:24:2e:37:f7:2e:3e:13:23:ea:81:dd:db:a9:f1 Fingerprint (SHA-256): D2:A3:A0:04:EF:D7:90:E3:37:5B:62:93:AC:41:D1:4E:6A:8B:E6:AC:0E:E9:2E:74:EA:DC:32:F9:72:DE:CD:55 Fingerprint (SHA1): A5:6D:2B:1F:EB:3A:6D:DE:57:B5:4D:ED:28:06:6D:66:61:C1:9E:80 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4023: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174500 (0x1ee2b724) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 21:56:14 2015 Not After : Mon May 18 21:56:14 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:fd:5c:5e:79:44:84:bb:79:95:83:53:c3:31:e7:5f: ad:28:9f:e3:f2:c2:c2:08:a0:c8:ad:de:c4:c9:e1:84: ac:43:f2:e1:88:53:62:3e:47:67:f7:1d:cf:b4:1b:b9: ce:b8:b7:d5:aa:a7:1a:55:ee:99:25:ff:61:c2:f3:a1: ab:e5:03:67:82:63:55:6e:e5:71:6e:10:a7:fc:5f:d2: ad:4e:7c:67:64:d4:7b:09:8f:20:88:f2:41:24:3f:5a: 43:ae:8e:b5:80:31:0c:b6:d9:ab:70:0e:de:d6:d6:4b: 2b:14:71:9e:16:94:7e:75:f5:0a:29:ca:a7:38:85:2f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ca:2d:f2:ac:02:83:79:81:42:6d:a1:2f:a2:49:2f:58: 04:62:3f:c7:3b:ed:6b:73:29:49:78:da:91:ea:0a:37: 5b:5f:53:a0:e4:26:33:3a:37:05:7f:05:b9:38:4e:ed: 6c:df:fd:9c:8b:ec:0d:82:ff:35:fd:c2:f6:76:ab:35: 44:68:c1:75:55:85:6b:9a:86:b4:fb:02:00:52:f1:7a: 83:90:20:c2:d0:1f:1d:5e:67:f0:ea:89:bc:20:f8:7c: 14:46:72:40:5f:df:80:9a:8f:e4:6a:15:82:93:bd:63: 56:22:01:c7:3a:d8:63:58:26:9e:f9:87:fb:a4:85:99 Fingerprint (SHA-256): 95:BD:67:E9:77:B6:C8:EC:C5:7F:78:3A:8E:0C:DC:C6:5F:2E:0D:79:BC:8A:FF:E3:B4:7D:29:AF:ED:FD:7C:48 Fingerprint (SHA1): 58:BF:2E:F6:E6:DA:95:A9:11:12:38:E5:85:38:EF:9F:23:FD:C1:00 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4024: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174501 (0x1ee2b725) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 21:56:18 2015 Not After : Mon May 18 21:56:18 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:a3:f1:40:e5:de:97:8c:b6:97:08:8d:7a:2c:f1:7c: 3b:fc:85:b2:ce:50:f4:94:71:9e:a0:cf:57:f8:e1:24: 99:89:5c:f7:d5:c8:7d:b3:da:a1:6a:d0:dc:c2:f1:31: 20:1c:9f:67:5b:09:54:51:75:4f:2b:5f:0b:02:f8:a6: 1c:7b:37:9e:ec:83:6e:9e:cf:9a:1e:a1:29:4d:1e:b9: ea:7a:6d:00:21:45:97:a4:d8:7a:a5:ec:6a:49:11:a9: dc:30:87:07:62:ba:20:48:b8:7b:66:da:10:25:a2:d1: 41:55:41:a2:53:31:0a:ac:d0:72:af:fe:2a:e1:1b:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d0:5b:08:a6:e9:4c:54:02:3b:9e:33:6d:8f:c9:0f:40: 09:75:2d:34:da:66:4a:f1:92:cb:7a:93:63:16:3b:50: 58:f0:de:39:e7:2e:27:d4:31:1e:b7:bf:30:74:bb:6d: 57:55:8b:f1:4f:80:f6:c4:7b:fa:14:30:8e:56:55:04: 53:10:a5:8b:a6:43:35:cb:85:ce:ae:fd:24:39:37:87: b1:da:d1:ee:bb:78:13:26:65:d3:2e:8d:71:fc:27:3f: 3c:7a:c6:e7:85:84:62:1a:a2:45:ec:fd:89:4c:e7:12: db:a5:00:55:2f:47:3d:2f:2a:3a:34:be:96:94:42:21 Fingerprint (SHA-256): D2:BA:31:CE:E2:FA:8B:19:D0:36:A5:99:7C:6A:8B:C4:1F:65:FB:99:42:DB:40:84:51:D6:28:A0:79:E0:B3:52 Fingerprint (SHA1): C5:F6:AD:A8:33:ED:26:BD:E6:28:CE:1A:B7:36:B9:62:16:AC:3B:4F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4025: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174502 (0x1ee2b726) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 21:56:20 2015 Not After : Mon May 18 21:56:20 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:07:a4:55:14:65:b2:40:af:e6:2a:0d:0f:c4:82:9d: c2:91:43:d8:19:72:7a:a5:81:e2:dd:b5:06:84:38:28: f7:d7:de:23:60:2a:d7:0e:b7:7d:af:76:f7:12:ee:95: a4:17:92:53:bc:1c:3f:c0:68:35:22:b5:65:c8:0c:87: 20:08:78:28:9d:b4:a2:25:df:10:1f:ab:be:90:ae:3f: 0c:1b:92:90:97:f6:92:46:f0:43:63:49:91:1c:2c:73: f2:de:f4:85:39:24:57:c3:ce:e1:bf:57:2c:d0:36:82: f1:b5:10:93:3d:48:d1:e2:bd:be:0e:19:c2:de:8a:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:e4:db:73:9e:c8:c7:41:c4:88:c0:59:7d:6a:d5:51: ca:e8:d7:3a:e7:d9:59:a5:97:a5:6b:2d:de:aa:56:e3: 6d:c5:29:c7:37:5a:8e:ba:2d:89:e3:64:bb:ac:09:4b: 8d:ca:1d:2e:d9:8a:cb:c4:48:02:de:3e:c6:68:a0:c2: 28:bf:7e:94:e1:ce:55:91:99:39:cc:4e:8e:44:d8:15: f2:75:c0:ee:11:56:38:8b:e6:87:90:79:b6:40:70:d6: 8e:f2:fb:d6:19:cd:cf:45:39:21:6c:24:f7:c0:c6:05: d6:fb:0f:44:62:4a:87:5f:93:7d:7b:51:18:e3:ac:49 Fingerprint (SHA-256): 3A:01:7A:A3:B0:1E:55:57:AD:BC:9C:E4:A9:38:B3:85:8C:0A:AA:78:E6:2E:26:C3:8D:A7:E6:2A:8C:F3:D6:96 Fingerprint (SHA1): A0:60:DD:F3:5B:06:CF:B1:A9:51:56:E7:E8:22:3F:D7:F9:55:64:4E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4026: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174503 (0x1ee2b727) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 21:56:22 2015 Not After : Mon May 18 21:56:22 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:b4:2a:7c:80:7f:bc:9d:1b:e9:7c:7f:f4:0a:8e:81: 2c:99:93:44:d5:9c:ba:76:51:69:d4:c3:eb:e6:e1:ae: df:80:5e:81:96:16:0f:07:72:f7:61:88:2b:3e:eb:22: 4b:d6:f2:df:14:ba:f8:1d:12:6c:a1:dd:b3:92:32:8c: 6d:aa:d0:90:f9:0b:9d:c6:c1:60:95:35:1f:7d:e0:19: f5:25:ec:6a:0a:c3:69:66:1b:eb:1c:a7:7b:d2:f4:fc: b2:cd:23:a4:6a:85:96:70:40:b2:65:bd:89:8b:7c:0e: 73:d6:3a:fb:4a:6b:00:96:c7:26:95:af:23:2e:ae:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6e:01:49:4f:3d:7c:83:7f:8c:27:d0:6b:d2:b2:2c:fe: 49:40:04:d1:82:a2:12:43:fc:31:02:86:b0:53:d2:0a: 5d:6d:1e:29:05:09:5f:37:5c:65:ba:c5:b5:8d:8b:d4: 99:59:93:3e:9e:cf:f2:30:e9:e6:80:43:c3:25:d1:38: b9:73:e1:15:ec:c9:3d:64:f1:d4:2a:33:29:49:df:39: 16:7d:81:95:3a:50:c3:1b:95:30:c6:27:e9:c5:1f:25: 7b:7e:88:80:9b:1e:84:c3:af:35:fa:a8:12:55:62:f4: db:44:a4:ac:f9:c8:1b:cf:ee:ee:b1:0c:e8:49:a9:11 Fingerprint (SHA-256): E7:A4:16:CF:98:64:A6:23:97:78:25:21:00:4A:84:EA:7D:4F:77:A3:6C:CC:48:0E:40:6D:34:D3:21:E8:7F:6E Fingerprint (SHA1): 92:FB:53:F5:1D:A2:28:05:F6:56:51:BD:FB:61:15:1C:70:29:82:83 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4027: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174504 (0x1ee2b728) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 21:56:25 2015 Not After : Mon May 18 21:56:25 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:b8:72:f2:c3:19:22:51:03:08:a3:96:17:b6:57:42: 60:e5:cb:94:4a:1b:f2:2f:0f:d2:b1:16:75:95:77:e5: e1:78:23:54:b3:58:48:0d:e5:0d:0f:5a:18:c5:15:be: 09:4f:8c:1a:5a:1e:a2:5e:60:e4:60:cc:17:64:1f:2f: a5:2d:7b:9a:32:75:fe:d0:37:92:69:09:0d:6f:52:1d: f5:60:57:18:bf:15:73:9a:15:ad:30:17:ce:2a:e5:80: 10:d1:a1:ce:13:5a:e6:59:f0:2d:4d:24:36:52:b0:be: 53:3e:02:35:21:85:f9:aa:9e:9e:ba:12:ed:be:4a:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:71:1e:29:33:cb:ae:33:47:83:cb:c3:f3:3e:9b:4e: 4b:8f:85:f1:fc:d1:d1:6a:6e:4b:5c:ae:22:e9:1f:5f: 53:bb:57:06:ba:9c:7e:d7:2d:36:2a:c1:b1:88:cd:1b: fa:d5:9b:fa:fd:b9:c7:88:b1:00:3d:54:1d:d0:f1:e3: 13:93:bb:df:44:a4:cf:c9:8e:0b:0e:36:60:b3:05:db: 57:25:86:92:6d:9f:36:3d:52:bf:d1:ef:b5:de:25:27: ee:23:bf:06:bf:46:bd:f6:f8:7e:6b:1f:28:39:b9:16: 18:37:cb:f6:65:79:3e:40:0b:76:60:24:4e:67:3f:95 Fingerprint (SHA-256): 4E:F0:39:7E:EF:F7:8D:2A:F4:6E:6F:EA:49:0F:40:CB:FB:9A:0E:A8:D9:94:0D:43:19:66:92:F5:8D:98:45:1A Fingerprint (SHA1): F1:8D:D5:F1:02:52:91:0B:A3:07:F0:7F:5E:8E:FE:08:A4:9B:0E:C5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4028: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174505 (0x1ee2b729) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 21:56:28 2015 Not After : Mon May 18 21:56:28 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: fa:da:b3:c9:cc:e4:bd:92:8a:10:ee:60:cf:04:b4:4b: bf:f2:b3:1a:22:f9:90:63:02:28:f7:06:5e:60:48:39: c2:c0:6f:09:cf:ef:06:68:c0:bb:b9:d4:55:4a:71:68: 92:15:46:1b:21:74:7f:d8:75:26:0f:e2:0e:cb:fe:9e: 5a:4c:97:bc:5d:de:14:ac:f7:0a:9e:73:58:31:10:50: 8d:cb:c1:6e:0b:5f:87:3a:78:09:0d:76:c6:18:ea:0d: 93:ba:f3:60:ae:a2:02:fb:c3:e5:fb:ad:30:5c:48:14: 00:7a:0f:26:db:22:62:f1:3c:6b:77:81:6c:f9:76:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1f:fc:6c:be:f9:73:98:1e:40:3a:e0:5f:f4:92:eb:f4: f1:29:96:0c:78:81:6b:5c:de:f5:be:46:f4:e0:39:cf: 59:72:e0:ff:f0:87:bd:4f:19:a1:98:b1:05:c2:c2:27: 31:84:67:d0:0b:2f:42:67:e6:79:f4:3d:c2:7a:0a:aa: 8b:34:f2:03:2c:0d:ab:0f:be:e0:08:e4:82:7b:e1:b3: 56:85:1d:a3:fd:01:1b:da:dc:d4:13:de:20:1b:cf:2a: aa:5b:fb:e9:af:9b:bc:33:73:71:0a:da:dc:11:86:2f: d2:bb:ae:f8:b7:9b:e7:b2:98:0b:2c:cd:07:b4:60:5c Fingerprint (SHA-256): F0:C4:55:AF:CA:6E:04:7D:C3:D5:E8:1A:EC:74:BC:99:9F:FF:75:DD:E7:08:10:45:84:BE:51:DD:74:A9:29:EB Fingerprint (SHA1): FC:A0:A2:83:D3:FE:5E:66:28:E9:3C:0C:84:9F:9D:12:94:B0:33:04 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4029: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4030: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174520 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4031: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4032: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4033: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4034: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174521 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4035: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4036: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4037: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4038: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174522 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4039: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4040: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4041: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4042: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174523 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4043: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4044: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4045: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174520 (0x1ee2b738) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:07 2015 Not After : Mon May 18 21:57:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:a9:ee:46:e0:98:fd:38:1f:88:4e:18:b5:04:95:16: 5b:d7:02:f2:76:fe:11:48:33:f6:f0:16:00:f4:36:c0: d6:68:64:b6:e5:92:b9:b1:07:58:7a:64:d8:20:79:7b: 78:6f:95:a8:18:18:b8:1b:1f:a8:e1:28:a2:5e:1e:2c: 1b:02:42:ce:66:35:98:40:95:5d:c1:74:d9:97:40:b4: 97:fd:57:69:15:c5:8e:30:d1:0f:b8:b8:54:01:c8:9e: 08:c5:20:c0:36:ff:3e:31:48:9a:00:31:39:f7:6f:04: 3d:8f:0d:86:61:44:a2:7c:41:7a:ac:e3:ff:6e:60:03 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a7:00:57:7f:cd:39:0b:b9:f0:3d:72:8e:f9:68:d2:8f: 2a:99:34:87:6b:d2:3e:11:83:8f:fb:c4:a1:d1:0c:3f: 9e:3d:dc:6e:3a:d3:1d:74:d4:d5:8b:3d:f8:8f:24:2e: b6:0d:63:63:42:17:64:30:8d:cb:83:b4:c4:61:22:3b: 28:39:81:28:66:b5:78:4f:d4:bc:be:dd:a3:64:a8:c6: 57:b7:c6:c8:06:73:21:cd:fc:e1:51:5a:01:98:0c:b0: 83:c4:28:ed:dc:ee:a6:23:bd:0e:6c:82:d2:5b:14:4b: 87:9e:e7:74:76:d4:48:9e:c5:7a:b6:5d:a3:24:f9:ba Fingerprint (SHA-256): DF:A9:7A:32:6B:56:43:FC:4D:72:FC:54:70:73:6E:07:78:F6:61:EA:57:67:F5:D3:85:CF:63:7D:C8:6B:1E:AF Fingerprint (SHA1): 81:7D:6E:F2:E7:AF:69:97:9A:E0:B3:ED:47:E0:16:72:C7:12:15:4D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4046: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4047: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174521 (0x1ee2b739) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:11 2015 Not After : Mon May 18 21:57:11 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:a7:b3:1f:cf:4b:b6:15:49:8e:aa:24:93:4c:43:ec: 75:d7:6b:aa:df:77:8e:75:aa:40:84:3e:28:eb:1a:37: ce:4b:08:29:0d:01:c8:7e:2b:83:7c:d4:29:74:80:8c: 17:9e:e1:af:6a:b6:1e:7a:af:37:ff:48:f3:bd:68:bb: 01:de:c9:55:00:5c:71:b8:71:a0:1e:30:ba:08:a1:d4: c9:5e:42:24:1b:b1:2e:03:36:7b:4f:f9:2b:cc:79:e5: a4:c9:cd:ec:c3:b4:bb:d9:16:80:87:6f:11:59:23:30: 31:f8:b6:9a:08:67:6d:4e:e3:89:5f:11:ef:ad:6e:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:e9:42:d0:53:0c:a0:c9:14:b0:92:c9:c3:ec:c0:be: cc:d4:41:39:85:03:83:91:45:16:8a:80:5d:e5:9e:55: 8e:26:75:86:18:ee:b8:46:ad:ec:47:09:64:32:c9:7c: 37:ad:90:04:ca:5e:e8:a5:9f:43:12:bb:84:ed:43:1c: de:8e:f7:fb:1a:36:f3:d8:8d:db:c9:86:42:82:05:0e: a1:9b:5a:22:63:0b:ed:6c:78:49:cd:bd:62:7e:73:59: 99:65:ad:13:0f:e4:d1:19:72:0b:6b:ed:c6:aa:db:36: 86:1a:11:da:a6:fe:44:9c:7b:a8:f0:1a:e6:4f:59:9b Fingerprint (SHA-256): 1A:D3:B4:0E:D2:C1:FD:1C:56:AE:7F:71:80:91:D8:A4:85:F2:3F:15:52:59:44:B9:CA:75:A5:CE:32:C9:9A:39 Fingerprint (SHA1): 0A:36:EF:A3:3F:66:DB:3A:0F:D6:C5:14:03:65:30:FC:0B:FB:A8:02 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4048: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4049: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174522 (0x1ee2b73a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:15 2015 Not After : Mon May 18 21:57:15 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:b7:94:27:e2:8e:a2:ab:d9:84:cd:40:a2:30:a0:77: 06:ca:73:06:6c:82:60:39:e9:8c:a1:b4:f2:c9:20:64: 8a:00:cf:62:18:47:d8:d3:b3:fa:84:05:da:77:fe:f6: 40:48:3d:93:b8:cb:e9:af:09:6a:0d:c6:63:cd:35:a6: be:36:ab:1c:ba:27:d9:a0:6b:b5:51:09:5c:f3:e3:ba: 03:03:8a:6d:e6:0d:43:8b:7f:71:1a:be:c3:a3:99:16: cc:c3:86:ce:7a:d7:00:69:d9:77:25:22:88:9e:0c:05: c9:62:94:dc:f4:ef:4b:63:aa:3d:2e:4c:ff:1f:ec:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 39:18:37:b1:d2:62:cb:d1:51:29:46:41:94:2c:0e:15: 4c:d9:5e:cc:f1:ed:e4:e8:84:2d:9d:0d:e9:56:6a:60: af:a4:d3:e7:7c:89:1b:53:17:3c:0c:58:c7:e1:7d:40: cb:6e:84:1b:62:4c:8b:18:8f:68:5c:02:e5:80:41:29: d1:76:00:17:5a:ca:8e:cb:a0:b8:2c:ff:96:2c:a8:a2: 18:98:2b:a4:46:70:9e:93:cc:1b:23:15:b2:2f:a2:74: f7:d8:b3:e8:35:58:a5:0c:da:f5:32:3d:44:3b:6e:6d: bd:d0:5b:6f:68:7f:b9:32:e4:9f:74:36:03:73:f0:a6 Fingerprint (SHA-256): 82:AE:84:0B:FA:D7:8F:B0:B3:67:87:5F:5F:C4:89:CA:3A:CD:68:5B:96:1B:CC:79:CA:AE:B8:6C:33:CD:13:8D Fingerprint (SHA1): 21:9B:A8:E6:DA:96:68:C0:EE:5A:26:E4:F7:9D:B2:0D:71:41:6A:D2 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4050: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4051: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4052: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4053: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4054: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174520 (0x1ee2b738) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:07 2015 Not After : Mon May 18 21:57:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:a9:ee:46:e0:98:fd:38:1f:88:4e:18:b5:04:95:16: 5b:d7:02:f2:76:fe:11:48:33:f6:f0:16:00:f4:36:c0: d6:68:64:b6:e5:92:b9:b1:07:58:7a:64:d8:20:79:7b: 78:6f:95:a8:18:18:b8:1b:1f:a8:e1:28:a2:5e:1e:2c: 1b:02:42:ce:66:35:98:40:95:5d:c1:74:d9:97:40:b4: 97:fd:57:69:15:c5:8e:30:d1:0f:b8:b8:54:01:c8:9e: 08:c5:20:c0:36:ff:3e:31:48:9a:00:31:39:f7:6f:04: 3d:8f:0d:86:61:44:a2:7c:41:7a:ac:e3:ff:6e:60:03 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a7:00:57:7f:cd:39:0b:b9:f0:3d:72:8e:f9:68:d2:8f: 2a:99:34:87:6b:d2:3e:11:83:8f:fb:c4:a1:d1:0c:3f: 9e:3d:dc:6e:3a:d3:1d:74:d4:d5:8b:3d:f8:8f:24:2e: b6:0d:63:63:42:17:64:30:8d:cb:83:b4:c4:61:22:3b: 28:39:81:28:66:b5:78:4f:d4:bc:be:dd:a3:64:a8:c6: 57:b7:c6:c8:06:73:21:cd:fc:e1:51:5a:01:98:0c:b0: 83:c4:28:ed:dc:ee:a6:23:bd:0e:6c:82:d2:5b:14:4b: 87:9e:e7:74:76:d4:48:9e:c5:7a:b6:5d:a3:24:f9:ba Fingerprint (SHA-256): DF:A9:7A:32:6B:56:43:FC:4D:72:FC:54:70:73:6E:07:78:F6:61:EA:57:67:F5:D3:85:CF:63:7D:C8:6B:1E:AF Fingerprint (SHA1): 81:7D:6E:F2:E7:AF:69:97:9A:E0:B3:ED:47:E0:16:72:C7:12:15:4D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4055: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4056: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174521 (0x1ee2b739) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:11 2015 Not After : Mon May 18 21:57:11 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:a7:b3:1f:cf:4b:b6:15:49:8e:aa:24:93:4c:43:ec: 75:d7:6b:aa:df:77:8e:75:aa:40:84:3e:28:eb:1a:37: ce:4b:08:29:0d:01:c8:7e:2b:83:7c:d4:29:74:80:8c: 17:9e:e1:af:6a:b6:1e:7a:af:37:ff:48:f3:bd:68:bb: 01:de:c9:55:00:5c:71:b8:71:a0:1e:30:ba:08:a1:d4: c9:5e:42:24:1b:b1:2e:03:36:7b:4f:f9:2b:cc:79:e5: a4:c9:cd:ec:c3:b4:bb:d9:16:80:87:6f:11:59:23:30: 31:f8:b6:9a:08:67:6d:4e:e3:89:5f:11:ef:ad:6e:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:e9:42:d0:53:0c:a0:c9:14:b0:92:c9:c3:ec:c0:be: cc:d4:41:39:85:03:83:91:45:16:8a:80:5d:e5:9e:55: 8e:26:75:86:18:ee:b8:46:ad:ec:47:09:64:32:c9:7c: 37:ad:90:04:ca:5e:e8:a5:9f:43:12:bb:84:ed:43:1c: de:8e:f7:fb:1a:36:f3:d8:8d:db:c9:86:42:82:05:0e: a1:9b:5a:22:63:0b:ed:6c:78:49:cd:bd:62:7e:73:59: 99:65:ad:13:0f:e4:d1:19:72:0b:6b:ed:c6:aa:db:36: 86:1a:11:da:a6:fe:44:9c:7b:a8:f0:1a:e6:4f:59:9b Fingerprint (SHA-256): 1A:D3:B4:0E:D2:C1:FD:1C:56:AE:7F:71:80:91:D8:A4:85:F2:3F:15:52:59:44:B9:CA:75:A5:CE:32:C9:9A:39 Fingerprint (SHA1): 0A:36:EF:A3:3F:66:DB:3A:0F:D6:C5:14:03:65:30:FC:0B:FB:A8:02 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4057: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4058: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174522 (0x1ee2b73a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:15 2015 Not After : Mon May 18 21:57:15 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:b7:94:27:e2:8e:a2:ab:d9:84:cd:40:a2:30:a0:77: 06:ca:73:06:6c:82:60:39:e9:8c:a1:b4:f2:c9:20:64: 8a:00:cf:62:18:47:d8:d3:b3:fa:84:05:da:77:fe:f6: 40:48:3d:93:b8:cb:e9:af:09:6a:0d:c6:63:cd:35:a6: be:36:ab:1c:ba:27:d9:a0:6b:b5:51:09:5c:f3:e3:ba: 03:03:8a:6d:e6:0d:43:8b:7f:71:1a:be:c3:a3:99:16: cc:c3:86:ce:7a:d7:00:69:d9:77:25:22:88:9e:0c:05: c9:62:94:dc:f4:ef:4b:63:aa:3d:2e:4c:ff:1f:ec:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 39:18:37:b1:d2:62:cb:d1:51:29:46:41:94:2c:0e:15: 4c:d9:5e:cc:f1:ed:e4:e8:84:2d:9d:0d:e9:56:6a:60: af:a4:d3:e7:7c:89:1b:53:17:3c:0c:58:c7:e1:7d:40: cb:6e:84:1b:62:4c:8b:18:8f:68:5c:02:e5:80:41:29: d1:76:00:17:5a:ca:8e:cb:a0:b8:2c:ff:96:2c:a8:a2: 18:98:2b:a4:46:70:9e:93:cc:1b:23:15:b2:2f:a2:74: f7:d8:b3:e8:35:58:a5:0c:da:f5:32:3d:44:3b:6e:6d: bd:d0:5b:6f:68:7f:b9:32:e4:9f:74:36:03:73:f0:a6 Fingerprint (SHA-256): 82:AE:84:0B:FA:D7:8F:B0:B3:67:87:5F:5F:C4:89:CA:3A:CD:68:5B:96:1B:CC:79:CA:AE:B8:6C:33:CD:13:8D Fingerprint (SHA1): 21:9B:A8:E6:DA:96:68:C0:EE:5A:26:E4:F7:9D:B2:0D:71:41:6A:D2 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4059: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4060: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4061: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174524 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4062: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4063: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4064: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4065: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174525 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4066: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4067: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4068: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4069: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174526 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4070: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4071: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4072: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4073: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518174527 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4074: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4075: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4076: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4077: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518174528 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4078: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4079: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4080: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174524 (0x1ee2b73c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:30 2015 Not After : Mon May 18 21:57:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:02:3d:ca:98:55:67:99:86:9e:7e:0b:14:40:bb: 2f:f4:74:39:24:ad:6f:f7:de:93:78:10:39:35:a2:57: 7d:9b:c6:ab:cb:fc:8b:a5:1e:af:1b:0e:f2:9a:61:3d: 7d:d5:49:1b:53:ff:cc:b9:c2:72:a2:0a:f9:2f:e9:43: e1:d8:79:19:4a:52:f4:34:24:46:60:c6:57:8a:68:ae: c6:9a:6e:0e:3b:54:6e:1a:c6:ec:c6:19:9e:0b:94:b8: 1a:90:9c:42:66:09:e0:5f:fe:9b:91:ef:82:fe:80:f4: 95:5d:eb:36:19:3a:b1:21:55:cd:9c:a2:75:db:df:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:aa:c6:37:bf:cb:6b:ad:6c:3a:b8:db:6c:3e:fb:4a: 4f:d0:8d:3f:10:be:fb:12:61:9e:c4:19:28:d5:64:bd: 65:21:17:8e:06:2c:fe:70:36:24:15:2b:e5:98:aa:ab: 65:fb:58:07:62:4c:37:b6:69:e0:16:ff:db:f1:00:a0: 5e:8e:3c:af:0b:53:f9:cb:d8:53:7f:ab:9f:d9:c8:cf: 86:c8:33:11:82:5f:2b:d3:92:87:f9:e6:ce:2e:e4:44: 2f:da:e9:87:80:24:10:b0:37:98:8d:25:91:80:eb:75: 08:39:41:d1:3b:3a:aa:0f:02:c9:42:da:5a:da:77:7d Fingerprint (SHA-256): F1:58:EB:70:62:B4:E0:F9:FC:32:FB:AB:89:30:15:33:CE:18:48:E0:25:05:36:CA:54:DB:35:64:20:77:65:18 Fingerprint (SHA1): 75:57:D2:D0:0C:10:3C:E4:43:6F:CD:9F:F4:44:19:C6:D1:4B:93:ED Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4081: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4082: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174525 (0x1ee2b73d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:33 2015 Not After : Mon May 18 21:57:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:18:b2:57:8b:38:a2:7c:d3:a2:00:32:41:34:69:25: 5f:cd:aa:43:d9:ba:d7:a6:9d:f1:6b:0c:fa:39:d4:14: d6:f3:b4:55:9b:e2:c6:16:d3:da:ff:45:2d:2b:8a:ed: 2e:d9:22:1c:38:39:4f:f5:5f:c5:6d:c2:fd:7a:4a:07: 61:ef:26:79:c6:cd:7a:4f:dc:6c:7b:c5:a5:fc:e2:67: 4a:84:2f:dd:27:6f:ef:4d:9c:f0:80:84:ef:97:98:59: 2e:23:c4:52:f1:a7:63:06:2e:94:5a:9f:4e:b4:a8:43: 39:a9:c8:88:9f:11:60:97:ab:72:eb:1a:a2:5d:d1:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:79:28:8e:75:c4:e6:dc:96:41:98:b4:9a:c0:36:29: 0b:cf:a9:9e:4a:87:66:d2:39:3e:9b:c9:79:a5:be:20: 5a:89:65:42:bb:ab:fa:b0:eb:28:9e:72:eb:9e:f8:a8: a3:c1:ed:8c:e4:2b:d9:3b:55:21:5f:ce:03:92:05:4a: 18:20:e2:7f:0c:da:0c:e9:bf:4e:a9:35:f9:e9:ae:5c: 49:9b:e1:78:cb:bb:29:11:a7:df:db:f4:b9:b1:b2:64: b0:93:aa:ac:03:d8:dc:c0:61:b7:74:c2:e1:cf:30:5b: ec:54:bb:bd:b2:bc:2e:0b:94:ac:c0:ca:88:88:3a:59 Fingerprint (SHA-256): E8:47:8A:93:0F:ED:12:5B:7D:E3:65:45:31:B8:20:49:EC:74:59:92:2A:84:13:A8:6C:1F:E1:45:D0:49:FA:48 Fingerprint (SHA1): C5:2C:B2:69:2E:85:BD:B7:FF:5C:A0:29:E9:37:3D:89:8F:58:0A:7D Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4083: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4084: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174526 (0x1ee2b73e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:37 2015 Not After : Mon May 18 21:57:37 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:18:f0:12:77:23:10:fd:e7:5d:d4:1f:d6:9a:a0:f0: 81:96:5d:ce:e1:cd:8c:d1:ec:59:c9:ca:2f:b2:45:76: 78:c8:47:10:bb:97:d0:17:d6:6b:03:dc:a1:08:bd:bd: 37:ea:34:5c:10:3c:cb:9b:d3:74:5f:1e:5b:28:62:15: 00:ba:cf:8f:53:4d:63:8a:07:af:bb:13:a1:d5:3c:8b: 25:a1:bb:dd:52:f2:aa:2f:d0:16:5f:91:09:5c:68:14: fb:44:ac:94:1a:52:d0:af:82:5c:96:6f:e8:9e:d8:49: 20:aa:a4:98:7c:87:1c:8a:7d:50:62:1b:88:da:60:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:78:30:1b:29:ea:53:ba:b1:5c:9b:17:b7:04:e2:43: 00:5b:ac:6f:9d:ef:2b:47:d9:8a:2b:a5:2d:bc:d4:19: 20:5f:ff:48:45:1c:da:ab:ed:13:fd:ea:fe:7a:1b:19: 7a:32:32:97:c0:4b:ee:86:bf:42:57:41:36:26:1d:22: ee:f4:3d:28:ce:11:39:97:49:37:b3:ef:49:fa:66:1b: d3:2e:b7:c2:4b:b1:b2:a4:fc:f5:e5:f3:68:c9:f0:00: 41:d8:23:1c:5a:5d:e3:41:0d:70:a3:16:f5:ab:6c:1a: 79:59:4c:f2:42:ee:93:bb:d0:9e:6f:d1:8f:4a:c6:5a Fingerprint (SHA-256): DA:6C:CD:AB:1C:F5:90:03:D8:8A:FF:2F:D3:F9:D2:3C:1A:38:95:3C:5E:56:E0:A9:5D:71:39:84:11:16:C2:97 Fingerprint (SHA1): 5D:CD:C7:18:EF:FC:26:A0:54:50:9A:3E:C7:D8:3E:C9:88:1A:81:17 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4085: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4086: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4087: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4088: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4089: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174524 (0x1ee2b73c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:30 2015 Not After : Mon May 18 21:57:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:02:3d:ca:98:55:67:99:86:9e:7e:0b:14:40:bb: 2f:f4:74:39:24:ad:6f:f7:de:93:78:10:39:35:a2:57: 7d:9b:c6:ab:cb:fc:8b:a5:1e:af:1b:0e:f2:9a:61:3d: 7d:d5:49:1b:53:ff:cc:b9:c2:72:a2:0a:f9:2f:e9:43: e1:d8:79:19:4a:52:f4:34:24:46:60:c6:57:8a:68:ae: c6:9a:6e:0e:3b:54:6e:1a:c6:ec:c6:19:9e:0b:94:b8: 1a:90:9c:42:66:09:e0:5f:fe:9b:91:ef:82:fe:80:f4: 95:5d:eb:36:19:3a:b1:21:55:cd:9c:a2:75:db:df:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:aa:c6:37:bf:cb:6b:ad:6c:3a:b8:db:6c:3e:fb:4a: 4f:d0:8d:3f:10:be:fb:12:61:9e:c4:19:28:d5:64:bd: 65:21:17:8e:06:2c:fe:70:36:24:15:2b:e5:98:aa:ab: 65:fb:58:07:62:4c:37:b6:69:e0:16:ff:db:f1:00:a0: 5e:8e:3c:af:0b:53:f9:cb:d8:53:7f:ab:9f:d9:c8:cf: 86:c8:33:11:82:5f:2b:d3:92:87:f9:e6:ce:2e:e4:44: 2f:da:e9:87:80:24:10:b0:37:98:8d:25:91:80:eb:75: 08:39:41:d1:3b:3a:aa:0f:02:c9:42:da:5a:da:77:7d Fingerprint (SHA-256): F1:58:EB:70:62:B4:E0:F9:FC:32:FB:AB:89:30:15:33:CE:18:48:E0:25:05:36:CA:54:DB:35:64:20:77:65:18 Fingerprint (SHA1): 75:57:D2:D0:0C:10:3C:E4:43:6F:CD:9F:F4:44:19:C6:D1:4B:93:ED Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4090: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4091: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174525 (0x1ee2b73d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:33 2015 Not After : Mon May 18 21:57:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:18:b2:57:8b:38:a2:7c:d3:a2:00:32:41:34:69:25: 5f:cd:aa:43:d9:ba:d7:a6:9d:f1:6b:0c:fa:39:d4:14: d6:f3:b4:55:9b:e2:c6:16:d3:da:ff:45:2d:2b:8a:ed: 2e:d9:22:1c:38:39:4f:f5:5f:c5:6d:c2:fd:7a:4a:07: 61:ef:26:79:c6:cd:7a:4f:dc:6c:7b:c5:a5:fc:e2:67: 4a:84:2f:dd:27:6f:ef:4d:9c:f0:80:84:ef:97:98:59: 2e:23:c4:52:f1:a7:63:06:2e:94:5a:9f:4e:b4:a8:43: 39:a9:c8:88:9f:11:60:97:ab:72:eb:1a:a2:5d:d1:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:79:28:8e:75:c4:e6:dc:96:41:98:b4:9a:c0:36:29: 0b:cf:a9:9e:4a:87:66:d2:39:3e:9b:c9:79:a5:be:20: 5a:89:65:42:bb:ab:fa:b0:eb:28:9e:72:eb:9e:f8:a8: a3:c1:ed:8c:e4:2b:d9:3b:55:21:5f:ce:03:92:05:4a: 18:20:e2:7f:0c:da:0c:e9:bf:4e:a9:35:f9:e9:ae:5c: 49:9b:e1:78:cb:bb:29:11:a7:df:db:f4:b9:b1:b2:64: b0:93:aa:ac:03:d8:dc:c0:61:b7:74:c2:e1:cf:30:5b: ec:54:bb:bd:b2:bc:2e:0b:94:ac:c0:ca:88:88:3a:59 Fingerprint (SHA-256): E8:47:8A:93:0F:ED:12:5B:7D:E3:65:45:31:B8:20:49:EC:74:59:92:2A:84:13:A8:6C:1F:E1:45:D0:49:FA:48 Fingerprint (SHA1): C5:2C:B2:69:2E:85:BD:B7:FF:5C:A0:29:E9:37:3D:89:8F:58:0A:7D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4092: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4093: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174526 (0x1ee2b73e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:37 2015 Not After : Mon May 18 21:57:37 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:18:f0:12:77:23:10:fd:e7:5d:d4:1f:d6:9a:a0:f0: 81:96:5d:ce:e1:cd:8c:d1:ec:59:c9:ca:2f:b2:45:76: 78:c8:47:10:bb:97:d0:17:d6:6b:03:dc:a1:08:bd:bd: 37:ea:34:5c:10:3c:cb:9b:d3:74:5f:1e:5b:28:62:15: 00:ba:cf:8f:53:4d:63:8a:07:af:bb:13:a1:d5:3c:8b: 25:a1:bb:dd:52:f2:aa:2f:d0:16:5f:91:09:5c:68:14: fb:44:ac:94:1a:52:d0:af:82:5c:96:6f:e8:9e:d8:49: 20:aa:a4:98:7c:87:1c:8a:7d:50:62:1b:88:da:60:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:78:30:1b:29:ea:53:ba:b1:5c:9b:17:b7:04:e2:43: 00:5b:ac:6f:9d:ef:2b:47:d9:8a:2b:a5:2d:bc:d4:19: 20:5f:ff:48:45:1c:da:ab:ed:13:fd:ea:fe:7a:1b:19: 7a:32:32:97:c0:4b:ee:86:bf:42:57:41:36:26:1d:22: ee:f4:3d:28:ce:11:39:97:49:37:b3:ef:49:fa:66:1b: d3:2e:b7:c2:4b:b1:b2:a4:fc:f5:e5:f3:68:c9:f0:00: 41:d8:23:1c:5a:5d:e3:41:0d:70:a3:16:f5:ab:6c:1a: 79:59:4c:f2:42:ee:93:bb:d0:9e:6f:d1:8f:4a:c6:5a Fingerprint (SHA-256): DA:6C:CD:AB:1C:F5:90:03:D8:8A:FF:2F:D3:F9:D2:3C:1A:38:95:3C:5E:56:E0:A9:5D:71:39:84:11:16:C2:97 Fingerprint (SHA1): 5D:CD:C7:18:EF:FC:26:A0:54:50:9A:3E:C7:D8:3E:C9:88:1A:81:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4094: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4095: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174524 (0x1ee2b73c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:30 2015 Not After : Mon May 18 21:57:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:02:3d:ca:98:55:67:99:86:9e:7e:0b:14:40:bb: 2f:f4:74:39:24:ad:6f:f7:de:93:78:10:39:35:a2:57: 7d:9b:c6:ab:cb:fc:8b:a5:1e:af:1b:0e:f2:9a:61:3d: 7d:d5:49:1b:53:ff:cc:b9:c2:72:a2:0a:f9:2f:e9:43: e1:d8:79:19:4a:52:f4:34:24:46:60:c6:57:8a:68:ae: c6:9a:6e:0e:3b:54:6e:1a:c6:ec:c6:19:9e:0b:94:b8: 1a:90:9c:42:66:09:e0:5f:fe:9b:91:ef:82:fe:80:f4: 95:5d:eb:36:19:3a:b1:21:55:cd:9c:a2:75:db:df:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:aa:c6:37:bf:cb:6b:ad:6c:3a:b8:db:6c:3e:fb:4a: 4f:d0:8d:3f:10:be:fb:12:61:9e:c4:19:28:d5:64:bd: 65:21:17:8e:06:2c:fe:70:36:24:15:2b:e5:98:aa:ab: 65:fb:58:07:62:4c:37:b6:69:e0:16:ff:db:f1:00:a0: 5e:8e:3c:af:0b:53:f9:cb:d8:53:7f:ab:9f:d9:c8:cf: 86:c8:33:11:82:5f:2b:d3:92:87:f9:e6:ce:2e:e4:44: 2f:da:e9:87:80:24:10:b0:37:98:8d:25:91:80:eb:75: 08:39:41:d1:3b:3a:aa:0f:02:c9:42:da:5a:da:77:7d Fingerprint (SHA-256): F1:58:EB:70:62:B4:E0:F9:FC:32:FB:AB:89:30:15:33:CE:18:48:E0:25:05:36:CA:54:DB:35:64:20:77:65:18 Fingerprint (SHA1): 75:57:D2:D0:0C:10:3C:E4:43:6F:CD:9F:F4:44:19:C6:D1:4B:93:ED Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4096: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174524 (0x1ee2b73c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:30 2015 Not After : Mon May 18 21:57:30 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:02:3d:ca:98:55:67:99:86:9e:7e:0b:14:40:bb: 2f:f4:74:39:24:ad:6f:f7:de:93:78:10:39:35:a2:57: 7d:9b:c6:ab:cb:fc:8b:a5:1e:af:1b:0e:f2:9a:61:3d: 7d:d5:49:1b:53:ff:cc:b9:c2:72:a2:0a:f9:2f:e9:43: e1:d8:79:19:4a:52:f4:34:24:46:60:c6:57:8a:68:ae: c6:9a:6e:0e:3b:54:6e:1a:c6:ec:c6:19:9e:0b:94:b8: 1a:90:9c:42:66:09:e0:5f:fe:9b:91:ef:82:fe:80:f4: 95:5d:eb:36:19:3a:b1:21:55:cd:9c:a2:75:db:df:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:aa:c6:37:bf:cb:6b:ad:6c:3a:b8:db:6c:3e:fb:4a: 4f:d0:8d:3f:10:be:fb:12:61:9e:c4:19:28:d5:64:bd: 65:21:17:8e:06:2c:fe:70:36:24:15:2b:e5:98:aa:ab: 65:fb:58:07:62:4c:37:b6:69:e0:16:ff:db:f1:00:a0: 5e:8e:3c:af:0b:53:f9:cb:d8:53:7f:ab:9f:d9:c8:cf: 86:c8:33:11:82:5f:2b:d3:92:87:f9:e6:ce:2e:e4:44: 2f:da:e9:87:80:24:10:b0:37:98:8d:25:91:80:eb:75: 08:39:41:d1:3b:3a:aa:0f:02:c9:42:da:5a:da:77:7d Fingerprint (SHA-256): F1:58:EB:70:62:B4:E0:F9:FC:32:FB:AB:89:30:15:33:CE:18:48:E0:25:05:36:CA:54:DB:35:64:20:77:65:18 Fingerprint (SHA1): 75:57:D2:D0:0C:10:3C:E4:43:6F:CD:9F:F4:44:19:C6:D1:4B:93:ED Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4097: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174525 (0x1ee2b73d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:33 2015 Not After : Mon May 18 21:57:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:18:b2:57:8b:38:a2:7c:d3:a2:00:32:41:34:69:25: 5f:cd:aa:43:d9:ba:d7:a6:9d:f1:6b:0c:fa:39:d4:14: d6:f3:b4:55:9b:e2:c6:16:d3:da:ff:45:2d:2b:8a:ed: 2e:d9:22:1c:38:39:4f:f5:5f:c5:6d:c2:fd:7a:4a:07: 61:ef:26:79:c6:cd:7a:4f:dc:6c:7b:c5:a5:fc:e2:67: 4a:84:2f:dd:27:6f:ef:4d:9c:f0:80:84:ef:97:98:59: 2e:23:c4:52:f1:a7:63:06:2e:94:5a:9f:4e:b4:a8:43: 39:a9:c8:88:9f:11:60:97:ab:72:eb:1a:a2:5d:d1:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:79:28:8e:75:c4:e6:dc:96:41:98:b4:9a:c0:36:29: 0b:cf:a9:9e:4a:87:66:d2:39:3e:9b:c9:79:a5:be:20: 5a:89:65:42:bb:ab:fa:b0:eb:28:9e:72:eb:9e:f8:a8: a3:c1:ed:8c:e4:2b:d9:3b:55:21:5f:ce:03:92:05:4a: 18:20:e2:7f:0c:da:0c:e9:bf:4e:a9:35:f9:e9:ae:5c: 49:9b:e1:78:cb:bb:29:11:a7:df:db:f4:b9:b1:b2:64: b0:93:aa:ac:03:d8:dc:c0:61:b7:74:c2:e1:cf:30:5b: ec:54:bb:bd:b2:bc:2e:0b:94:ac:c0:ca:88:88:3a:59 Fingerprint (SHA-256): E8:47:8A:93:0F:ED:12:5B:7D:E3:65:45:31:B8:20:49:EC:74:59:92:2A:84:13:A8:6C:1F:E1:45:D0:49:FA:48 Fingerprint (SHA1): C5:2C:B2:69:2E:85:BD:B7:FF:5C:A0:29:E9:37:3D:89:8F:58:0A:7D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4098: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174525 (0x1ee2b73d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 21:57:33 2015 Not After : Mon May 18 21:57:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9b:18:b2:57:8b:38:a2:7c:d3:a2:00:32:41:34:69:25: 5f:cd:aa:43:d9:ba:d7:a6:9d:f1:6b:0c:fa:39:d4:14: d6:f3:b4:55:9b:e2:c6:16:d3:da:ff:45:2d:2b:8a:ed: 2e:d9:22:1c:38:39:4f:f5:5f:c5:6d:c2:fd:7a:4a:07: 61:ef:26:79:c6:cd:7a:4f:dc:6c:7b:c5:a5:fc:e2:67: 4a:84:2f:dd:27:6f:ef:4d:9c:f0:80:84:ef:97:98:59: 2e:23:c4:52:f1:a7:63:06:2e:94:5a:9f:4e:b4:a8:43: 39:a9:c8:88:9f:11:60:97:ab:72:eb:1a:a2:5d:d1:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:79:28:8e:75:c4:e6:dc:96:41:98:b4:9a:c0:36:29: 0b:cf:a9:9e:4a:87:66:d2:39:3e:9b:c9:79:a5:be:20: 5a:89:65:42:bb:ab:fa:b0:eb:28:9e:72:eb:9e:f8:a8: a3:c1:ed:8c:e4:2b:d9:3b:55:21:5f:ce:03:92:05:4a: 18:20:e2:7f:0c:da:0c:e9:bf:4e:a9:35:f9:e9:ae:5c: 49:9b:e1:78:cb:bb:29:11:a7:df:db:f4:b9:b1:b2:64: b0:93:aa:ac:03:d8:dc:c0:61:b7:74:c2:e1:cf:30:5b: ec:54:bb:bd:b2:bc:2e:0b:94:ac:c0:ca:88:88:3a:59 Fingerprint (SHA-256): E8:47:8A:93:0F:ED:12:5B:7D:E3:65:45:31:B8:20:49:EC:74:59:92:2A:84:13:A8:6C:1F:E1:45:D0:49:FA:48 Fingerprint (SHA1): C5:2C:B2:69:2E:85:BD:B7:FF:5C:A0:29:E9:37:3D:89:8F:58:0A:7D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4099: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174526 (0x1ee2b73e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:37 2015 Not After : Mon May 18 21:57:37 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:18:f0:12:77:23:10:fd:e7:5d:d4:1f:d6:9a:a0:f0: 81:96:5d:ce:e1:cd:8c:d1:ec:59:c9:ca:2f:b2:45:76: 78:c8:47:10:bb:97:d0:17:d6:6b:03:dc:a1:08:bd:bd: 37:ea:34:5c:10:3c:cb:9b:d3:74:5f:1e:5b:28:62:15: 00:ba:cf:8f:53:4d:63:8a:07:af:bb:13:a1:d5:3c:8b: 25:a1:bb:dd:52:f2:aa:2f:d0:16:5f:91:09:5c:68:14: fb:44:ac:94:1a:52:d0:af:82:5c:96:6f:e8:9e:d8:49: 20:aa:a4:98:7c:87:1c:8a:7d:50:62:1b:88:da:60:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:78:30:1b:29:ea:53:ba:b1:5c:9b:17:b7:04:e2:43: 00:5b:ac:6f:9d:ef:2b:47:d9:8a:2b:a5:2d:bc:d4:19: 20:5f:ff:48:45:1c:da:ab:ed:13:fd:ea:fe:7a:1b:19: 7a:32:32:97:c0:4b:ee:86:bf:42:57:41:36:26:1d:22: ee:f4:3d:28:ce:11:39:97:49:37:b3:ef:49:fa:66:1b: d3:2e:b7:c2:4b:b1:b2:a4:fc:f5:e5:f3:68:c9:f0:00: 41:d8:23:1c:5a:5d:e3:41:0d:70:a3:16:f5:ab:6c:1a: 79:59:4c:f2:42:ee:93:bb:d0:9e:6f:d1:8f:4a:c6:5a Fingerprint (SHA-256): DA:6C:CD:AB:1C:F5:90:03:D8:8A:FF:2F:D3:F9:D2:3C:1A:38:95:3C:5E:56:E0:A9:5D:71:39:84:11:16:C2:97 Fingerprint (SHA1): 5D:CD:C7:18:EF:FC:26:A0:54:50:9A:3E:C7:D8:3E:C9:88:1A:81:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4100: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174526 (0x1ee2b73e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 21:57:37 2015 Not After : Mon May 18 21:57:37 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:18:f0:12:77:23:10:fd:e7:5d:d4:1f:d6:9a:a0:f0: 81:96:5d:ce:e1:cd:8c:d1:ec:59:c9:ca:2f:b2:45:76: 78:c8:47:10:bb:97:d0:17:d6:6b:03:dc:a1:08:bd:bd: 37:ea:34:5c:10:3c:cb:9b:d3:74:5f:1e:5b:28:62:15: 00:ba:cf:8f:53:4d:63:8a:07:af:bb:13:a1:d5:3c:8b: 25:a1:bb:dd:52:f2:aa:2f:d0:16:5f:91:09:5c:68:14: fb:44:ac:94:1a:52:d0:af:82:5c:96:6f:e8:9e:d8:49: 20:aa:a4:98:7c:87:1c:8a:7d:50:62:1b:88:da:60:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:78:30:1b:29:ea:53:ba:b1:5c:9b:17:b7:04:e2:43: 00:5b:ac:6f:9d:ef:2b:47:d9:8a:2b:a5:2d:bc:d4:19: 20:5f:ff:48:45:1c:da:ab:ed:13:fd:ea:fe:7a:1b:19: 7a:32:32:97:c0:4b:ee:86:bf:42:57:41:36:26:1d:22: ee:f4:3d:28:ce:11:39:97:49:37:b3:ef:49:fa:66:1b: d3:2e:b7:c2:4b:b1:b2:a4:fc:f5:e5:f3:68:c9:f0:00: 41:d8:23:1c:5a:5d:e3:41:0d:70:a3:16:f5:ab:6c:1a: 79:59:4c:f2:42:ee:93:bb:d0:9e:6f:d1:8f:4a:c6:5a Fingerprint (SHA-256): DA:6C:CD:AB:1C:F5:90:03:D8:8A:FF:2F:D3:F9:D2:3C:1A:38:95:3C:5E:56:E0:A9:5D:71:39:84:11:16:C2:97 Fingerprint (SHA1): 5D:CD:C7:18:EF:FC:26:A0:54:50:9A:3E:C7:D8:3E:C9:88:1A:81:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4101: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4102: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174529 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4103: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4104: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4105: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4106: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174530 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4107: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4108: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4109: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4110: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174531 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4111: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4112: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4113: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4114: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518174532 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4115: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4116: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4117: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4118: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518174533 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4119: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4120: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4121: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4122: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518174534 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4123: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4124: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #4125: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4126: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518174535 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4127: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4128: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4129: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #4130: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #4131: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4132: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #4133: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174529 (0x1ee2b741) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:00 2015 Not After : Mon May 18 21:58:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:21:7f:a4:e3:ac:94:b9:98:ee:83:73:f3:39:b9:15: 2c:96:5a:c2:2c:54:b2:a1:bf:5a:67:86:0f:49:28:48: da:ad:cf:7e:70:22:a1:c2:25:e2:b8:8e:5c:ea:f3:8c: d3:c5:2d:fe:42:07:60:9c:ed:c0:c6:44:d8:f1:4a:7b: 4e:9f:05:e4:09:c6:44:48:79:da:c4:63:8b:21:13:d0: 5e:05:36:bb:35:e9:42:ab:da:ab:1b:b4:2c:b9:d1:41: 03:b5:44:27:6a:cc:ad:24:fb:11:4e:69:32:0f:64:1e: 41:9d:2d:f4:0d:20:96:dc:86:51:ef:84:07:39:b2:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 34:e2:82:28:22:d4:6a:f7:e2:7a:ff:6c:0e:db:5c:ad: d7:32:b7:ac:e6:3b:ce:27:4f:f0:c9:c5:2a:f4:41:1c: 49:7c:73:28:72:c1:67:62:b2:24:c4:12:d4:15:b1:7a: 7f:19:dd:7b:45:aa:87:46:20:7b:75:f4:5c:ef:d5:b5: 0d:cf:d2:ab:86:83:9b:a6:ad:b9:5a:bd:c5:e0:df:a7: 4e:66:5f:97:45:89:4f:3b:3a:cc:41:f8:5e:a7:fc:b7: fe:d9:36:2b:bf:42:23:7b:8d:6e:b6:4e:5f:73:49:f1: 45:c6:c8:0f:de:5e:31:7b:43:90:66:24:75:ad:1c:00 Fingerprint (SHA-256): AA:55:60:98:93:79:1F:38:B2:76:BB:26:38:4E:6C:2E:13:7F:F8:E2:54:B5:19:AC:7D:EC:C0:FB:D4:72:AF:25 Fingerprint (SHA1): AA:13:F3:74:EC:D8:64:61:A0:28:56:AE:74:81:F4:00:E1:17:EE:1A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4134: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4135: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4136: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4137: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174529 (0x1ee2b741) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:00 2015 Not After : Mon May 18 21:58:00 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:21:7f:a4:e3:ac:94:b9:98:ee:83:73:f3:39:b9:15: 2c:96:5a:c2:2c:54:b2:a1:bf:5a:67:86:0f:49:28:48: da:ad:cf:7e:70:22:a1:c2:25:e2:b8:8e:5c:ea:f3:8c: d3:c5:2d:fe:42:07:60:9c:ed:c0:c6:44:d8:f1:4a:7b: 4e:9f:05:e4:09:c6:44:48:79:da:c4:63:8b:21:13:d0: 5e:05:36:bb:35:e9:42:ab:da:ab:1b:b4:2c:b9:d1:41: 03:b5:44:27:6a:cc:ad:24:fb:11:4e:69:32:0f:64:1e: 41:9d:2d:f4:0d:20:96:dc:86:51:ef:84:07:39:b2:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 34:e2:82:28:22:d4:6a:f7:e2:7a:ff:6c:0e:db:5c:ad: d7:32:b7:ac:e6:3b:ce:27:4f:f0:c9:c5:2a:f4:41:1c: 49:7c:73:28:72:c1:67:62:b2:24:c4:12:d4:15:b1:7a: 7f:19:dd:7b:45:aa:87:46:20:7b:75:f4:5c:ef:d5:b5: 0d:cf:d2:ab:86:83:9b:a6:ad:b9:5a:bd:c5:e0:df:a7: 4e:66:5f:97:45:89:4f:3b:3a:cc:41:f8:5e:a7:fc:b7: fe:d9:36:2b:bf:42:23:7b:8d:6e:b6:4e:5f:73:49:f1: 45:c6:c8:0f:de:5e:31:7b:43:90:66:24:75:ad:1c:00 Fingerprint (SHA-256): AA:55:60:98:93:79:1F:38:B2:76:BB:26:38:4E:6C:2E:13:7F:F8:E2:54:B5:19:AC:7D:EC:C0:FB:D4:72:AF:25 Fingerprint (SHA1): AA:13:F3:74:EC:D8:64:61:A0:28:56:AE:74:81:F4:00:E1:17:EE:1A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4138: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4139: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4140: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174536 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4141: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4142: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4143: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4144: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174537 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4145: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4146: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #4147: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4148: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518174538 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4149: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4150: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #4151: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4152: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518174539 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4153: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4154: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4155: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4156: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518174540 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4157: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4158: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #4159: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4160: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518174541 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4161: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4162: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #4163: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4164: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518174542 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4165: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4166: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4167: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4168: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518174543 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4169: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4170: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #4171: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4172: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518174544 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4173: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4174: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #4175: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4176: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518174545 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4177: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4178: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #4179: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4180: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518174546 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4181: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4182: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #4183: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4184: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518174547 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4185: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4186: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #4187: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4188: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518174548 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4189: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4190: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #4191: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4192: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518174549 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4193: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4194: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #4195: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4196: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518174550 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4197: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4198: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #4199: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4200: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518174551 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4201: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4202: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #4203: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4204: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518174552 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4205: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4206: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #4207: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4208: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518174553 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4209: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4210: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #4211: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4212: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518174554 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4213: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4214: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #4215: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4216: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518174555 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4217: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4218: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #4219: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4220: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518174556 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4221: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4222: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #4223: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4224: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518174557 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4225: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4226: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #4227: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4228: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518174558 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4229: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4230: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #4231: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4232: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518174559 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4233: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4234: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #4235: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4236: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518174560 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4237: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4238: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #4239: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4240: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518174561 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4241: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4242: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #4243: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4244: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518174562 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4245: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4246: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #4247: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4248: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518174563 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4249: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4250: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #4251: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4252: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518174564 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4253: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4254: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #4255: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4256: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518174565 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4257: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4258: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4259: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4260: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4261: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4262: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4263: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4264: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4265: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4266: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4267: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4268: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4269: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4270: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4271: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4272: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4273: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4274: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4275: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4276: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4277: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4278: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4279: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4280: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4281: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174536 (0x1ee2b748) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 21:58:30 2015 Not After : Mon May 18 21:58:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:38:51:3b:17:80:8a:fc:f7:34:7d:7c:15:51:62:5c: 65:f8:b8:fe:a2:78:ed:bf:91:48:86:82:8e:3c:b5:02: fc:0b:c0:de:ca:1a:de:95:e3:51:7d:ea:57:ec:6d:d7: d1:5f:57:f4:7b:93:25:f8:ea:50:89:16:ac:bf:2b:c2: 36:d4:3e:c8:ee:c0:7d:3b:d9:3e:50:b5:3c:cd:b1:ea: 66:b0:63:9b:28:ac:da:c5:b3:93:a4:42:dd:6d:9d:ae: 0f:2d:84:c3:f0:d8:21:5d:8e:46:e0:98:14:24:ee:0e: 4b:ff:af:f9:a3:aa:19:95:2e:df:29:b5:70:ab:66:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:60:c0:57:bb:97:a1:bd:3d:de:13:36:e6:f2:4c:48: ed:e6:41:67:9b:f7:86:a7:b9:31:7f:56:2e:05:ce:0f: 27:1a:c4:57:7b:b0:da:6e:13:df:1d:e8:cb:c8:92:63: bf:26:75:9b:7e:1b:56:0c:26:42:19:17:2e:2c:62:2c: 5f:ad:38:ca:fe:4b:54:b3:1a:78:3b:89:cd:6a:46:88: 4e:ab:78:39:d4:c2:76:8a:e3:6d:42:d8:73:1f:df:30: c2:32:fb:b1:12:e4:c6:cc:24:d7:71:ba:8b:6d:b1:03: b7:f1:4a:48:18:fb:fc:de:0d:61:25:07:ee:e1:58:8a Fingerprint (SHA-256): 1C:ED:2F:61:06:C8:E3:53:84:07:1B:F0:3E:37:B2:AC:F7:6E:42:EF:1F:A2:7B:50:A2:AA:5E:3F:40:B9:9D:3B Fingerprint (SHA1): 39:CA:EB:E9:77:32:7E:3C:3F:DC:29:0C:D7:2A:B3:A0:9B:A9:5A:26 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4282: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4283: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4284: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174566 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4285: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4286: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #4287: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4288: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518174567 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4289: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4290: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #4291: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4292: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518174568 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4293: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4294: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #4295: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4296: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518174569 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4297: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4298: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #4299: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4300: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518174570 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4301: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4302: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #4303: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4304: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518174571 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4305: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4306: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #4307: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4308: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518174572 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4309: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4310: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4311: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174566 (0x1ee2b766) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:00:24 2015 Not After : Mon May 18 22:00:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a7:d5:b8:61:56:82:1b:e5:c4:68:bc:24:46:4a:63: cc:e7:1c:7c:ed:f3:c7:5c:80:34:d6:13:8b:51:a7:2f: a7:28:0c:b7:e2:86:fc:22:e0:2f:b4:a5:31:cd:17:44: ec:1a:86:3c:22:50:43:24:8a:47:99:6b:ec:71:8c:6e: 4a:a9:90:67:d5:1a:44:ea:eb:41:b1:3c:77:62:1c:00: 71:c0:8a:17:5d:19:23:8c:70:26:95:44:76:cd:7a:4e: 47:f6:97:a5:c5:26:9b:48:94:19:40:fe:6b:27:84:2f: 73:dd:20:59:cd:04:76:e5:16:ca:69:1f:36:7c:42:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 30:10:24:78:44:19:56:c5:d0:2e:66:5f:1a:89:9e:bf: 99:33:b3:26:85:5a:da:71:b7:57:42:f6:31:9e:7c:b7: 52:b9:8a:a8:3d:88:c8:0e:f4:f1:7c:c0:42:77:9a:dc: 24:d0:8d:df:39:d5:f9:56:1a:ec:a2:4c:9c:f0:df:be: bd:a5:22:63:b6:d2:c0:06:35:77:34:23:f2:2d:e6:17: 8f:6b:dc:09:37:65:5f:9d:c7:1f:9f:cf:b3:b4:1f:a6: fc:6b:1b:95:aa:e1:37:90:02:06:fc:e5:1d:83:f3:2c: 40:55:6d:f5:8d:81:03:64:29:25:d2:91:74:e6:ff:bd Fingerprint (SHA-256): B8:6C:B6:36:7F:79:80:C1:61:C2:6A:79:69:E3:FD:74:B1:0D:88:E3:2E:31:4F:CC:01:D7:05:92:07:33:E9:7A Fingerprint (SHA1): EA:9C:E9:86:D4:55:42:B7:1E:90:62:F4:CC:A4:F2:21:67:52:6D:5C Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #4312: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4313: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4314: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4315: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174566 (0x1ee2b766) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:00:24 2015 Not After : Mon May 18 22:00:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a7:d5:b8:61:56:82:1b:e5:c4:68:bc:24:46:4a:63: cc:e7:1c:7c:ed:f3:c7:5c:80:34:d6:13:8b:51:a7:2f: a7:28:0c:b7:e2:86:fc:22:e0:2f:b4:a5:31:cd:17:44: ec:1a:86:3c:22:50:43:24:8a:47:99:6b:ec:71:8c:6e: 4a:a9:90:67:d5:1a:44:ea:eb:41:b1:3c:77:62:1c:00: 71:c0:8a:17:5d:19:23:8c:70:26:95:44:76:cd:7a:4e: 47:f6:97:a5:c5:26:9b:48:94:19:40:fe:6b:27:84:2f: 73:dd:20:59:cd:04:76:e5:16:ca:69:1f:36:7c:42:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 30:10:24:78:44:19:56:c5:d0:2e:66:5f:1a:89:9e:bf: 99:33:b3:26:85:5a:da:71:b7:57:42:f6:31:9e:7c:b7: 52:b9:8a:a8:3d:88:c8:0e:f4:f1:7c:c0:42:77:9a:dc: 24:d0:8d:df:39:d5:f9:56:1a:ec:a2:4c:9c:f0:df:be: bd:a5:22:63:b6:d2:c0:06:35:77:34:23:f2:2d:e6:17: 8f:6b:dc:09:37:65:5f:9d:c7:1f:9f:cf:b3:b4:1f:a6: fc:6b:1b:95:aa:e1:37:90:02:06:fc:e5:1d:83:f3:2c: 40:55:6d:f5:8d:81:03:64:29:25:d2:91:74:e6:ff:bd Fingerprint (SHA-256): B8:6C:B6:36:7F:79:80:C1:61:C2:6A:79:69:E3:FD:74:B1:0D:88:E3:2E:31:4F:CC:01:D7:05:92:07:33:E9:7A Fingerprint (SHA1): EA:9C:E9:86:D4:55:42:B7:1E:90:62:F4:CC:A4:F2:21:67:52:6D:5C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #4316: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4317: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4318: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4319: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174573 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4320: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4321: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4322: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4323: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174574 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4324: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4325: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4326: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4327: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174575 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4328: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4329: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4330: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4331: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174576 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4332: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4333: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4334: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4335: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4336: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4337: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174573 (0x1ee2b76d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:00:50 2015 Not After : Mon May 18 22:00:50 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:dc:db:4f:3a:32:67:cd:87:46:52:35:1a:d0:8b:dd: c1:ba:d6:db:a5:61:ce:7f:5e:b8:bc:dd:e4:8a:a1:48: 46:4c:82:13:83:05:9b:02:8a:ea:c2:35:3a:62:06:18: 7d:46:ce:f1:3d:a6:eb:d5:ac:1f:b1:75:04:40:53:d7: c7:01:0d:e2:93:fc:1f:4d:80:99:63:cf:57:41:c7:24: 95:70:7e:1c:f4:05:c6:79:fe:cf:52:16:54:9d:b2:89: 99:03:1f:11:81:93:8e:fa:72:d0:22:7a:b8:af:d0:a5: 1a:2b:f9:9a:8f:f7:18:32:c8:e6:b9:68:a2:50:4b:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:df:e1:ff:df:11:7c:3b:60:9b:b4:38:3e:4b:58:89: 22:70:e4:ec:ce:a7:a7:32:fa:ee:22:11:ca:47:af:ea: ec:8a:43:a7:68:33:b6:4a:46:7f:ba:9e:d3:71:b1:b5: a4:60:3b:aa:6e:0e:05:28:5d:81:cc:82:f0:f5:81:d0: 4c:22:f2:5a:28:0e:51:75:ea:03:ad:bc:84:e9:9e:6d: c7:34:ba:44:5e:32:aa:a4:3b:7a:87:5a:4e:2c:9a:72: bd:87:ea:1f:fc:cc:4a:b2:47:9e:fe:7b:c6:b7:00:84: b0:20:09:fe:d6:a9:12:ad:97:71:81:de:fc:be:0a:02 Fingerprint (SHA-256): 0C:74:03:02:BD:0E:95:2C:BB:88:53:5F:5A:D7:00:F8:71:BA:DB:79:6A:FF:38:67:E5:75:78:1A:A6:A1:FE:12 Fingerprint (SHA1): 12:CE:74:59:E9:0E:45:E6:C3:42:BF:76:2B:C6:54:39:6E:33:7D:F0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4338: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4339: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4340: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174574 (0x1ee2b76e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:00:53 2015 Not After : Mon May 18 22:00:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:9f:c9:92:e4:68:07:14:54:21:93:81:94:75:c9:67: b6:26:a3:b1:93:16:52:5c:9b:2f:23:de:b2:7a:43:49: 26:c4:16:c7:d5:4c:4e:2b:7b:e0:bc:45:e9:2b:c0:7a: 78:70:35:bb:85:57:6b:6e:73:72:58:a5:83:a8:a3:7b: 54:75:ab:16:ec:ed:8d:27:ee:98:9a:35:f2:b1:e1:2e: 1c:87:72:5f:60:2b:4c:00:62:9b:6e:60:36:ab:3e:2a: 9e:a3:22:0c:a2:b3:a4:65:68:b0:cf:16:a4:8d:e5:d2: 97:8f:fb:4b:bc:ae:9a:3c:84:e3:78:fe:fe:80:82:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:18:67:8c:ff:95:24:45:76:c7:b2:78:8b:7a:d0:64: 6c:ec:3c:4f:95:f0:29:2f:74:4d:af:e1:5c:b1:11:11: 11:94:90:d4:42:c2:2f:53:14:d0:b0:03:d2:89:3e:a7: 30:c4:d2:8c:16:53:07:b5:be:47:c5:ea:3d:1c:2c:5a: 2d:2f:f0:50:4a:38:b4:65:ed:89:cb:d0:7a:42:d8:ad: e2:bc:0f:fc:5a:54:3d:65:2f:ae:85:df:c6:80:5d:80: cd:9f:63:de:27:98:c7:e3:6d:dc:8a:5d:90:63:a0:aa: 11:a4:b9:4c:9a:27:d4:36:b0:3c:5f:27:38:6b:36:04 Fingerprint (SHA-256): 5C:3D:DB:6B:BE:00:50:88:4C:8E:47:E7:2A:01:ED:38:AC:50:D7:FA:86:5E:1E:52:1C:33:86:99:4C:94:B9:65 Fingerprint (SHA1): 64:DF:E4:31:EE:EF:72:E3:30:7A:64:33:C1:DB:68:E8:D2:12:0A:A9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4341: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4342: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174575 (0x1ee2b76f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:00:56 2015 Not After : Mon May 18 22:00:56 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:4e:3e:55:1c:1b:5f:da:14:6b:0f:5c:22:2a:79:e8: d5:5e:c3:86:8a:b7:28:4a:3a:29:4a:06:94:86:ea:e1: a2:ca:db:93:45:f4:a2:03:25:ad:79:93:c8:e9:66:f1: dd:f2:46:6e:a4:75:d7:f3:4e:9c:63:97:9f:b6:87:24: cb:28:c4:4b:fb:ec:71:8c:15:ee:36:4f:29:19:8d:43: 87:ee:30:95:b5:fd:21:5b:54:b2:7f:b0:a2:50:28:f0: f4:22:4d:f1:06:f8:45:0f:86:4b:15:e0:52:cd:c3:35: 7e:8b:28:d3:09:84:f0:52:f1:f9:d4:12:22:b3:ca:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 17:9e:18:db:16:4a:2f:a6:f5:df:c5:7b:dc:a3:f6:0a: 6e:f1:36:0c:f5:69:c5:b6:59:c9:21:25:bf:14:ed:8e: ea:52:2f:98:8b:71:7d:ea:70:09:07:eb:df:4b:97:16: e5:56:0c:8f:b5:05:4f:9e:bf:51:33:bb:aa:07:8b:fb: af:9c:29:a2:76:d8:2c:3b:f7:b9:fb:38:6e:63:6b:a4: 3e:76:de:67:92:39:03:37:0e:28:0e:38:1d:14:bd:b8: 70:44:fb:49:a6:75:62:96:dd:8f:4c:e0:96:ae:d2:e5: bc:9e:86:3f:74:95:43:3c:1d:f5:21:e9:64:35:61:01 Fingerprint (SHA-256): D0:BA:75:E6:E2:B5:73:06:6D:DA:BC:DF:3E:B4:BB:B5:AA:91:CF:2E:8D:B8:F3:A2:E0:19:B8:C2:91:34:FA:AE Fingerprint (SHA1): C0:A4:40:63:51:AC:47:52:C0:5A:A9:66:60:D5:11:72:DA:E0:2E:3D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4343: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4344: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174577 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4345: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4346: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4347: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4348: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174578 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4349: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4350: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4351: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4352: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174579 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4353: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4354: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4355: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4356: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518174580 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4357: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4358: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4359: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4360: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518174581 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4361: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4362: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4363: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4364: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4365: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4366: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #4367: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174577 (0x1ee2b771) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:01:07 2015 Not After : Mon May 18 22:01:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:17:a9:ad:82:f5:55:91:aa:b2:a0:eb:bf:a9:86:e8: 39:e7:a9:5e:3e:4d:09:71:2b:12:b3:61:50:c9:f4:74: 4f:bc:c7:66:6e:a8:64:cb:3b:2e:31:3b:e0:b2:d7:d3: 8e:14:60:6c:12:be:c7:cd:2d:25:36:91:6d:3b:c6:35: 57:08:b6:e7:35:49:0e:f2:fd:78:d7:38:71:43:77:4d: 9d:ea:a1:d3:3c:e4:01:2a:51:e3:d2:20:bc:c4:00:20: 11:66:5b:81:aa:f1:51:ae:af:02:21:66:93:ce:5c:e7: 95:30:75:a5:8c:0b:f1:0a:91:2e:a6:d5:a2:9a:fb:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:19:da:69:c0:cc:c0:2b:fd:d9:bd:bc:54:65:da:7f: 33:85:60:87:98:9f:1f:5f:6d:f4:d7:2e:e6:20:76:48: c6:05:4e:00:4e:c8:2e:ac:58:fc:3b:d6:a4:30:2c:37: 9c:bc:5c:c9:6a:a2:7e:cf:aa:56:71:44:75:ed:d9:cf: 2d:07:d0:84:d7:71:7d:01:15:f1:c7:42:d4:57:9b:3e: 22:da:3c:02:44:8c:e6:b4:87:24:e6:f2:79:ed:b7:43: 5d:ef:5d:94:68:38:66:b8:a5:83:26:b4:5a:48:30:bc: 9a:aa:da:b6:98:08:63:43:92:4c:6c:09:fc:ab:b9:0f Fingerprint (SHA-256): C4:30:C4:2B:60:BF:F8:A4:69:41:40:73:55:89:EC:14:63:6B:3B:FC:E2:CA:45:0D:4C:8D:3A:25:EE:C3:7F:87 Fingerprint (SHA1): 5B:E0:8E:C2:A9:DA:F3:2A:C0:B2:0D:2F:C0:87:4E:44:2E:1B:B9:87 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4368: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4369: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174578 (0x1ee2b772) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:01:10 2015 Not After : Mon May 18 22:01:10 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:81:5e:2b:23:b6:5c:d8:53:12:4a:fd:d4:13:a6:17: 1e:af:a9:de:52:83:6f:fa:cf:91:dc:7d:c4:3b:d1:15: b7:53:dd:0f:2d:66:96:0f:0a:04:e9:ac:1b:70:2f:ed: 72:a3:4b:4f:5d:c0:e8:1f:e5:25:ea:fc:a9:08:14:18: fb:0e:28:54:e2:ba:09:65:51:86:da:bc:82:b9:5e:70: 50:be:96:cb:e8:4a:dc:9c:65:b2:9d:d0:d1:67:8d:30: a9:41:48:a4:59:54:10:af:ba:92:8b:91:77:88:5c:14: 60:19:e5:5c:d5:72:b2:10:e0:12:a7:48:dd:1e:24:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:79:31:5e:74:39:4d:2f:6b:91:69:da:25:8a:3c:ab: 8e:5d:f4:53:0c:52:5e:e6:d1:7b:cc:95:c1:85:5b:ce: 81:83:e5:69:cf:03:e7:80:fa:bc:c8:52:93:e4:d9:d4: 51:65:34:ed:d6:a0:4e:17:ad:53:76:25:37:50:64:ec: ce:f3:f2:e0:b7:57:2c:0e:bb:4c:15:5a:70:ca:f0:96: 97:e0:2d:2b:90:25:ee:6d:c4:98:5a:7e:40:ba:07:38: 5a:aa:ca:fd:5f:8c:c4:cf:54:d2:cd:48:ef:1a:93:e5: 34:ba:e1:a8:9c:b3:07:79:cb:d6:4a:64:d1:fa:b4:5a Fingerprint (SHA-256): A4:47:68:72:16:07:9C:D2:0C:49:C5:F7:D5:6E:DC:45:C5:0F:87:E9:FA:BC:7B:6D:C9:B6:20:BF:D7:7A:A7:1C Fingerprint (SHA1): D1:3B:22:FF:69:61:09:68:FF:24:93:46:93:21:56:16:3C:8E:BF:F4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4370: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4371: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4372: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174579 (0x1ee2b773) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:01:13 2015 Not After : Mon May 18 22:01:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:4e:b0:f5:a2:73:ed:97:ee:f3:57:be:86:8d:c0:2a: 67:15:c7:1a:10:04:90:fd:a3:a0:9c:b4:a0:d7:5e:3c: 56:26:0c:00:50:de:1b:b7:36:87:25:79:b5:dc:9b:7b: 65:30:62:5d:48:64:55:d0:ef:6e:67:1e:a3:1c:db:1c: cc:5c:e9:bc:53:6d:ec:72:21:c9:cd:40:08:75:b6:ff: f4:99:74:d8:61:b4:f7:7d:bc:9a:70:e5:f0:f8:65:49: e4:04:7f:bc:63:40:d5:84:9a:2e:37:d2:ad:77:4e:4e: d7:6a:01:34:da:46:9f:c0:70:2e:b3:97:8b:8a:a1:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:74:36:29:c2:fe:0f:34:52:3c:47:93:cb:74:9c:e7: da:94:a3:88:c8:a2:9f:fc:67:37:de:56:dc:40:45:10: f9:f7:9f:ed:f7:2d:ad:61:08:5b:78:ff:91:53:49:9d: 14:7a:66:84:67:bf:6b:cc:14:f1:a1:d2:86:85:28:03: e2:d1:be:2e:86:de:10:79:d9:66:72:70:54:c3:7a:08: 92:e2:52:6a:73:72:19:15:e8:d9:a8:18:04:7e:34:f0: c6:20:1b:f9:86:bf:52:e7:ae:77:95:aa:30:ab:a1:55: 72:fb:28:11:0f:e8:ba:c0:32:71:c1:75:ca:5c:e1:56 Fingerprint (SHA-256): 62:D5:39:BC:DC:81:26:09:D8:CF:AF:8C:EC:F0:08:C0:5B:0C:E0:7F:E0:15:16:3A:07:7A:01:32:37:6D:62:0F Fingerprint (SHA1): 90:84:C3:68:9B:EB:C6:44:A1:1E:4C:E7:EF:FB:B2:7A:0D:C6:B0:CB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #4373: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4374: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174582 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4375: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4376: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4377: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4378: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174583 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4379: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4380: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4381: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4382: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174584 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518174361.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4383: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4384: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4385: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4386: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518174585 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4387: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4388: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #4389: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174582 (0x1ee2b776) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:01:29 2015 Not After : Mon May 18 22:01:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:30:2e:f8:8d:af:43:33:99:7e:92:81:10:d5:b8:8d: 1f:c9:45:9d:77:f4:fe:51:13:e5:a5:00:b0:84:60:61: 5f:b4:d5:ce:b4:8a:eb:d2:1f:9b:09:ce:49:1a:49:c1: 21:f8:ac:ae:a4:ba:b7:5f:26:1a:1c:0d:a5:51:a6:f2: 5a:ef:03:a5:52:65:fd:f2:08:e8:be:c2:e6:87:51:1e: 8a:70:f8:a6:71:f9:1b:7a:d3:80:9d:4d:67:1f:ac:e2: bb:ef:5a:c4:4c:21:1a:de:30:90:74:7c:19:c2:2b:b6: cd:20:f0:7d:a7:ee:3c:1d:89:be:7b:87:e9:0d:b7:35 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:35:2a:4c:3b:d8:f4:f9:6c:d8:74:bf:87:8f:18:92: 65:d0:e1:14:f0:57:bb:9c:9d:f1:c8:e3:35:e4:02:b3: 03:2d:b5:f0:00:cc:dc:78:c6:50:54:b9:ae:c1:63:45: 83:95:4d:1d:b7:b1:b3:31:24:52:b3:07:78:6c:24:f1: dd:5f:5d:79:d1:bb:58:0b:2f:cf:58:76:e7:be:e2:b6: d0:96:ef:0e:8d:93:8c:b1:ca:2a:ce:2f:07:c1:24:fb: bc:72:a1:9a:04:9e:bf:4c:c2:6d:41:0b:32:1b:2a:ba: 18:21:da:ea:6a:ea:15:e8:12:00:4d:01:c5:b3:7f:a3 Fingerprint (SHA-256): 0A:5C:77:E2:93:FD:A3:45:AB:E4:11:F3:1A:19:DA:D0:3A:16:EF:3C:19:47:92:DE:68:6E:B7:53:5A:A2:64:A4 Fingerprint (SHA1): 3E:4D:35:5A:D2:AF:4D:5B:CA:1D:20:AA:81:C2:CD:E3:2B:0C:A9:44 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4390: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4391: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174586 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4392: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4393: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4394: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174587 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4395: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4396: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4397: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4398: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174588 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4399: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4400: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174589 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4401: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4402: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #4403: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4404: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4405: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174590 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518174362.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4406: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4407: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4408: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4409: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174591 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4410: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4411: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #4412: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #4413: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174587 (0x1ee2b77b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:01:47 2015 Not After : Mon May 18 22:01:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:04:c9:91:dd:ca:31:4b:11:a5:16:e0:a6:ad:75:b9: 24:cc:72:ec:f6:fc:40:4d:61:0a:96:70:8b:85:00:cd: b0:0a:f9:60:7a:aa:a8:be:88:e1:a0:e2:f4:c4:57:89: cb:52:6c:12:ea:91:39:dc:50:64:b6:3f:0b:c0:50:9d: 18:fb:cc:01:dd:25:09:f0:da:dc:00:15:c1:29:16:a8: 1a:34:cf:9c:79:64:5e:9f:f2:da:ef:32:48:c9:a2:ac: 13:ce:ee:8e:fa:2a:1b:52:d0:ea:d5:62:44:98:8f:e6: 08:ee:eb:e1:e0:49:f9:d5:14:c3:02:5c:2a:47:3b:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:2d:42:99:d3:25:32:df:2c:5f:da:4a:f8:ff:ad:39: d4:4c:c3:43:73:02:4c:a2:bf:51:d2:0c:12:ce:cf:1c: 82:af:24:45:41:17:1d:45:47:c4:1c:ef:7b:2a:c2:34: 1f:76:6a:ca:e7:55:45:fd:46:b6:f2:a7:fc:f4:ae:ea: be:31:58:f1:dd:1e:8a:b4:a5:8a:b3:6b:72:e8:b3:d1: bd:44:90:ae:e7:6b:2e:1f:58:80:f1:f1:bf:5a:3e:f4: b8:70:b8:e4:ed:00:85:a1:27:66:54:98:e9:d9:ac:8f: e3:fd:42:b0:10:c7:eb:75:47:b5:6f:d4:f5:e8:e3:f8 Fingerprint (SHA-256): B0:40:EE:0D:32:44:AD:5A:2F:E9:44:6B:9D:DF:A9:9A:DF:51:DC:3F:91:66:B1:FA:25:C5:07:1A:98:EA:CA:D3 Fingerprint (SHA1): B3:60:0B:82:2B:0C:3C:E9:32:37:20:5C:7E:7B:38:8F:99:DE:7D:B8 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4414: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174587 (0x1ee2b77b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:01:47 2015 Not After : Mon May 18 22:01:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:04:c9:91:dd:ca:31:4b:11:a5:16:e0:a6:ad:75:b9: 24:cc:72:ec:f6:fc:40:4d:61:0a:96:70:8b:85:00:cd: b0:0a:f9:60:7a:aa:a8:be:88:e1:a0:e2:f4:c4:57:89: cb:52:6c:12:ea:91:39:dc:50:64:b6:3f:0b:c0:50:9d: 18:fb:cc:01:dd:25:09:f0:da:dc:00:15:c1:29:16:a8: 1a:34:cf:9c:79:64:5e:9f:f2:da:ef:32:48:c9:a2:ac: 13:ce:ee:8e:fa:2a:1b:52:d0:ea:d5:62:44:98:8f:e6: 08:ee:eb:e1:e0:49:f9:d5:14:c3:02:5c:2a:47:3b:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:2d:42:99:d3:25:32:df:2c:5f:da:4a:f8:ff:ad:39: d4:4c:c3:43:73:02:4c:a2:bf:51:d2:0c:12:ce:cf:1c: 82:af:24:45:41:17:1d:45:47:c4:1c:ef:7b:2a:c2:34: 1f:76:6a:ca:e7:55:45:fd:46:b6:f2:a7:fc:f4:ae:ea: be:31:58:f1:dd:1e:8a:b4:a5:8a:b3:6b:72:e8:b3:d1: bd:44:90:ae:e7:6b:2e:1f:58:80:f1:f1:bf:5a:3e:f4: b8:70:b8:e4:ed:00:85:a1:27:66:54:98:e9:d9:ac:8f: e3:fd:42:b0:10:c7:eb:75:47:b5:6f:d4:f5:e8:e3:f8 Fingerprint (SHA-256): B0:40:EE:0D:32:44:AD:5A:2F:E9:44:6B:9D:DF:A9:9A:DF:51:DC:3F:91:66:B1:FA:25:C5:07:1A:98:EA:CA:D3 Fingerprint (SHA1): B3:60:0B:82:2B:0C:3C:E9:32:37:20:5C:7E:7B:38:8F:99:DE:7D:B8 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4415: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4416: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174592 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4417: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4418: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4419: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174593 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4420: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4421: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4422: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4423: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518174594 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4424: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4425: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518174595 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4426: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4427: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #4428: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4429: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4430: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174596 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518174363.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4431: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4432: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4433: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4434: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174597 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4435: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4436: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4437: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4438: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518174598 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518174364.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4439: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4440: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4441: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4442: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174599 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4443: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4444: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #4445: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #4446: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174593 (0x1ee2b781) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:02:06 2015 Not After : Mon May 18 22:02:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:7a:28:f7:a8:52:3c:9f:76:68:71:62:43:f7:16:e3: e1:16:41:23:2f:6f:f1:27:f1:70:69:61:5d:e2:df:e8: c3:c1:5b:28:25:76:9f:df:12:36:8d:97:31:d8:03:5c: 78:70:1d:9d:57:de:ab:cd:4f:34:07:94:c3:f1:b4:3f: e1:c1:34:db:85:8f:54:61:c9:85:be:b5:21:fd:e7:dd: 3a:d5:a5:46:39:fb:2d:33:3a:1d:a8:8c:18:93:77:53: 9c:5f:f5:a0:b6:ca:f4:ca:fb:3d:05:b3:0c:a8:31:1f: 02:14:c4:c8:63:d3:a1:da:5d:9b:cf:a8:4b:bc:84:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:e1:93:18:f5:a0:fb:20:7f:ac:6b:9a:d4:f1:59:c6: 47:79:ef:b8:61:d8:4d:b3:57:b6:e1:43:15:72:bd:aa: 46:1c:f7:db:f4:ed:fc:f4:02:7a:19:b3:b8:44:58:53: a0:37:b3:aa:3e:8a:4e:db:db:3a:62:8e:ea:16:1f:f1: e0:5f:93:eb:70:fa:29:6d:05:ef:34:f4:d2:f3:62:8f: 59:cc:56:83:d8:65:10:bc:5d:bc:9b:57:a6:71:18:6f: a1:e0:27:1c:a0:f4:ea:2b:24:54:72:07:c2:fb:db:c9: 4b:db:d0:27:81:75:c7:23:b6:49:b8:61:15:59:44:9d Fingerprint (SHA-256): AF:C6:A3:08:F4:7A:9A:46:A1:F3:13:B8:28:5C:C1:88:E7:3F:96:04:69:94:B7:7A:F1:6A:33:30:DA:9E:D9:80 Fingerprint (SHA1): AE:DA:09:14:80:7A:D8:B2:9C:26:3E:73:BA:A7:5A:57:8E:FB:81:5D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4447: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174593 (0x1ee2b781) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:02:06 2015 Not After : Mon May 18 22:02:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:7a:28:f7:a8:52:3c:9f:76:68:71:62:43:f7:16:e3: e1:16:41:23:2f:6f:f1:27:f1:70:69:61:5d:e2:df:e8: c3:c1:5b:28:25:76:9f:df:12:36:8d:97:31:d8:03:5c: 78:70:1d:9d:57:de:ab:cd:4f:34:07:94:c3:f1:b4:3f: e1:c1:34:db:85:8f:54:61:c9:85:be:b5:21:fd:e7:dd: 3a:d5:a5:46:39:fb:2d:33:3a:1d:a8:8c:18:93:77:53: 9c:5f:f5:a0:b6:ca:f4:ca:fb:3d:05:b3:0c:a8:31:1f: 02:14:c4:c8:63:d3:a1:da:5d:9b:cf:a8:4b:bc:84:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:e1:93:18:f5:a0:fb:20:7f:ac:6b:9a:d4:f1:59:c6: 47:79:ef:b8:61:d8:4d:b3:57:b6:e1:43:15:72:bd:aa: 46:1c:f7:db:f4:ed:fc:f4:02:7a:19:b3:b8:44:58:53: a0:37:b3:aa:3e:8a:4e:db:db:3a:62:8e:ea:16:1f:f1: e0:5f:93:eb:70:fa:29:6d:05:ef:34:f4:d2:f3:62:8f: 59:cc:56:83:d8:65:10:bc:5d:bc:9b:57:a6:71:18:6f: a1:e0:27:1c:a0:f4:ea:2b:24:54:72:07:c2:fb:db:c9: 4b:db:d0:27:81:75:c7:23:b6:49:b8:61:15:59:44:9d Fingerprint (SHA-256): AF:C6:A3:08:F4:7A:9A:46:A1:F3:13:B8:28:5C:C1:88:E7:3F:96:04:69:94:B7:7A:F1:6A:33:30:DA:9E:D9:80 Fingerprint (SHA1): AE:DA:09:14:80:7A:D8:B2:9C:26:3E:73:BA:A7:5A:57:8E:FB:81:5D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4448: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #4449: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174592 (0x1ee2b780) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:02:04 2015 Not After : Mon May 18 22:02:04 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:96:44:8d:ae:bb:5a:01:10:18:8c:b0:e4:49:cd:3f: 12:e4:e4:6f:67:f3:1d:1a:8d:33:ff:de:8f:87:6a:c7: 94:1b:81:9f:5d:63:f0:f3:89:74:fa:3f:68:52:5c:29: bf:3a:26:46:d6:d8:43:d6:60:15:00:80:b3:d4:d4:6f: fa:b0:c1:89:af:db:d2:73:ff:aa:b9:2e:48:6f:03:11: 17:f9:34:f8:d0:b8:36:b4:e0:9c:d7:83:63:77:13:85: c2:ea:13:15:46:5b:ce:5b:8a:ee:9a:ef:92:89:1b:e8: 32:5f:17:f4:5b:cf:4c:cc:88:04:3e:b3:a4:01:e5:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 29:17:8e:84:c6:42:d3:e1:f0:16:55:4f:4e:8f:27:1d: 2f:34:72:6e:6b:01:24:59:7e:3d:27:9b:e8:c1:0a:b1: 32:73:77:56:68:12:41:7b:5e:5a:37:99:94:0c:21:aa: 3c:5c:61:02:16:b8:b9:2b:4a:9a:77:20:ea:65:cb:e1: 41:58:d3:32:36:71:80:68:f5:65:9d:87:89:7b:85:67: 5a:3c:16:5b:4d:ba:4e:04:b8:34:dc:2c:ad:5f:3d:3b: da:d6:c5:af:a7:9c:dd:f3:69:a7:49:80:dc:a5:dd:14: 21:21:d2:18:ac:bf:7b:47:a4:0b:29:0e:85:a7:f4:a8 Fingerprint (SHA-256): 0B:AF:7B:59:04:86:EE:B2:EC:A0:60:C2:08:EE:53:5D:7A:79:3C:2C:5A:67:BB:75:0A:63:D9:75:15:6F:26:F7 Fingerprint (SHA1): 6B:C3:53:2C:5A:DF:C7:E7:EB:95:EE:1E:DE:60:76:9E:D3:34:1D:5C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4450: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174593 (0x1ee2b781) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:02:06 2015 Not After : Mon May 18 22:02:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:7a:28:f7:a8:52:3c:9f:76:68:71:62:43:f7:16:e3: e1:16:41:23:2f:6f:f1:27:f1:70:69:61:5d:e2:df:e8: c3:c1:5b:28:25:76:9f:df:12:36:8d:97:31:d8:03:5c: 78:70:1d:9d:57:de:ab:cd:4f:34:07:94:c3:f1:b4:3f: e1:c1:34:db:85:8f:54:61:c9:85:be:b5:21:fd:e7:dd: 3a:d5:a5:46:39:fb:2d:33:3a:1d:a8:8c:18:93:77:53: 9c:5f:f5:a0:b6:ca:f4:ca:fb:3d:05:b3:0c:a8:31:1f: 02:14:c4:c8:63:d3:a1:da:5d:9b:cf:a8:4b:bc:84:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:e1:93:18:f5:a0:fb:20:7f:ac:6b:9a:d4:f1:59:c6: 47:79:ef:b8:61:d8:4d:b3:57:b6:e1:43:15:72:bd:aa: 46:1c:f7:db:f4:ed:fc:f4:02:7a:19:b3:b8:44:58:53: a0:37:b3:aa:3e:8a:4e:db:db:3a:62:8e:ea:16:1f:f1: e0:5f:93:eb:70:fa:29:6d:05:ef:34:f4:d2:f3:62:8f: 59:cc:56:83:d8:65:10:bc:5d:bc:9b:57:a6:71:18:6f: a1:e0:27:1c:a0:f4:ea:2b:24:54:72:07:c2:fb:db:c9: 4b:db:d0:27:81:75:c7:23:b6:49:b8:61:15:59:44:9d Fingerprint (SHA-256): AF:C6:A3:08:F4:7A:9A:46:A1:F3:13:B8:28:5C:C1:88:E7:3F:96:04:69:94:B7:7A:F1:6A:33:30:DA:9E:D9:80 Fingerprint (SHA1): AE:DA:09:14:80:7A:D8:B2:9C:26:3E:73:BA:A7:5A:57:8E:FB:81:5D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4451: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174593 (0x1ee2b781) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:02:06 2015 Not After : Mon May 18 22:02:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:7a:28:f7:a8:52:3c:9f:76:68:71:62:43:f7:16:e3: e1:16:41:23:2f:6f:f1:27:f1:70:69:61:5d:e2:df:e8: c3:c1:5b:28:25:76:9f:df:12:36:8d:97:31:d8:03:5c: 78:70:1d:9d:57:de:ab:cd:4f:34:07:94:c3:f1:b4:3f: e1:c1:34:db:85:8f:54:61:c9:85:be:b5:21:fd:e7:dd: 3a:d5:a5:46:39:fb:2d:33:3a:1d:a8:8c:18:93:77:53: 9c:5f:f5:a0:b6:ca:f4:ca:fb:3d:05:b3:0c:a8:31:1f: 02:14:c4:c8:63:d3:a1:da:5d:9b:cf:a8:4b:bc:84:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:e1:93:18:f5:a0:fb:20:7f:ac:6b:9a:d4:f1:59:c6: 47:79:ef:b8:61:d8:4d:b3:57:b6:e1:43:15:72:bd:aa: 46:1c:f7:db:f4:ed:fc:f4:02:7a:19:b3:b8:44:58:53: a0:37:b3:aa:3e:8a:4e:db:db:3a:62:8e:ea:16:1f:f1: e0:5f:93:eb:70:fa:29:6d:05:ef:34:f4:d2:f3:62:8f: 59:cc:56:83:d8:65:10:bc:5d:bc:9b:57:a6:71:18:6f: a1:e0:27:1c:a0:f4:ea:2b:24:54:72:07:c2:fb:db:c9: 4b:db:d0:27:81:75:c7:23:b6:49:b8:61:15:59:44:9d Fingerprint (SHA-256): AF:C6:A3:08:F4:7A:9A:46:A1:F3:13:B8:28:5C:C1:88:E7:3F:96:04:69:94:B7:7A:F1:6A:33:30:DA:9E:D9:80 Fingerprint (SHA1): AE:DA:09:14:80:7A:D8:B2:9C:26:3E:73:BA:A7:5A:57:8E:FB:81:5D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4452: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4453: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174600 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4454: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4455: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4456: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174601 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4457: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4458: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #4459: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4460: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518174602 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4461: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4462: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #4463: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4464: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518174603 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4465: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4466: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4467: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4468: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518174604 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4469: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4470: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518174605 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4471: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4472: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #4473: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4474: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4475: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518174606 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4476: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4477: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4478: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4479: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518174607 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4480: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4481: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4482: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4483: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174608 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4484: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4485: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4486: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4487: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174609 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4488: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4489: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4490: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174600 (0x1ee2b788) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:02:32 2015 Not After : Mon May 18 22:02:32 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:b9:3d:ce:02:14:30:3c:3c:0f:3d:ba:b0:cd:6b:4b: 55:34:a4:bd:9d:1d:85:7c:74:11:73:70:de:85:47:69: f3:55:e5:29:9f:d5:b2:76:95:3b:86:9a:72:f4:24:a1: d6:dd:1b:21:88:c1:34:47:2b:d8:e9:ec:34:49:89:2c: f0:3e:21:fa:93:40:75:ee:1b:c7:88:cc:86:8c:68:42: ae:e3:9e:b5:36:bd:e6:08:9e:70:9f:32:1f:63:b8:bd: fc:90:38:9b:f1:dc:01:36:8c:17:02:47:c3:31:29:08: d3:c5:9c:b6:72:c4:8d:1e:79:1d:7c:96:56:68:57:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:66:f9:cd:52:4a:b9:c3:8a:20:38:46:6b:2b:97:ca: 69:36:c5:a9:89:ad:ad:fc:87:7e:a5:f5:87:a7:1b:f2: ae:d9:e8:51:e1:22:01:27:ef:b9:f9:f0:40:96:16:6a: 5d:c5:70:a9:46:90:4c:4e:9a:01:5e:c4:ce:a8:d8:41: 47:af:e0:a1:b8:e1:c1:4c:f5:6b:fe:5c:23:dd:38:47: 12:f0:ad:b7:75:e1:d6:69:6b:0a:75:a3:bf:bc:f6:aa: c2:da:90:1b:eb:9c:c0:c7:81:c8:86:28:02:f2:e7:08: 01:16:2d:02:0c:88:16:88:f9:94:08:c1:ad:17:57:39 Fingerprint (SHA-256): E3:B7:C1:B9:00:70:5F:77:7F:35:B4:CF:61:B1:FC:41:CC:40:3A:DF:0B:73:B5:5C:76:7D:EC:57:F4:13:EC:B9 Fingerprint (SHA1): FA:6E:46:8E:9C:84:61:DB:2C:79:B9:8D:56:04:D6:74:57:7A:C9:53 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #4491: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4492: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4493: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4494: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4495: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4496: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4497: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4498: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4499: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174601 (0x1ee2b789) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:02:35 2015 Not After : Mon May 18 22:02:35 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:79:4c:bb:d8:7b:09:e5:74:08:8a:5d:e0:25:a6:4f: 06:28:8e:a7:6a:e5:c6:65:c7:d7:b9:41:6d:86:81:a4: 39:c4:60:34:c1:c1:b9:22:78:c7:f3:f9:b1:1e:14:28: 31:e8:d6:47:df:74:af:cf:ad:70:40:59:25:7d:75:02: 24:bb:60:1a:aa:b4:d5:89:39:97:e0:bb:1c:26:67:7a: 8e:a4:49:28:8f:4a:45:e0:47:8e:da:26:15:f8:f4:6d: e9:38:0d:e1:f5:d7:22:ac:6c:cc:3f:49:5f:b6:eb:20: c5:cf:99:85:22:3e:20:76:9d:fd:99:83:d0:c8:f3:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:7f:0c:81:d1:50:5b:3b:0d:bc:a3:a8:f4:f6:8a:e1: 65:29:7f:7e:a0:bc:e5:a6:3e:0f:9e:97:6e:2e:d5:5f: 5b:1e:34:44:53:5c:dc:50:20:f3:97:ed:17:e5:cc:bc: 3d:d2:ea:80:1a:b8:ee:aa:1c:55:e3:bc:43:61:59:94: e2:43:76:c1:0f:31:54:27:ae:03:5a:43:fd:db:b9:a1: 65:cb:bd:6b:73:ef:f8:4f:68:ee:b5:34:6b:60:2e:02: cc:52:53:64:0c:6e:30:08:b6:32:f5:25:34:42:0f:f7: ab:bf:9a:b8:7b:7a:5b:19:d8:a9:91:5c:16:d3:07:80 Fingerprint (SHA-256): 14:A9:B2:B2:EE:A4:3B:4C:83:3F:0C:7B:40:56:10:63:29:ED:A0:7F:5A:1D:7A:A5:FF:A1:30:58:F8:82:0B:30 Fingerprint (SHA1): 69:44:3E:9F:F6:31:D2:79:57:B6:C3:E0:DA:F0:CE:0C:3D:03:50:3E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #4500: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4501: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4502: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4503: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4504: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4505: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4506: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #4507: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #4508: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #4509: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #4510: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #4511: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #4512: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #4513: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #4514: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #4515: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #4516: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #4517: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4518: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174610 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4519: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4520: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4521: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4522: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518174611 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4523: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4524: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4525: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4526: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518174612 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4527: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4528: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4529: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4530: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518174613 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4531: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4532: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4533: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4534: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518174614 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4535: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4536: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4537: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4538: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518174615 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4539: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4540: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #4541: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4542: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518174616 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4543: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4544: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #4545: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4546: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518174617 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4547: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4548: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #4549: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4550: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518174618 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4551: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4552: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4553: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174610 (0x1ee2b792) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:19 2015 Not After : Mon May 18 22:03:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 56:fa:90:3b:e8:aa:e1:9b:9e:ba:2e:67:13:83:14:ad: 7e:ad:18:fd:01:0b:44:cc:ed:14:9e:d5:4f:f6:a5:a2: 36:c6:ae:27:16:31:76:65:6e:b0:f0:88:25:ec:b0:e0: f2:d4:f3:c1:58:9e:89:30:fc:6e:08:8c:d1:ec:21:ff: d7:2c:7e:99:2c:06:ee:ea:07:e6:10:cb:86:dd:df:9f: bc:f5:e3:37:af:87:85:50:86:a5:70:2a:b4:93:43:df: de:a7:2d:5e:05:e9:09:32:f5:d0:69:18:53:e7:46:dd: cd:ee:79:65:6b:26:e8:52:7c:f4:c6:6d:d9:05:72:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:19:54:97:73:e7:df:9b:5e:d4:70:3e:cb: 06:8a:81:5f:5c:33:1c:b0:02:15:00:a9:e4:81:a6:68: b2:49:d4:0d:d2:32:b3:f0:ca:7c:ba:6e:71:71:82 Fingerprint (SHA-256): 0A:9C:14:4C:F8:5C:DD:CC:70:07:F9:08:F2:CF:08:3F:E5:7E:61:CA:57:77:20:72:56:A1:26:01:AC:DA:83:14 Fingerprint (SHA1): D3:E5:7A:0E:18:3A:B9:2A:50:A3:D5:90:D4:78:D5:D4:5D:0E:52:40 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4554: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174610 (0x1ee2b792) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:19 2015 Not After : Mon May 18 22:03:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 56:fa:90:3b:e8:aa:e1:9b:9e:ba:2e:67:13:83:14:ad: 7e:ad:18:fd:01:0b:44:cc:ed:14:9e:d5:4f:f6:a5:a2: 36:c6:ae:27:16:31:76:65:6e:b0:f0:88:25:ec:b0:e0: f2:d4:f3:c1:58:9e:89:30:fc:6e:08:8c:d1:ec:21:ff: d7:2c:7e:99:2c:06:ee:ea:07:e6:10:cb:86:dd:df:9f: bc:f5:e3:37:af:87:85:50:86:a5:70:2a:b4:93:43:df: de:a7:2d:5e:05:e9:09:32:f5:d0:69:18:53:e7:46:dd: cd:ee:79:65:6b:26:e8:52:7c:f4:c6:6d:d9:05:72:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:19:54:97:73:e7:df:9b:5e:d4:70:3e:cb: 06:8a:81:5f:5c:33:1c:b0:02:15:00:a9:e4:81:a6:68: b2:49:d4:0d:d2:32:b3:f0:ca:7c:ba:6e:71:71:82 Fingerprint (SHA-256): 0A:9C:14:4C:F8:5C:DD:CC:70:07:F9:08:F2:CF:08:3F:E5:7E:61:CA:57:77:20:72:56:A1:26:01:AC:DA:83:14 Fingerprint (SHA1): D3:E5:7A:0E:18:3A:B9:2A:50:A3:D5:90:D4:78:D5:D4:5D:0E:52:40 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4555: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174610 (0x1ee2b792) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:19 2015 Not After : Mon May 18 22:03:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 56:fa:90:3b:e8:aa:e1:9b:9e:ba:2e:67:13:83:14:ad: 7e:ad:18:fd:01:0b:44:cc:ed:14:9e:d5:4f:f6:a5:a2: 36:c6:ae:27:16:31:76:65:6e:b0:f0:88:25:ec:b0:e0: f2:d4:f3:c1:58:9e:89:30:fc:6e:08:8c:d1:ec:21:ff: d7:2c:7e:99:2c:06:ee:ea:07:e6:10:cb:86:dd:df:9f: bc:f5:e3:37:af:87:85:50:86:a5:70:2a:b4:93:43:df: de:a7:2d:5e:05:e9:09:32:f5:d0:69:18:53:e7:46:dd: cd:ee:79:65:6b:26:e8:52:7c:f4:c6:6d:d9:05:72:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:19:54:97:73:e7:df:9b:5e:d4:70:3e:cb: 06:8a:81:5f:5c:33:1c:b0:02:15:00:a9:e4:81:a6:68: b2:49:d4:0d:d2:32:b3:f0:ca:7c:ba:6e:71:71:82 Fingerprint (SHA-256): 0A:9C:14:4C:F8:5C:DD:CC:70:07:F9:08:F2:CF:08:3F:E5:7E:61:CA:57:77:20:72:56:A1:26:01:AC:DA:83:14 Fingerprint (SHA1): D3:E5:7A:0E:18:3A:B9:2A:50:A3:D5:90:D4:78:D5:D4:5D:0E:52:40 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #4556: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174610 (0x1ee2b792) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:19 2015 Not After : Mon May 18 22:03:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 56:fa:90:3b:e8:aa:e1:9b:9e:ba:2e:67:13:83:14:ad: 7e:ad:18:fd:01:0b:44:cc:ed:14:9e:d5:4f:f6:a5:a2: 36:c6:ae:27:16:31:76:65:6e:b0:f0:88:25:ec:b0:e0: f2:d4:f3:c1:58:9e:89:30:fc:6e:08:8c:d1:ec:21:ff: d7:2c:7e:99:2c:06:ee:ea:07:e6:10:cb:86:dd:df:9f: bc:f5:e3:37:af:87:85:50:86:a5:70:2a:b4:93:43:df: de:a7:2d:5e:05:e9:09:32:f5:d0:69:18:53:e7:46:dd: cd:ee:79:65:6b:26:e8:52:7c:f4:c6:6d:d9:05:72:3d Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:19:54:97:73:e7:df:9b:5e:d4:70:3e:cb: 06:8a:81:5f:5c:33:1c:b0:02:15:00:a9:e4:81:a6:68: b2:49:d4:0d:d2:32:b3:f0:ca:7c:ba:6e:71:71:82 Fingerprint (SHA-256): 0A:9C:14:4C:F8:5C:DD:CC:70:07:F9:08:F2:CF:08:3F:E5:7E:61:CA:57:77:20:72:56:A1:26:01:AC:DA:83:14 Fingerprint (SHA1): D3:E5:7A:0E:18:3A:B9:2A:50:A3:D5:90:D4:78:D5:D4:5D:0E:52:40 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #4557: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4558: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4559: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4560: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #4561: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4562: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4563: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4564: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4565: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4566: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4567: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4568: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #4569: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4570: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4571: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4572: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #4573: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4574: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4575: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4576: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4577: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4578: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4579: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4580: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #4581: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4582: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4583: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4584: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518220408Z nextupdate=20160518220408Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:04:08 2015 Next Update: Wed May 18 22:04:08 2016 CRL Extensions: chains.sh: #4585: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518220408Z nextupdate=20160518220408Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:04:08 2015 Next Update: Wed May 18 22:04:08 2016 CRL Extensions: chains.sh: #4586: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518220409Z nextupdate=20160518220409Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:04:09 2015 Next Update: Wed May 18 22:04:09 2016 CRL Extensions: chains.sh: #4587: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518220410Z nextupdate=20160518220410Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:04:10 2015 Next Update: Wed May 18 22:04:10 2016 CRL Extensions: chains.sh: #4588: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518220411Z addcert 14 20150518220411Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:04:11 2015 Next Update: Wed May 18 22:04:09 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 22:04:11 2015 CRL Extensions: chains.sh: #4589: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518220412Z addcert 15 20150518220412Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:04:12 2015 Next Update: Wed May 18 22:04:08 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 22:04:12 2015 CRL Extensions: chains.sh: #4590: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4591: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4592: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #4593: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #4594: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #4595: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #4596: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #4597: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #4598: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #4599: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:48 2015 Not After : Mon May 18 22:03:48 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:42:7b:97:82:01:97:68:82:f0:98:1b:8b:a9:05:0f: b0:a2:c6:07:52:30:28:9e:c0:6e:ab:af:f0:0b:8b:f3: 0f:9f:a4:e7:68:ad:2f:84:00:f9:a1:f7:21:33:e8:f1: 24:9f:38:f9:9a:aa:cf:a4:96:e3:d1:d1:61:e8:c1:2c: f3:86:ca:c6:6d:21:ae:da:d8:9e:05:e8:c4:dd:c8:2a: 9f:7a:e1:25:6d:39:7d:49:65:66:2d:af:8d:e7:c8:de: fd:29:cb:eb:e2:73:e6:8a:52:94:a1:a3:fb:4d:ca:e2: dd:f7:0f:1a:f5:5e:37:c5:c2:a2:67:16:90:c1:99:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 11:f8:71:08:3d:d8:4d:12:67:62:85:09:47:54:dc:99: 36:ec:c5:c2:a6:6d:24:19:68:5c:5c:b9:3c:36:65:4c: 29:d5:33:3c:d3:6e:4b:69:93:8d:7d:4f:bb:bc:c7:06: 87:d6:7f:c9:f4:65:de:fb:62:72:81:74:d9:d1:73:0f: e6:14:40:4f:25:51:ad:7c:8d:51:10:05:87:aa:32:17: 70:92:fc:8d:39:d4:f2:03:37:86:c1:8c:57:11:ae:44: 01:ec:b5:fe:3e:8a:b6:24:1c:dd:19:fc:30:07:c3:58: ea:8b:26:9f:5f:18:78:31:24:ec:c9:09:54:27:9d:15 Fingerprint (SHA-256): 73:8D:F2:12:27:4D:83:DB:7A:B5:93:EB:D6:B6:58:6F:2D:87:70:C8:A7:F6:3A:03:44:72:1C:A9:B8:29:4D:82 Fingerprint (SHA1): 02:68:D5:83:02:CA:B1:AD:BC:38:9D:42:F6:F0:0D:AB:24:52:EB:B4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4600: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4601: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:03:48 2015 Not After : Mon May 18 22:03:48 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:42:7b:97:82:01:97:68:82:f0:98:1b:8b:a9:05:0f: b0:a2:c6:07:52:30:28:9e:c0:6e:ab:af:f0:0b:8b:f3: 0f:9f:a4:e7:68:ad:2f:84:00:f9:a1:f7:21:33:e8:f1: 24:9f:38:f9:9a:aa:cf:a4:96:e3:d1:d1:61:e8:c1:2c: f3:86:ca:c6:6d:21:ae:da:d8:9e:05:e8:c4:dd:c8:2a: 9f:7a:e1:25:6d:39:7d:49:65:66:2d:af:8d:e7:c8:de: fd:29:cb:eb:e2:73:e6:8a:52:94:a1:a3:fb:4d:ca:e2: dd:f7:0f:1a:f5:5e:37:c5:c2:a2:67:16:90:c1:99:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 11:f8:71:08:3d:d8:4d:12:67:62:85:09:47:54:dc:99: 36:ec:c5:c2:a6:6d:24:19:68:5c:5c:b9:3c:36:65:4c: 29:d5:33:3c:d3:6e:4b:69:93:8d:7d:4f:bb:bc:c7:06: 87:d6:7f:c9:f4:65:de:fb:62:72:81:74:d9:d1:73:0f: e6:14:40:4f:25:51:ad:7c:8d:51:10:05:87:aa:32:17: 70:92:fc:8d:39:d4:f2:03:37:86:c1:8c:57:11:ae:44: 01:ec:b5:fe:3e:8a:b6:24:1c:dd:19:fc:30:07:c3:58: ea:8b:26:9f:5f:18:78:31:24:ec:c9:09:54:27:9d:15 Fingerprint (SHA-256): 73:8D:F2:12:27:4D:83:DB:7A:B5:93:EB:D6:B6:58:6F:2D:87:70:C8:A7:F6:3A:03:44:72:1C:A9:B8:29:4D:82 Fingerprint (SHA1): 02:68:D5:83:02:CA:B1:AD:BC:38:9D:42:F6:F0:0D:AB:24:52:EB:B4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4602: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4603: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4604: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174619 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4605: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4606: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #4607: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4608: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518174620 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4609: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4610: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4611: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174391.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4612: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174365.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4613: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4614: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #4615: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174391.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4616: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518174621 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4617: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4618: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4619: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174391.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4620: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174366.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4621: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4622: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #4623: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4624: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518174622 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4625: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4626: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4627: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174391.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4628: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174367.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4629: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4630: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4631: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518174391.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4632: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518174368.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4633: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4634: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518220445Z nextupdate=20160518220445Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:04:45 2015 Next Update: Wed May 18 22:04:45 2016 CRL Extensions: chains.sh: #4635: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518220446Z nextupdate=20160518220446Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:04:46 2015 Next Update: Wed May 18 22:04:46 2016 CRL Extensions: chains.sh: #4636: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518220446Z nextupdate=20160518220446Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:04:46 2015 Next Update: Wed May 18 22:04:46 2016 CRL Extensions: chains.sh: #4637: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518220447Z nextupdate=20160518220447Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:04:47 2015 Next Update: Wed May 18 22:04:47 2016 CRL Extensions: chains.sh: #4638: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518220448Z addcert 20 20150518220448Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:04:48 2015 Next Update: Wed May 18 22:04:46 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:04:48 2015 CRL Extensions: chains.sh: #4639: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518220449Z addcert 40 20150518220449Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:04:49 2015 Next Update: Wed May 18 22:04:46 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:04:48 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 22:04:49 2015 CRL Extensions: chains.sh: #4640: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4641: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4642: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #4643: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174619 (0x1ee2b79b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:04:22 2015 Not After : Mon May 18 22:04:22 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:2c:62:16:43:1f:e6:2a:b9:79:a4:98:b9:96:a0:c3: 59:28:f2:6e:7f:01:95:1e:2c:98:9a:58:ba:4b:45:df: aa:3c:ab:3c:26:a4:4d:4d:41:f4:6c:de:a2:e4:91:03: 9e:08:5e:1a:53:f5:f6:dd:b3:4c:38:c2:14:4c:a3:90: c1:d5:f4:6d:98:d3:fc:7f:f0:f1:14:33:f1:15:26:87: f3:9b:b3:a9:78:cc:72:3e:e0:02:ed:63:5f:58:a2:ca: fc:1e:d5:bc:92:8c:77:0b:94:2b:1d:c2:20:e1:41:38: d2:7f:8e:7e:82:ed:66:9d:fe:c1:7c:e3:6d:5a:9a:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1b:50:15:c3:f9:4f:2e:e6:b0:31:e1:36:69:da:1a:cf: 4f:6f:7f:73:0d:b7:83:bb:df:9b:a9:5b:d0:e3:3a:49: 60:42:6b:af:03:f1:4f:cb:2a:11:b4:7d:20:3f:39:d9: 58:38:aa:4d:bd:87:68:19:44:e0:92:ec:3c:d9:d2:bd: dd:aa:cf:92:86:bd:68:3a:83:50:8f:d3:6e:03:2c:a1: af:9b:fd:29:8c:f9:e0:44:b2:50:f2:83:ca:b8:82:d0: 06:55:21:bd:5f:60:2b:bf:31:0a:8e:af:ce:da:a4:fe: 30:60:a3:d8:82:8f:19:07:7a:6b:7e:15:4c:bb:49:1f Fingerprint (SHA-256): EA:A3:C1:0A:DA:62:44:02:23:B3:64:EE:61:23:B5:7C:28:63:25:9A:8C:AB:F7:AE:F0:EC:C5:74:65:8B:E8:49 Fingerprint (SHA1): D6:BF:73:0F:CA:E3:78:69:A8:AC:D0:78:A9:7F:4E:ED:70:1F:85:16 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4644: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4645: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174619 (0x1ee2b79b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:04:22 2015 Not After : Mon May 18 22:04:22 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ee:2c:62:16:43:1f:e6:2a:b9:79:a4:98:b9:96:a0:c3: 59:28:f2:6e:7f:01:95:1e:2c:98:9a:58:ba:4b:45:df: aa:3c:ab:3c:26:a4:4d:4d:41:f4:6c:de:a2:e4:91:03: 9e:08:5e:1a:53:f5:f6:dd:b3:4c:38:c2:14:4c:a3:90: c1:d5:f4:6d:98:d3:fc:7f:f0:f1:14:33:f1:15:26:87: f3:9b:b3:a9:78:cc:72:3e:e0:02:ed:63:5f:58:a2:ca: fc:1e:d5:bc:92:8c:77:0b:94:2b:1d:c2:20:e1:41:38: d2:7f:8e:7e:82:ed:66:9d:fe:c1:7c:e3:6d:5a:9a:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1b:50:15:c3:f9:4f:2e:e6:b0:31:e1:36:69:da:1a:cf: 4f:6f:7f:73:0d:b7:83:bb:df:9b:a9:5b:d0:e3:3a:49: 60:42:6b:af:03:f1:4f:cb:2a:11:b4:7d:20:3f:39:d9: 58:38:aa:4d:bd:87:68:19:44:e0:92:ec:3c:d9:d2:bd: dd:aa:cf:92:86:bd:68:3a:83:50:8f:d3:6e:03:2c:a1: af:9b:fd:29:8c:f9:e0:44:b2:50:f2:83:ca:b8:82:d0: 06:55:21:bd:5f:60:2b:bf:31:0a:8e:af:ce:da:a4:fe: 30:60:a3:d8:82:8f:19:07:7a:6b:7e:15:4c:bb:49:1f Fingerprint (SHA-256): EA:A3:C1:0A:DA:62:44:02:23:B3:64:EE:61:23:B5:7C:28:63:25:9A:8C:AB:F7:AE:F0:EC:C5:74:65:8B:E8:49 Fingerprint (SHA1): D6:BF:73:0F:CA:E3:78:69:A8:AC:D0:78:A9:7F:4E:ED:70:1F:85:16 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4646: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4647: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4648: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174623 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4649: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4650: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4651: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4652: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518174624 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4653: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4654: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4655: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4656: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518174625 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4657: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4658: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4659: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4660: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518174626 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4661: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4662: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #4663: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 518174627 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4664: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #4665: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #4666: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4667: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518174628 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4668: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4669: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4670: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4671: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518174629 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4672: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4673: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #4674: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #4675: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #4676: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174623 (0x1ee2b79f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:04:56 2015 Not After : Mon May 18 22:04:56 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:cf:b6:b4:1d:20:e4:66:64:23:c2:a6:c9:3b:88:c9: 91:ec:63:3c:de:e7:74:db:a8:19:8c:81:23:af:73:83: 05:43:21:47:63:d0:86:e7:38:50:4c:66:78:f8:8b:48: 26:b8:51:a6:76:f2:53:61:44:87:dd:b2:7c:40:e7:7a: 3b:c0:34:e7:4f:93:4c:cc:37:e3:c0:72:56:f6:5b:cb: 97:02:f3:bc:52:9f:ad:49:32:c4:51:0b:44:15:68:56: 94:3a:e0:bf:82:06:55:cc:04:24:43:8a:ab:c1:19:b2: 3c:cb:cc:6b:17:6a:64:e5:ac:f1:18:e9:24:19:a2:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:ef:f3:c5:24:4c:70:c5:c9:08:87:e3:fd:87:54:b5: 01:12:3e:98:f5:17:6c:76:3a:00:e6:75:c5:9b:0a:3c: d0:b3:d2:36:35:0e:1b:44:a6:6f:30:93:fd:f7:46:ce: 0f:af:86:46:bf:97:87:f7:7c:59:cc:51:15:db:65:71: c7:99:4f:67:c7:7e:ea:6d:40:16:b8:91:d3:95:d2:82: 90:ed:cb:a3:ad:1e:be:30:47:ac:a9:02:8c:c3:3e:1d: df:9a:63:82:c0:33:8e:ce:52:c4:a1:26:bd:fb:ee:17: 82:49:4b:35:5c:fa:ae:86:52:d2:42:f6:c8:de:08:e3 Fingerprint (SHA-256): 6B:18:C5:56:75:A7:85:8F:76:D5:C9:D2:95:3F:B5:DD:05:1D:2D:9F:D9:8F:4E:7F:6C:1C:F6:A0:67:E7:9B:33 Fingerprint (SHA1): C3:D0:DD:06:96:F6:67:52:D0:90:A1:B3:7A:55:7E:58:5C:96:A7:99 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4677: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174625 (0x1ee2b7a1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:05:02 2015 Not After : Mon May 18 22:05:02 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e1:dc:28:6e:3e:18:15:d4:ac:34:c5:d0:05:3f:f4:32: 92:98:77:9b:c9:9d:e4:e8:c6:6b:81:a3:c1:36:34:9b: c2:d6:26:9f:b6:10:d3:aa:5f:1f:71:ea:d7:b3:fe:cd: 89:75:15:d0:a8:af:d7:3b:05:8c:27:8a:a2:c7:79:7e: cf:6f:f1:f1:71:39:d6:2c:e1:70:a3:a2:5d:a4:c8:ed: cd:22:7e:3d:d1:d8:2c:41:41:44:a0:5a:9d:c2:b8:d4: 71:e7:30:32:bd:b3:4f:2d:d1:29:53:fa:48:e7:04:80: eb:29:68:82:f5:dd:f2:39:9f:d1:16:e2:68:01:88:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b1:3e:1b:e7:74:52:c1:6d:3a:8a:69:56:ac:6f:67:8d: 40:60:07:7f:d0:c4:e6:21:6f:de:93:5d:9c:67:62:27: ea:a5:c2:b3:38:9c:62:60:b6:5b:fc:b9:f3:20:81:7d: 77:71:db:cf:78:8c:32:91:16:af:8b:f9:4f:50:2c:52: d8:03:2e:5f:50:2d:2b:49:3d:68:b8:0e:3e:4b:b2:ea: a8:72:6a:ab:71:f3:bb:99:b3:99:9d:b3:b7:dc:b8:ba: f4:17:bb:91:7e:a8:2f:6e:0a:2d:89:32:65:fc:b4:9f: 41:40:b6:6e:c0:b1:a8:f6:7e:91:a3:65:8c:67:b4:88 Fingerprint (SHA-256): 04:C8:29:B7:2F:E2:BC:BE:85:9A:6C:E1:CA:96:9D:26:58:66:06:E7:11:96:E9:20:6F:0B:61:60:DA:F2:39:B9 Fingerprint (SHA1): 31:1A:D0:01:38:DF:0F:FA:62:A0:DF:DF:D1:BC:62:D7:81:E7:C6:00 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #4678: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174623 (0x1ee2b79f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:04:56 2015 Not After : Mon May 18 22:04:56 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:cf:b6:b4:1d:20:e4:66:64:23:c2:a6:c9:3b:88:c9: 91:ec:63:3c:de:e7:74:db:a8:19:8c:81:23:af:73:83: 05:43:21:47:63:d0:86:e7:38:50:4c:66:78:f8:8b:48: 26:b8:51:a6:76:f2:53:61:44:87:dd:b2:7c:40:e7:7a: 3b:c0:34:e7:4f:93:4c:cc:37:e3:c0:72:56:f6:5b:cb: 97:02:f3:bc:52:9f:ad:49:32:c4:51:0b:44:15:68:56: 94:3a:e0:bf:82:06:55:cc:04:24:43:8a:ab:c1:19:b2: 3c:cb:cc:6b:17:6a:64:e5:ac:f1:18:e9:24:19:a2:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:ef:f3:c5:24:4c:70:c5:c9:08:87:e3:fd:87:54:b5: 01:12:3e:98:f5:17:6c:76:3a:00:e6:75:c5:9b:0a:3c: d0:b3:d2:36:35:0e:1b:44:a6:6f:30:93:fd:f7:46:ce: 0f:af:86:46:bf:97:87:f7:7c:59:cc:51:15:db:65:71: c7:99:4f:67:c7:7e:ea:6d:40:16:b8:91:d3:95:d2:82: 90:ed:cb:a3:ad:1e:be:30:47:ac:a9:02:8c:c3:3e:1d: df:9a:63:82:c0:33:8e:ce:52:c4:a1:26:bd:fb:ee:17: 82:49:4b:35:5c:fa:ae:86:52:d2:42:f6:c8:de:08:e3 Fingerprint (SHA-256): 6B:18:C5:56:75:A7:85:8F:76:D5:C9:D2:95:3F:B5:DD:05:1D:2D:9F:D9:8F:4E:7F:6C:1C:F6:A0:67:E7:9B:33 Fingerprint (SHA1): C3:D0:DD:06:96:F6:67:52:D0:90:A1:B3:7A:55:7E:58:5C:96:A7:99 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4679: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #4680: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174623 (0x1ee2b79f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:04:56 2015 Not After : Mon May 18 22:04:56 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:cf:b6:b4:1d:20:e4:66:64:23:c2:a6:c9:3b:88:c9: 91:ec:63:3c:de:e7:74:db:a8:19:8c:81:23:af:73:83: 05:43:21:47:63:d0:86:e7:38:50:4c:66:78:f8:8b:48: 26:b8:51:a6:76:f2:53:61:44:87:dd:b2:7c:40:e7:7a: 3b:c0:34:e7:4f:93:4c:cc:37:e3:c0:72:56:f6:5b:cb: 97:02:f3:bc:52:9f:ad:49:32:c4:51:0b:44:15:68:56: 94:3a:e0:bf:82:06:55:cc:04:24:43:8a:ab:c1:19:b2: 3c:cb:cc:6b:17:6a:64:e5:ac:f1:18:e9:24:19:a2:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:ef:f3:c5:24:4c:70:c5:c9:08:87:e3:fd:87:54:b5: 01:12:3e:98:f5:17:6c:76:3a:00:e6:75:c5:9b:0a:3c: d0:b3:d2:36:35:0e:1b:44:a6:6f:30:93:fd:f7:46:ce: 0f:af:86:46:bf:97:87:f7:7c:59:cc:51:15:db:65:71: c7:99:4f:67:c7:7e:ea:6d:40:16:b8:91:d3:95:d2:82: 90:ed:cb:a3:ad:1e:be:30:47:ac:a9:02:8c:c3:3e:1d: df:9a:63:82:c0:33:8e:ce:52:c4:a1:26:bd:fb:ee:17: 82:49:4b:35:5c:fa:ae:86:52:d2:42:f6:c8:de:08:e3 Fingerprint (SHA-256): 6B:18:C5:56:75:A7:85:8F:76:D5:C9:D2:95:3F:B5:DD:05:1D:2D:9F:D9:8F:4E:7F:6C:1C:F6:A0:67:E7:9B:33 Fingerprint (SHA1): C3:D0:DD:06:96:F6:67:52:D0:90:A1:B3:7A:55:7E:58:5C:96:A7:99 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4681: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174625 (0x1ee2b7a1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:05:02 2015 Not After : Mon May 18 22:05:02 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e1:dc:28:6e:3e:18:15:d4:ac:34:c5:d0:05:3f:f4:32: 92:98:77:9b:c9:9d:e4:e8:c6:6b:81:a3:c1:36:34:9b: c2:d6:26:9f:b6:10:d3:aa:5f:1f:71:ea:d7:b3:fe:cd: 89:75:15:d0:a8:af:d7:3b:05:8c:27:8a:a2:c7:79:7e: cf:6f:f1:f1:71:39:d6:2c:e1:70:a3:a2:5d:a4:c8:ed: cd:22:7e:3d:d1:d8:2c:41:41:44:a0:5a:9d:c2:b8:d4: 71:e7:30:32:bd:b3:4f:2d:d1:29:53:fa:48:e7:04:80: eb:29:68:82:f5:dd:f2:39:9f:d1:16:e2:68:01:88:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b1:3e:1b:e7:74:52:c1:6d:3a:8a:69:56:ac:6f:67:8d: 40:60:07:7f:d0:c4:e6:21:6f:de:93:5d:9c:67:62:27: ea:a5:c2:b3:38:9c:62:60:b6:5b:fc:b9:f3:20:81:7d: 77:71:db:cf:78:8c:32:91:16:af:8b:f9:4f:50:2c:52: d8:03:2e:5f:50:2d:2b:49:3d:68:b8:0e:3e:4b:b2:ea: a8:72:6a:ab:71:f3:bb:99:b3:99:9d:b3:b7:dc:b8:ba: f4:17:bb:91:7e:a8:2f:6e:0a:2d:89:32:65:fc:b4:9f: 41:40:b6:6e:c0:b1:a8:f6:7e:91:a3:65:8c:67:b4:88 Fingerprint (SHA-256): 04:C8:29:B7:2F:E2:BC:BE:85:9A:6C:E1:CA:96:9D:26:58:66:06:E7:11:96:E9:20:6F:0B:61:60:DA:F2:39:B9 Fingerprint (SHA1): 31:1A:D0:01:38:DF:0F:FA:62:A0:DF:DF:D1:BC:62:D7:81:E7:C6:00 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #4682: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #4683: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #4684: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #4685: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174623 (0x1ee2b79f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:04:56 2015 Not After : Mon May 18 22:04:56 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:cf:b6:b4:1d:20:e4:66:64:23:c2:a6:c9:3b:88:c9: 91:ec:63:3c:de:e7:74:db:a8:19:8c:81:23:af:73:83: 05:43:21:47:63:d0:86:e7:38:50:4c:66:78:f8:8b:48: 26:b8:51:a6:76:f2:53:61:44:87:dd:b2:7c:40:e7:7a: 3b:c0:34:e7:4f:93:4c:cc:37:e3:c0:72:56:f6:5b:cb: 97:02:f3:bc:52:9f:ad:49:32:c4:51:0b:44:15:68:56: 94:3a:e0:bf:82:06:55:cc:04:24:43:8a:ab:c1:19:b2: 3c:cb:cc:6b:17:6a:64:e5:ac:f1:18:e9:24:19:a2:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:ef:f3:c5:24:4c:70:c5:c9:08:87:e3:fd:87:54:b5: 01:12:3e:98:f5:17:6c:76:3a:00:e6:75:c5:9b:0a:3c: d0:b3:d2:36:35:0e:1b:44:a6:6f:30:93:fd:f7:46:ce: 0f:af:86:46:bf:97:87:f7:7c:59:cc:51:15:db:65:71: c7:99:4f:67:c7:7e:ea:6d:40:16:b8:91:d3:95:d2:82: 90:ed:cb:a3:ad:1e:be:30:47:ac:a9:02:8c:c3:3e:1d: df:9a:63:82:c0:33:8e:ce:52:c4:a1:26:bd:fb:ee:17: 82:49:4b:35:5c:fa:ae:86:52:d2:42:f6:c8:de:08:e3 Fingerprint (SHA-256): 6B:18:C5:56:75:A7:85:8F:76:D5:C9:D2:95:3F:B5:DD:05:1D:2D:9F:D9:8F:4E:7F:6C:1C:F6:A0:67:E7:9B:33 Fingerprint (SHA1): C3:D0:DD:06:96:F6:67:52:D0:90:A1:B3:7A:55:7E:58:5C:96:A7:99 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4686: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174627 (0x1ee2b7a3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:05:08 2015 Not After : Mon May 18 22:05:08 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:8c:ca:d6:f5:4e:d9:8e:11:c1:7e:2e:da:15:a9:26: 27:01:78:d0:88:16:da:fb:7b:8d:a6:24:81:42:7e:7e: c0:bc:09:83:14:b3:e0:4e:ed:c2:2f:29:13:7d:8a:75: 70:22:23:91:70:da:97:64:35:4a:6d:9c:fe:e1:e7:15: 1d:7d:3a:d7:55:21:13:ff:3d:9a:6b:fc:68:e2:94:aa: ce:e0:f9:20:ff:44:3e:f9:71:39:39:3e:d1:87:71:d3: 85:00:0d:45:df:3e:e6:e2:68:48:c2:a7:c7:08:45:0f: 7e:2f:9f:12:5b:4f:59:75:ba:a1:16:c4:ea:8d:03:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a4:d7:a8:d0:23:03:b6:db:9c:5a:60:29:52:06:c8:d5: 3b:27:3f:b8:08:6e:ec:68:e6:17:6c:d1:f3:c8:51:5e: 6e:fe:33:b3:e6:4d:0e:fc:85:2e:19:1d:e8:9f:36:32: 2e:e6:8a:94:3c:63:0e:ef:fc:bc:47:b3:be:b7:51:72: 5a:d2:d4:ef:41:01:e5:1e:12:b6:d1:38:f8:2d:49:ad: 31:b3:3d:51:a9:58:dc:4e:42:ab:30:49:79:cd:a1:6b: 6c:10:81:e0:b8:fd:b2:a0:49:15:83:20:7a:08:17:f7: f9:ef:9b:12:7a:f7:88:20:6d:89:81:24:8d:19:32:fb Fingerprint (SHA-256): 29:B1:00:0E:1B:47:EB:2C:2C:D0:31:3C:B5:C3:D1:48:F4:23:CA:2D:7E:75:3E:A5:B4:38:82:4C:4C:F1:A1:65 Fingerprint (SHA1): F6:37:4F:A6:16:85:5D:23:5F:60:15:72:C7:1C:09:35:6D:FB:1E:3F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #4687: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174623 (0x1ee2b79f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:04:56 2015 Not After : Mon May 18 22:04:56 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:cf:b6:b4:1d:20:e4:66:64:23:c2:a6:c9:3b:88:c9: 91:ec:63:3c:de:e7:74:db:a8:19:8c:81:23:af:73:83: 05:43:21:47:63:d0:86:e7:38:50:4c:66:78:f8:8b:48: 26:b8:51:a6:76:f2:53:61:44:87:dd:b2:7c:40:e7:7a: 3b:c0:34:e7:4f:93:4c:cc:37:e3:c0:72:56:f6:5b:cb: 97:02:f3:bc:52:9f:ad:49:32:c4:51:0b:44:15:68:56: 94:3a:e0:bf:82:06:55:cc:04:24:43:8a:ab:c1:19:b2: 3c:cb:cc:6b:17:6a:64:e5:ac:f1:18:e9:24:19:a2:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:ef:f3:c5:24:4c:70:c5:c9:08:87:e3:fd:87:54:b5: 01:12:3e:98:f5:17:6c:76:3a:00:e6:75:c5:9b:0a:3c: d0:b3:d2:36:35:0e:1b:44:a6:6f:30:93:fd:f7:46:ce: 0f:af:86:46:bf:97:87:f7:7c:59:cc:51:15:db:65:71: c7:99:4f:67:c7:7e:ea:6d:40:16:b8:91:d3:95:d2:82: 90:ed:cb:a3:ad:1e:be:30:47:ac:a9:02:8c:c3:3e:1d: df:9a:63:82:c0:33:8e:ce:52:c4:a1:26:bd:fb:ee:17: 82:49:4b:35:5c:fa:ae:86:52:d2:42:f6:c8:de:08:e3 Fingerprint (SHA-256): 6B:18:C5:56:75:A7:85:8F:76:D5:C9:D2:95:3F:B5:DD:05:1D:2D:9F:D9:8F:4E:7F:6C:1C:F6:A0:67:E7:9B:33 Fingerprint (SHA1): C3:D0:DD:06:96:F6:67:52:D0:90:A1:B3:7A:55:7E:58:5C:96:A7:99 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4688: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #4689: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #4690: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #4691: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #4692: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #4693: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518174628 (0x1ee2b7a4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:05:11 2015 Not After : Mon May 18 22:05:11 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f8:ba:f1:86:d1:34:64:1a:ea:32:69:c4:14:77:47:b6: 1e:26:b1:40:bb:b4:4a:29:e6:82:9e:83:d7:0e:a3:39: 89:64:f3:8e:67:2f:d6:58:2f:49:71:01:ea:54:81:91: cb:75:f9:f1:3c:49:a9:22:2f:5d:6b:f5:50:c5:34:b9: b6:bf:07:2d:aa:ad:66:3f:89:f4:e1:42:94:e4:5f:73: b6:e6:7e:7f:67:4b:15:7e:35:75:09:c4:41:b6:06:c7: 9f:39:77:65:e4:bb:20:8b:94:12:b8:7c:48:41:6d:ff: 77:27:79:57:f4:54:18:1a:c5:6c:d0:e0:0a:a6:59:57 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1f:63:60:42:d4:b1:31:dd:31:f7:c5:2e:68:44:6a:eb: 5d:e5:fd:72:74:07:d5:7c:bd:a4:1d:e8:67:c5:a5:b8: 5e:ac:96:62:d9:57:65:1b:58:ec:f1:a3:31:94:c5:2e: 18:62:6e:1d:3e:e1:ea:98:09:78:95:08:cc:fe:f5:32: 95:b1:97:f3:42:0d:d0:da:8f:a2:63:52:6f:c3:eb:ef: 32:7b:d5:90:86:7d:12:74:2b:58:bc:3d:e5:01:98:c5: 58:49:7f:2a:7e:ca:89:23:ad:e1:2c:71:73:96:89:bc: 23:81:9d:8f:f1:0d:d8:c2:22:f9:b8:47:3d:d0:d9:fa Fingerprint (SHA-256): 00:F9:16:E8:F3:FF:A2:4C:8A:D0:7F:7C:F9:D7:8B:C3:36:46:59:E6:6A:E5:C8:F6:65:94:A5:9F:B7:42:97:68 Fingerprint (SHA1): 40:A5:8E:A6:14:32:1F:A3:2E:ED:BB:85:2E:A5:AD:27:42:D4:D2:C1 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #4694: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #4695: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #4696: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #4697: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #4698: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4699: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4700: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #4701: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4702: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4703: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #4704: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4705: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4706: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4707: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4708: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4709: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4710: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4711: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4712: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #4713: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4714: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #4715: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4716: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #4717: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 25742 at Mon May 18 18:05:43 EDT 2015 kill -USR1 25742 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 25742 killed at Mon May 18 18:05:43 EDT 2015 TIMESTAMP chains END: Mon May 18 18:05:43 EDT 2015 chains.sh: Testing with upgraded library =============================== cp: cannot stat '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert.done': No such file or directory Running tests for dbupgrade TIMESTAMP dbupgrade BEGIN: Mon May 18 18:05:44 EDT 2015 dbupgrade.sh: DB upgrade tests =============================== Reset databases to their initial values: certutil: could not find certificate named "objsigner": SEC_ERROR_BAD_DATABASE: security library: bad database. Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu dbupgrade.sh: Legacy to shared Library update =============================== alicedir upgrading db alicedir Generating key. This may take a few moments... dbupgrade.sh: #4718: Upgrading alicedir - PASSED bobdir upgrading db bobdir Generating key. This may take a few moments... dbupgrade.sh: #4719: Upgrading bobdir - PASSED CA upgrading db CA Generating key. This may take a few moments... dbupgrade.sh: #4720: Upgrading CA - PASSED cert_extensions upgrading db cert_extensions Generating key. This may take a few moments... dbupgrade.sh: #4721: Upgrading cert_extensions - PASSED client upgrading db client Generating key. This may take a few moments... dbupgrade.sh: #4722: Upgrading client - PASSED clientCA upgrading db clientCA Generating key. This may take a few moments... dbupgrade.sh: #4723: Upgrading clientCA - PASSED dave upgrading db dave Generating key. This may take a few moments... dbupgrade.sh: #4724: Upgrading dave - PASSED eccurves upgrading db eccurves Generating key. This may take a few moments... dbupgrade.sh: #4725: Upgrading eccurves - PASSED eve upgrading db eve Generating key. This may take a few moments... dbupgrade.sh: #4726: Upgrading eve - PASSED ext_client upgrading db ext_client Generating key. This may take a few moments... dbupgrade.sh: #4727: Upgrading ext_client - PASSED ext_server upgrading db ext_server Generating key. This may take a few moments... dbupgrade.sh: #4728: Upgrading ext_server - PASSED SDR upgrading db SDR Generating key. This may take a few moments... dbupgrade.sh: #4729: Upgrading SDR - PASSED server upgrading db server Generating key. This may take a few moments... dbupgrade.sh: #4730: Upgrading server - PASSED serverCA upgrading db serverCA Generating key. This may take a few moments... dbupgrade.sh: #4731: Upgrading serverCA - PASSED stapling upgrading db stapling Generating key. This may take a few moments... dbupgrade.sh: #4732: Upgrading stapling - PASSED tools/copydir skipping db tools/copydir dbupgrade.sh: #4733: No directory tools/copydir - PASSED upgrading db fips Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. dbupgrade.sh: #4734: Upgrading fips - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu TIMESTAMP dbupgrade END: Mon May 18 18:06:20 EDT 2015 Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 18:06:20 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 18:06:20 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 18:06:20 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4735: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d4:5b:21:ac:e1:a5:87:12:44:c8:9e:22:15:83:6d:bf Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4736: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4737: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4738: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4739: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 78:32:2e:5e:cc:a6:8f:ff:ec:7d:96:84:ec:c4:35:eb Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:06:55 2015 Not After : Mon May 18 21:06:55 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:aa:05:72:a6:d6:4b:42:a8:7b:06:cd:0f:94:4e: ec:c4:4f:ae:ee:d3:be:cc:18:86:be:32:d2:7e:22:11: d8:39:51:21:31:62:40:f9:88:7c:67:3d:14:0e:24:30: 39:38:84:75:98:d4:a0:a9:7f:f0:b3:d8:ec:c3:b2:07: 56:e8:be:00:28:f5:3b:c9:5f:b8:c1:2e:20:a2:12:68: f6:a5:2d:ab:c9:2e:0c:a2:2a:b6:c7:2f:07:0b:7e:5f: 9c:c5:8b:f2:f7:e2:48:dd:ba:80:b1:59:98:67:23:c1: 8b:22:61:0f:ab:bf:ec:2e:22:e1:09:d9:b0:1f:b0:9f: 4e:65:88:83:44 Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:41:68:8b:8d:40:fc:fc:7a:7c:3a:e5:d2: 0e:34:0a:ec:ba:17:05:fc:86:44:e5:cf:50:fa:e6:b5: 4b:19:0b:9d:24:a0:7d:1a:47:d3:54:4e:96:36:51:6a: 73:69:95:ea:b2:cb:76:f4:97:c3:15:79:ec:27:0a:01: 7d:58:d1:79:a1:2b:02:42:00:a2:51:43:27:a7:5a:d1: fb:14:68:d0:28:26:07:2f:ea:67:82:6d:0b:82:a8:20: 01:b9:16:49:21:da:83:99:9d:7e:b6:a8:e2:15:ca:4c: 25:b6:56:03:f5:23:24:b9:24:e5:c1:0c:a5:97:64:1e: c8:19:6e:f3:71:29:69:3c:e3:e1 Fingerprint (SHA-256): E2:55:92:96:9D:0D:DE:44:5B:AF:45:4D:5B:2D:1C:81:B2:00:00:86:A6:CC:0A:F1:F7:40:82:CA:3D:B4:29:E8 Fingerprint (SHA1): 37:67:7F:CA:B4:C3:77:BB:C3:50:ED:0B:A6:34:35:08:D9:D4:BA:DB Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 21:07:56 2015 Not After : Mon May 18 21:07:56 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:72:36:24:7b:fd:d9:37:e6:47:8c:b2:80:96:87:3a: 89:74:22:97:f5:7e:42:a2:2a:4a:bd:f8:f4:04:72:ba: 00:c1:cc:43:18:fd:36:84:4f:04:ea:28:7d:35:58:59: 9c:c5:7c:b4:05:89:0e:e0:a6:6e:bf:05:41:62:e7:20: 5a:b8:f9:ca:81:19:b8:6d:cc:a2:52:fb:1c:18:50:28: 6c:6a:72:ee:84:1a:7b:d1:d4:19:01:b7:63:67:53:b1: dc Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:16:00:cc:52:33:d1:0c:aa:56:05: 35:1f:79:39:7c:78:3f:d9:58:07:56:aa:a4:8d:2f:b9: 37:22:01:e6:99:26:e0:e3:89:6f:06:93:4a:b5:56:58: 33:a2:1f:18:31:9f:fc:08:d3:14:d9:82:3a:ea:d5:8f: 1f:3d:d9:62:d2:ce:f2:02:42:01:ee:16:1f:34:08:65: a9:02:59:a4:61:77:8b:e0:36:b0:c1:a6:64:81:65:d3: 7f:e2:87:25:fb:5e:e0:29:c9:24:1e:cf:16:27:e6:7c: a4:70:07:46:6d:9f:5a:34:26:83:91:84:5a:0f:f8:0f: 0a:ac:fe:41:cd:b6:cc:94:32:29:72 Fingerprint (SHA-256): 7D:C3:E0:C5:CC:BB:CA:D5:11:BA:A1:2C:44:70:61:1C:52:AE:E8:27:2B:46:FD:6A:EB:62:ED:DF:D6:A4:DC:68 Fingerprint (SHA1): 63:31:D8:95:E6:FB:72:CD:A5:20:DC:0D:9D:BD:F3:EA:F8:C3:AE:17 Friendly Name: Alice-ec tools.sh: #4740: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4741: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 07:93:40:fb:1b:d9:dd:3e:39:f8:88:a4:3f:f4:1a:68 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4742: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4743: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4744: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 47:58:aa:4f:4b:71:b0:73:1f:e4:1c:2c:cd:a8:fb:d3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4745: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4746: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4747: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 66:59:92:fe:46:b2:65:f7:a5:7f:a1:c7:99:7e:9b:a5 Iteration Count: 2000 (0x7d0) tools.sh: #4748: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4749: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4750: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 60:6e:8a:e6:a8:6d:88:87:9a:68:83:6d:99:b2:a6:63 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4751: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4752: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4753: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6c:39:b1:ed:61:2f:4f:44:ab:92:61:a8:93:b9:2c:88 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4754: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4755: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4756: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 05:c5:df:75:de:66:8a:24:44:20:8e:ff:d2:1d:26:bf Iteration Count: 2000 (0x7d0) tools.sh: #4757: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4758: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4759: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 83:d8:66:03:92:6e:e6:6e:aa:a9:b9:96:d7:7c:9d:a6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:f8:51:c2:66:ae:c8:fd:b0:bd:7c:87:6d:ab:c3: c2:f1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4760: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4761: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4762: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 94:55:c6:45:16:38:86:69:b2:6b:06:17:54:1d:42:64 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:d0:b3:f1:b7:bd:ae:fc:52:35:51:7c:f5:05:1c: bb:cf Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4763: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4764: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4765: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 72:89:41:4c:72:a7:6e:34:c2:9c:53:9a:3f:e1:0c:0b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:da:8a:1c:46:5e:db:f0:d7:d7:59:20:4d:c2:67: 3b:03 tools.sh: #4766: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4767: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4768: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a8:77:a9:86:08:ab:f3:ef:19:43:19:d9:ea:13:47:3f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:a0:f1:41:a3:a1:bc:69:6f:e8:3b:da:4b:3b:fa: 84:75 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4769: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4770: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4771: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 1b:78:8b:94:3c:ef:87:2f:7b:1c:a6:ae:25:56:1d:4d Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:a2:c2:24:c1:61:4a:76:29:58:7c:0f:26:05:3a: ed:f0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4772: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4773: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4774: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ea:6e:b3:04:4b:e3:dd:41:59:c1:53:39:c3:0c:aa:05 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:fd:0a:22:93:5a:7c:4a:6e:ac:45:1c:7e:99:91: fb:37 tools.sh: #4775: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4776: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4777: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 21:f8:cb:7f:71:30:a1:3c:8a:eb:a3:9e:00:d4:90:5a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:4e:6f:bd:4a:c5:85:ff:d8:86:0e:27:b8:4f:be: 27:36 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4778: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4779: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4780: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b9:5a:47:ea:0d:45:75:8c:1c:7b:f4:83:bd:9c:5a:fb Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:a6:61:f1:0a:80:b8:77:62:81:bf:86:c5:33:4e: ef:c2 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4781: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4782: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4783: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 2f:15:00:ba:60:e6:36:83:ee:ac:79:6a:ec:b6:79:d5 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:e5:5c:f5:d8:e9:d5:b0:93:0c:0c:08:f6:6a:a6: ad:eb tools.sh: #4784: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4785: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4786: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 6d:f0:c7:ac:42:1f:db:86:83:ff:c6:e1:11:07:54:4c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:9e:9d:24:4a:be:04:95:06:66:b9:ba:d8:b2:4e: 32:f6 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4787: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4788: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4789: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ac:c7:ff:bb:07:52:8b:a2:dc:86:61:68:36:15:97:26 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:aa:89:33:b5:d6:56:40:f5:0d:1c:0c:e6:0b:53: aa:db Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4790: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4791: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4792: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 08:f7:a6:94:b8:0e:3d:7c:29:54:56:2a:b8:ab:7a:50 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:fe:10:62:1c:c8:d4:65:bf:9e:81:4d:df:a5:df: 0a:7b tools.sh: #4793: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4794: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4795: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: e3:f7:fe:bb:14:ab:2b:f4:fd:12:42:bc:e9:c2:f1:43 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:44:6c:5b:b0:1f:fd:50:ec:f0:6c:ee:92:34:13: c9:fd Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4796: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4797: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4798: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 98:04:a4:4e:90:35:98:4e:c8:00:9f:e6:62:02:ac:2f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:e3:1d:18:40:ae:3f:6e:3f:f6:d6:a4:76:2c:27: 6c:2c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4799: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4800: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4801: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 4a:02:cd:eb:50:40:0d:c3:31:36:23:85:04:46:64:8c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:24:15:29:cc:43:4c:52:fb:82:1e:38:9a:ac:d9: 7b:14 tools.sh: #4802: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4803: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4804: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 64:90:bf:78:28:6c:a7:46:bc:7b:f4:dd:55:f6:80:18 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:ec:eb:27:3b:93:9a:85:64:b1:55:4a:25:24:c6: 7e:79 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4805: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4806: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4807: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ba:e7:b0:06:d4:0b:e9:f9:1b:21:cc:4b:70:5b:cd:59 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:08:38:f1:7f:43:a8:ab:f9:7a:8c:d7:af:a3:42: 78:9f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4808: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4809: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4810: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: bb:ab:38:61:6c:75:af:b3:90:7b:ab:73:3a:5c:c4:88 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:b5:f1:f4:f3:62:35:ee:ec:09:56:a2:03:a2:ec: 89:45 tools.sh: #4811: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4812: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4813: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 55:07:ff:c1:10:b1:8c:78:a2:8b:18:62:6c:45:8c:d9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4814: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4815: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4816: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 87:4d:18:e2:04:14:f3:10:f6:8d:44:31:f5:96:76:1e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4817: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4818: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4819: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 49:fd:56:df:a9:c4:5b:eb:44:06:00:ab:31:92:f2:67 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4820: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4821: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4822: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 6f:19:1b:aa:9f:78:f0:3b:6c:34:e9:68:2c:d3:48:fc Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4823: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4824: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4825: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 8c:d2:e0:d4:23:b2:e8:7e:38:5c:a6:d1:76:93:9a:7f Iteration Count: 2000 (0x7d0) tools.sh: #4826: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4827: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4828: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 75:3e:55:a4:bb:2e:1b:c9:30:a2:bd:f6:2a:fe:f9:de Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4829: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4830: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4831: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: cf:1d:6d:b1:a5:9d:9a:1c:89:61:55:18:76:c6:04:a3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4832: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4833: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4834: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 9f:2a:95:16:28:2c:cc:8a:e3:bb:40:1b:04:b3:0a:52 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4835: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4836: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4837: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: fd:9f:21:0b:7a:07:72:63:4e:39:85:ab:52:2c:44:c2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4838: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4839: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4840: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 7b:6e:bf:31:5e:9d:a7:31:30:fd:75:f0:d6:1f:be:a6 Iteration Count: 2000 (0x7d0) tools.sh: #4841: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4842: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4843: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: f1:4e:ef:e5:be:1b:bb:b9:71:e0:c3:c4:a5:e2:be:ff Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4844: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4845: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4846: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: d3:4b:94:e0:94:e4:df:97:06:be:53:dc:91:dd:ce:28 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4847: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4848: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4849: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 74:45:ac:cc:b7:bb:a3:fb:30:38:2e:8e:7b:bd:11:c1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4850: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4851: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4852: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 09:5f:48:76:d9:d4:24:f4:4a:b0:86:24:d1:54:6b:43 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4853: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4854: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4855: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 06:66:ae:3f:27:84:4b:2e:95:3e:c6:e9:09:13:b1:28 Iteration Count: 2000 (0x7d0) tools.sh: #4856: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4857: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4858: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0a:d1:9c:ea:b1:18:d2:4c:40:3c:c2:95:10:1b:1b:da Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4859: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4860: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4861: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: e5:13:41:5a:d1:61:44:7e:4d:3c:7e:4b:ef:71:12:61 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4862: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4863: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4864: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d9:c9:9a:99:64:e9:c9:99:a2:56:38:29:19:d4:e9:34 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4865: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4866: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4867: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 97:11:72:95:23:c1:d2:8b:51:26:eb:3d:21:39:15:db Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4868: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4869: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4870: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d0:72:bc:06:11:90:6b:93:cb:59:f6:5b:40:c0:0d:91 Iteration Count: 2000 (0x7d0) tools.sh: #4871: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4872: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4873: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ea:8a:67:f2:90:b0:2c:d2:96:13:52:9e:55:a6:d5:ea Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4874: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4875: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4876: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ad:d4:1a:33:e0:5c:1d:0d:7c:9c:a8:bd:86:77:7a:0b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4877: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4878: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4879: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a5:0d:23:88:6f:e7:c9:8e:78:69:e0:83:28:21:9a:4c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4880: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4881: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4882: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 01:36:46:a9:ef:64:e8:c2:f0:c6:a8:e7:5b:f3:63:7d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4883: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4884: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4885: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: eb:68:78:d2:04:57:b6:c5:7d:ac:28:c0:31:de:f9:8b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4886: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4887: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4888: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: bb:6d:04:53:c0:45:d5:de:77:1b:be:c4:d2:ab:f8:21 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4889: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4890: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4891: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6a:01:c4:4c:d4:1b:84:bb:7f:4c:29:ee:73:eb:67:88 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4892: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4893: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4894: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 20:5a:70:91:20:0c:10:84:17:c1:a3:62:dd:3c:72:59 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4895: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4896: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4897: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 51:53:7c:7b:d7:71:f8:9a:c0:3b:8d:90:12:0a:ee:9e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4898: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4899: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4900: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 81:6c:47:3e:cd:67:d4:00:8e:3b:54:de:f7:19:81:eb Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:06:40 2015 Not After : Mon May 18 21:06:40 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:9f:de:0d:ef:3f:6a:e2:62:c1:27:9a:32:1a:c3:88: f0:17:23:91:d3:7c:4b:fa:c6:ec:40:e1:fe:20:ea:b1: 7b:ab:a8:48:68:bb:8f:ca:1b:85:82:62:65:7d:2e:a7: 4e:f2:9e:70:af:3f:c4:7f:3c:ff:bf:1b:00:61:ec:0b: ce:dd:35:db:f3:f4:28:95:9c:23:68:64:a1:89:1a:6b: 29:c8:3a:ff:c6:e4:31:5b:dc:ce:d5:43:fd:73:8b:44: de:e0:23:b0:d3:59:db:d2:46:2b:6f:20:05:9d:a7:6c: ac:f1:2c:dd:61:52:d4:9c:64:2d:a7:03:54:8f:62:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:56:b1:60:2b:08:97:b9:35:5e:2e:79:ac:29:f5:d2: 6f:3a:fe:fc:62:8b:a2:08:ec:a6:05:15:1e:c5:47:ec: 6c:60:44:db:21:59:be:c8:81:de:a9:4b:c2:4c:de:9e: ef:e3:73:fa:49:51:fb:1f:cd:a6:0f:23:07:c1:53:2a: 16:d5:b8:ef:e6:6e:fa:f2:a3:61:d7:98:cf:e1:f2:fa: 57:06:d2:6c:08:1f:38:5c:f2:7e:d6:f3:7b:75:cf:a0: 17:42:ff:32:fd:fb:c9:9b:91:2a:29:93:d9:d3:31:4c: 35:7a:0f:87:bf:d1:c3:f4:1f:63:f5:a6:85:77:f5:fd Fingerprint (SHA-256): C9:D2:33:1D:C0:86:A2:C4:36:88:FB:1E:B0:2B:C1:16:D8:FC:44:39:2B:3F:37:B1:9D:59:F5:86:75:AD:E0:E7 Fingerprint (SHA1): E3:77:B6:04:DE:8E:57:79:D2:28:DD:25:F0:43:FA:DA:5F:C5:B9:3F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:07:55 2015 Not After : Mon May 18 21:07:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:ba:6e:3e:fd:7a:a0:7a:1c:0f:43:47:f8:c2:9f:69: 49:f5:03:a1:11:ea:e6:cf:8b:24:6d:e5:1f:c5:69:8c: 5a:40:93:10:87:3f:5f:5d:b1:c1:5d:6a:1c:e6:eb:a4: 50:20:37:27:4d:3d:d7:b2:34:e5:e7:6d:c1:d9:9b:42: 89:11:1f:de:bb:d2:15:07:c4:71:d5:34:e4:91:77:3e: a0:e0:11:6e:94:0a:d6:4e:03:54:40:9a:92:19:e3:be: 76:d1:54:de:4d:29:ff:30:5b:ea:b7:2a:35:7d:88:21: 9f:09:de:b8:98:99:64:02:9e:c0:96:2d:9d:93:ba:ad Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:75:15:7e:9e:92:d7:30:1b:ac:de:ab:ff:46:f0:ff: 22:9c:25:63:66:85:d3:1b:2c:0c:4d:8d:f4:68:63:8d: b8:10:5b:c9:7f:a1:b8:b3:e0:43:8e:ab:63:d1:5d:fe: 39:15:73:ae:0b:a8:1e:b1:4d:aa:a8:20:58:7f:8e:17: 78:f7:88:a5:01:e6:df:ba:f3:64:5c:eb:2d:d7:38:2f: 47:35:bf:1b:00:19:51:e4:c0:80:89:80:8e:39:b5:81: 5a:2d:60:ad:cf:7b:79:b6:fb:cc:7e:6d:9f:4c:38:b6: d6:eb:b3:16:9c:09:5a:2a:fa:aa:0b:ad:ab:4f:46:33 Fingerprint (SHA-256): 2F:DF:27:02:34:4A:94:0F:BC:1B:05:8A:B1:AF:B0:4B:9B:86:A0:D2:83:93:DF:E7:EE:1A:53:BA:19:ED:28:BC Fingerprint (SHA1): C8:D3:00:72:9F:A8:1C:C9:9F:06:48:6F:A2:66:75:3E:95:9C:F9:21 Friendly Name: Alice tools.sh: #4901: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4902: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #4903: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4904: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #4905: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%) tree "../tools/html" signed successfully tools.sh: #4906: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #4907: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #4908: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #4909: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #4910: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #4911: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 18:08:22 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 18:08:22 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #4912: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #4913: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 FIPS_PUB_140_Test_Certificate fips.sh: #4914: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #4915: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #4916: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #4917: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #4918: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #4919: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #4920: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #4921: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #4922: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #4923: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #4924: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 FIPS_PUB_140_Test_Certificate fips.sh: #4925: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #4926: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #4927: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #4928: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #4929: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa a4c96d1a114a85c82379288445e43928fc904fa2 FIPS_PUB_140_Test_Certificate fips.sh: #4930: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #4931: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #4932: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle mkdir: cannot create directory '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle': File exists cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so -o -8 -b 5 Changing byte 0x00032e40 (208448): from 21 (33) to 01 (1) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle dbtest -r -d ../fips fips.sh: #4933: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 18:09:19 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Mon May 18 18:09:19 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #4934: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #4935: CMMF test . - PASSED TIMESTAMP crmf END: Mon May 18 18:09:20 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Mon May 18 18:09:20 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #4936: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4937: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #4938: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #4939: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #4940: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #4941: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4942: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #4943: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #4944: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #4945: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #4946: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4947: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #4948: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #4949: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #4950: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #4951: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4952: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #4953: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #4954: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #4955: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #4956: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4957: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #4958: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #4959: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #4960: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #4961: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4962: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #4963: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #4964: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #4965: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #4966: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4967: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #4968: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #4969: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #4970: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #4971: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4972: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #4973: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #4974: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #4975: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #4976: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #4977: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #4978: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #4979: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #4980: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #4981: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #4982: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #4983: Decrypt with a Multiple Email cert . - PASSED smime.sh: #4984: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #4985: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #4986: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #4987: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #4988: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #4989: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #4990: Decode Encrypted-Data . - PASSED smime.sh: #4991: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #4992: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #4993: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #4994: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #4995: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #4996: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Mon May 18 18:09:52 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 18:09:52 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 18:09:52 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Mon May 18 18:09:52 EDT 2015 merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #4997: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id dave --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #4998: Merging Dave - PASSED merge.sh: Merging in new user certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id server --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #4999: Merging server - PASSED merge.sh: Merging in new chain certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id ext_client --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5000: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict1 --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5001: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict2 --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5002: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:10:23 2015 Not After : Mon May 18 21:10:23 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:15:e7:d0:da:5e:0e:df:d6:a5:05:04:c3:20:d8:fa: 80:4b:f8:f2:7d:3d:74:67:0b:c8:e7:a1:aa:ec:93:ac: 74:78:c3:59:4a:15:8e:8a:9f:dc:5c:b8:b4:d2:01:47: dc:b1:be:88:2c:8f:cd:dd:aa:62:8c:94:ff:15:27:4d: 63:0e:a8:8d:2f:8d:93:c9:39:d3:81:f5:ac:98:30:ce: 84:e9:50:5a:4c:ae:c6:37:1a:7f:fd:1e:ec:cc:25:d4: 31:a3:b5:12:bc:7f:b9:0d:4a:30:57:e1:b4:cd:74:49: ef:2e:ff:e0:4d:92:64:af:87:3d:18:3e:f4:25:ab:27 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:18:33:47:78:6e:19:c0:fc:63:99:70:de:4c:c0:ee: 79:f8:b8:04:6a:7b:0e:4c:e7:ff:99:9e:70:9c:13:a3: 95:62:5b:64:40:18:a0:92:7e:4a:b0:83:f9:09:e4:8c: e2:cc:e2:32:71:62:33:a8:91:f5:a5:dd:90:84:a5:1e: 6a:e2:0c:09:32:ee:c0:5d:14:51:fb:db:17:93:81:4f: 1f:f8:e2:43:4b:6a:89:bb:66:cd:9f:dd:46:5f:9c:09: 3b:b1:cd:01:a4:08:1e:cb:45:e0:84:43:c7:e2:28:45: 5c:85:7f:d3:7a:33:d5:22:8f:42:3c:c7:cb:ab:0c:4f Fingerprint (SHA-256): 98:FE:3B:31:0F:E2:39:A8:A2:DD:7F:4D:7C:D7:D1:5C:91:5C:F5:F9:F6:02:C4:30:91:C4:A8:90:28:46:04:C9 Fingerprint (SHA1): F5:EE:55:2F:94:29:F4:53:91:B9:17:FD:8F:A2:8F:87:30:6C:4C:06 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5003: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 21:10:31 2015 Not After : Mon May 18 21:10:31 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:16:3b:c0:96:06:8a:bc:ca:74:16:4d:2f:29:6a:12: 87:f1:4b:00:c6:f7:c4:cc:8c:b2:d7:a7:67:ee:6d:69: 79:15:b1:b6:04:92:fd:ed:4e:08:40:69:5f:28:24:07: 4a:77:db:75:0e:33:ba:5d:43:ca:75:7f:85:8e:6d:ee: 22:4c:c1:e7:27:c9:29:04:39:fa:5e:a1:56:fd:1b:76: 5e:0c:38:b1:25:f6:1b:e5:2e:26:66:a8:17:a2:c2:da: 38:90:1f:ec:e6:40:ae:a6:2a:de:db:60:4a:ec:36:f8: bf:7e:45:59:0b:b8:80:ea:63:16:ae:1a:0b:5d:9e:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:58:71:0a:4e:7f:ea:0a:64:51:d1:f6:1c:47:a0:c2: 37:f3:02:df:17:c9:c3:1a:1b:32:61:31:76:3a:e7:f2: 03:bf:82:2b:c3:eb:50:68:98:d0:95:25:89:4d:6d:1c: f5:1a:ab:6b:2d:b1:8e:f1:b2:aa:87:d0:73:20:75:f4: 16:cd:7e:97:c8:e1:77:33:ac:e9:5c:7f:5d:12:8f:55: 48:69:ba:dd:16:4f:91:83:3c:e0:28:86:d9:93:31:58: c7:ab:42:d1:ed:f2:10:48:ed:f8:3e:15:0f:8b:4d:bc: 1e:1a:9f:54:d0:e8:42:2f:b7:06:92:c1:a9:f6:3d:a2 Fingerprint (SHA-256): BF:A7:9D:5F:01:4A:74:D6:07:69:7B:92:3F:3C:C5:CC:ED:DA:55:77:29:C0:FE:1F:C7:EC:D0:A6:6B:68:42:F5 Fingerprint (SHA1): 11:62:1C:67:13:E9:07:F8:5F:69:D7:97:F1:2C:B9:04:26:B2:BE:EE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5004: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id sdr --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5005: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Alice u,u,u Alice-ec u,u,u bob@bogus.com ,, Dave u,u,u eve@bogus.com ,, bob-ec@bogus.com ,, Dave-ec u,u,u TestCA CT,C,C TestCA-ec CT,C,C Alice-ecmixed u,u,u Dave-ecmixed u,u,u localhost.localdomain u,u,u localhost.localdomain-ec u,u,u localhost-sni.localdomain-ecmixed u,u,u localhost.localdomain-ecmixed u,u,u localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec u,u,u ExtendedSSLUser-ecmixed u,u,u clientCA T,C,C chain-2-clientCA-ec ,, chain-2-clientCA ,, clientCA-ec T,C,C ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec u,u,u serverCA-ec C,C,C chain-1-clientCA ,, chain-1-clientCA-ec ,, Alice #1 ,, Alice #2 ,, Alice #99 ,, Alice #3 ,, Alice #100 ,, Alice #4 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #5006: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v1.25156 -t Test1 -f ../tests.pw merge.sh: #5007: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #5008: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #5009: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #5010: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Mon May 18 21:11:19 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Mon May 18 21:06:38 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Mon May 18 21:11:15 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #5011: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Mon May 18 18:10:09 EDT 2015 merge.sh: Testing with shared library =============================== Running tests for lowhash TIMESTAMP lowhash BEGIN: Mon May 18 18:10:09 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Mon May 18 18:10:09 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Mon May 18 18:10:09 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #5012: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -f ../tests.pw cert.sh: #5013: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5014: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5015: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -o root.cert cert.sh: #5016: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -f ../tests.pw cert.sh: #5017: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5018: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5019: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5020: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5021: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5022: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5023: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5024: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -f ../tests.pw cert.sh: #5025: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5026: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5027: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5028: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5029: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5030: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5031: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5032: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5033: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #5034: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5035: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #5036: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5037: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #5038: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5039: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #5040: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5041: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #5042: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5043: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #5044: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5045: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #5046: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw cert.sh: #5047: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5048: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5049: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #5050: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5051: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert cert.sh: #5052: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5053: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #5054: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5055: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert cert.sh: #5056: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5057: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5058: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5059: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert cert.sh: #5060: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5061: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert cert.sh: #5062: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5063: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5064: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5065: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw cert.sh: #5066: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5067: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5068: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #5069: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5070: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert cert.sh: #5071: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5072: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #5073: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5074: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert cert.sh: #5075: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5076: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #5077: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5078: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert cert.sh: #5079: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5080: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5081: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5082: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5083: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert cert.sh: #5084: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw cert.sh: #5085: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5086: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA.ca.cert cert.sh: #5087: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA-ec.ca.cert cert.sh: #5088: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5089: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #5090: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5091: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5092: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #5093: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5094: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5095: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #5096: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5097: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5098: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5099: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA.ca.cert cert.sh: #5100: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA-ec.ca.cert cert.sh: #5101: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5102: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #5103: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5104: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5105: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #5106: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5107: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5108: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5109: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5110: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5111: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #5112: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5113: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5114: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #5115: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5116: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5117: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5118: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5119: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5120: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5121: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw cert.sh: #5122: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5123: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA.ca.cert cert.sh: #5124: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #5125: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5126: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #5127: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5128: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5129: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #5130: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5131: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5132: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #5133: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5134: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw cert.sh: #5135: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5136: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA.ca.cert cert.sh: #5137: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #5138: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5139: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #5140: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5141: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5142: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #5143: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5144: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5145: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #5146: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5147: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw cert.sh: #5148: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5149: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA.ca.cert cert.sh: #5150: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #5151: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5152: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #5153: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5154: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5155: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #5156: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5157: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5158: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #5159: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5160: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw cert.sh: #5161: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5162: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA.ca.cert cert.sh: #5163: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #5164: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5165: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5166: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5167: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5168: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5169: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5170: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5171: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5172: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5173: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #5174: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #5175: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #5176: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #5177: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #5178: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #5179: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #5180: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #5181: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw cert.sh: #5182: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5183: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #5184: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5185: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw cert.sh: #5186: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5187: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #5188: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5189: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #5190: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5191: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5192: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #5193: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5194: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5195: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #5196: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5197: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw cert.sh: #5198: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5199: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #5200: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #5201: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5202: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #5203: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5204: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5205: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #5206: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5207: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5208: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #5209: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5210: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:db Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:12:56 2015 Not After : Tue Aug 18 22:12:56 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:5b:52:4d:28:e6:29:27:ae:51:c0:df:96:75:96:45: eb:8c:8a:2d:c4:b6:95:5d:ee:7b:20:38:98:5d:fe:c4: c2:4f:7e:98:c7:1c:29:9e:3a:63:20:c6:f4:b9:ee:01: b1:4f:a2:1d:31:37:59:03:17:76:05:4e:5e:11:03:c5: 00:2e:56:ee:8c:e1:fb:37:47:3e:7d:ad:f3:b1:2e:1b: 96:c5:57:03:5d:8a:e8:0a:19:fc:34:a0:55:87:7e:82: 94:d5:90:0e:17:51:95:0e:b8:cb:55:4d:14:cf:3a:ab: af:3b:27:94:33:d0:01:02:6b:b7:b7:ad:60:a7:5f:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:9b:0e:5e:aa:5a:1e:e5:95:a0:c5:b5:12:ab:89:80: a5:e6:86:2a:38:e6:ad:e1:c4:a6:b4:bd:8e:0e:5c:09: bc:8b:c7:fb:c1:bc:9e:45:05:12:83:7b:f0:6f:06:25: 84:99:17:f7:a5:18:4f:ac:52:df:3b:4e:be:dc:d0:81: 88:79:f4:8f:b2:f0:b8:72:f4:29:0c:3c:cb:d4:aa:5a: d7:0d:1e:82:5e:59:28:78:76:8a:cd:17:6f:28:4d:5b: aa:f5:63:c6:53:f0:b3:55:99:21:44:c0:c1:9b:43:eb: 59:a5:de:92:70:ba:92:8e:c0:ee:5e:e8:ed:fc:78:b2 Fingerprint (SHA-256): B5:12:97:C7:41:38:FD:2E:CC:F3:C1:0F:4D:F1:E4:B3:05:C3:31:26:E8:DC:AF:BE:65:5C:69:AB:EC:E7:2D:5E Fingerprint (SHA1): E1:6D:53:1E:20:DF:6E:C3:29:DE:12:CC:E4:8F:4E:D3:0A:0F:A5:A2 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5211: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:e1 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:12:58 2015 Not After : Tue Aug 18 22:12:58 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:6f:00:70:85:46:2b:48:88:f8:f9:d1:b8:a4:dd:8a: 8e:02:25:c2:08:65:15:0e:32:3a:54:58:05:4e:64:43: 8d:f7:21:73:23:f1:51:10:d3:a8:45:0f:e2:a1:eb:52: 29:19:5e:dc:f4:33:47:14:21:02:a3:d2:8a:92:68:2a: 99:ca:a2:52:d8:ff:09:5a:11:ac:e9:3f:5c:da:15:ba: b5:65:5d:92:f8:13:6b:7a:a5:b4:64:da:35:d3:8c:2b: 21:fa:03:fa:b8:9d:e2:9d:75:e6:ed:dd:55:b2:16:dc: e0:ee:9b:75:61:12:f6:97:c6:89:3a:b4:4a:71:99:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:2d:9e:0e:cf:d3:3c:78:2f:9a:58:0d:ef:e2:07:12: 5b:4a:9d:3c:78:ad:29:a0:9c:1c:99:c8:40:f9:a8:bf: fa:8d:2b:3d:ad:69:ef:29:65:8d:d9:bc:78:db:52:fe: c0:18:eb:8b:a1:35:20:4d:a1:0a:d2:ca:7d:cb:49:79: c5:ca:8b:b5:70:6d:92:a0:f8:fe:bc:81:bf:32:c3:12: bf:1c:6b:a2:7e:47:ca:bd:a2:bc:98:a6:b2:fc:f3:30: 27:69:4a:d8:7a:60:4e:c8:5c:54:1f:8e:b4:f3:71:4e: 88:ba:c0:87:cb:e5:e9:ed:14:3e:a7:70:c8:c6:c8:e7 Fingerprint (SHA-256): 62:2B:EB:4B:F1:1A:E2:0B:53:D2:2F:B2:B9:BA:D6:86:82:68:47:05:E3:5B:62:08:85:7F:09:3A:40:B0:73:38 Fingerprint (SHA1): A7:31:54:D5:1B:64:BC:29:C9:B3:81:E7:01:70:25:E9:37:16:A0:7D Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5212: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:e6 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:01 2015 Not After : Tue Aug 18 22:13:01 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:7e:88:ca:22:4a:ac:e2:d7:0c:64:8a:e2:6f:25:18: 0f:78:89:66:b2:32:87:5e:7f:59:65:f3:78:f7:e1:3e: 29:c6:e2:87:2b:08:f3:6f:e1:36:f8:d6:9b:e6:2e:38: 65:e9:19:b7:11:14:5e:13:98:dc:1f:e2:e2:ee:d2:47: 41:de:a2:53:6a:f8:2f:d7:64:42:ce:53:b6:9a:68:7c: 1f:a1:ac:1a:63:7b:62:68:5a:12:8c:cd:95:13:73:91: 8a:86:ff:8b:4b:30:0c:2c:e7:a7:7b:9c:ba:32:95:27: 61:fb:bc:40:a0:2d:8a:49:1f:1f:aa:6f:e9:a4:cb:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c0:de:04:b7:c1:dd:63:a9:43:7f:1b:6b:a9:6c:34:eb: 63:1b:49:9e:30:11:80:09:02:1a:dd:73:4a:4d:ec:e6: ab:93:57:a7:4d:b7:58:c8:0d:84:5f:cc:3b:bb:61:de: 67:e7:71:be:96:55:dd:54:68:dc:6c:1e:12:6f:06:9b: c8:26:51:92:ff:dd:c0:a2:32:d3:9a:63:2e:79:49:55: da:d1:95:3e:52:83:ee:10:cb:d9:02:5f:be:a8:f7:87: 75:6e:f6:16:63:9e:9f:4d:d5:0c:d9:a9:3c:1a:8e:f2: a5:29:9c:b9:15:19:71:c1:26:fe:41:a3:2a:2c:9c:15 Fingerprint (SHA-256): 23:9A:A3:51:91:9F:6D:A0:35:2F:95:BE:FC:B5:94:88:24:89:DA:A3:64:38:97:59:94:F8:9B:BC:A0:BA:89:EF Fingerprint (SHA1): 4E:32:81:42:92:DE:CD:A5:A2:06:40:0F:B6:63:F2:59:FA:2E:27:6D Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5213: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:eb Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:05 2015 Not After : Tue Aug 18 22:13:05 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:85:0f:a2:6a:98:1e:d0:04:b7:74:21:ea:d0:50:0a: 63:13:9d:dd:9b:f5:92:a1:8f:3d:fc:7a:25:c1:eb:b4: 2e:bd:5e:9d:08:0e:ca:9b:36:b0:1c:3f:ae:04:5b:25: 56:08:80:24:8b:0f:e8:c9:0e:a7:74:86:96:a4:aa:7f: 96:3e:62:93:a6:42:34:2b:fd:b3:b2:b7:bb:8f:0a:ab: d4:b2:2c:8e:5b:e0:f2:a9:ff:3d:0f:12:1e:df:a1:43: 50:00:ff:02:74:27:fe:e5:fe:0d:09:81:8d:29:c4:8b: 6c:30:1c:35:52:26:c8:24:4b:a6:94:c9:0e:54:82:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: be:16:6a:70:fd:e7:ae:78:85:13:39:79:29:9c:cf:46: 7d:32:6d:64:ad:76:8d:71:21:b3:97:ca:0c:c8:a0:c6: 22:1b:a2:c1:ec:b0:62:b8:9b:32:e6:33:82:1a:ef:71: 6b:3c:9a:cb:11:f4:8b:17:0a:5d:59:d0:1d:3f:31:96: fe:ec:45:56:eb:b7:b1:f5:9e:ce:e3:87:f9:0b:bb:d4: 25:7c:e0:9a:17:51:e3:f9:06:97:ac:d4:24:19:ed:0b: a8:1b:b8:6b:a9:a1:6c:0b:7c:5d:85:30:c1:9b:94:ac: c3:f2:a3:e6:ad:a3:7c:2a:b3:58:48:74:fe:1e:e8:a3 Fingerprint (SHA-256): 16:D7:31:C3:60:02:23:97:51:94:D1:11:0B:40:A6:48:51:F4:0C:DE:31:9E:FD:57:60:ED:A9:4D:C8:2B:5E:47 Fingerprint (SHA1): 1E:8D:A6:B3:3A:80:A2:78:4E:F4:C6:88:0E:CB:17:E4:6E:D3:B1:C0 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5214: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:f2 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:07 2015 Not After : Tue Aug 18 22:13:07 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:db:6d:8d:7a:7a:14:a8:21:79:2e:f1:99:13:a9:4f: 1a:ef:f3:99:ba:81:05:91:37:85:c8:cc:c5:9b:fd:17: 58:d6:36:25:22:00:cd:2d:38:e4:92:66:cd:fe:a5:dc: e4:26:5c:20:ab:db:85:0f:77:f9:11:48:8f:55:3b:30: 73:31:db:18:b8:9b:8f:29:89:70:37:7c:98:15:9d:bf: e0:35:84:75:76:76:db:26:84:3f:7e:7a:7e:1c:83:b6: 06:29:b5:70:ee:d4:54:3a:23:91:b2:b1:e0:d9:3b:87: e7:b3:a3:b1:39:2c:d8:b7:aa:02:66:06:d8:28:4a:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:d0:46:64:cc:bf:72:64:4f:35:2e:05:62:ba:cc:7c: 9a:87:8d:3e:ff:6c:83:7d:ff:be:61:b1:95:9f:74:fd: e5:d4:33:3f:53:1c:87:28:f4:a9:cf:cc:e9:35:3a:a1: f9:04:b7:72:18:05:ba:6c:3a:09:f1:60:f1:43:5f:f8: 6d:bc:ac:3a:1c:16:4c:96:4b:71:58:88:89:d9:2c:61: 53:73:a2:5e:1e:29:03:76:73:7f:fd:7d:96:08:3e:92: 74:00:3d:5b:6e:33:e1:0f:09:d5:f9:9b:4c:e4:08:1c: 1c:00:06:bd:aa:3d:03:e6:f8:b9:3b:0b:90:f0:c2:f7 Fingerprint (SHA-256): 4A:E6:8B:59:0D:44:E9:44:53:38:CB:D8:45:63:1C:A7:E2:D8:B3:57:F9:F9:50:B4:EE:AB:D3:33:F5:12:E6:AF Fingerprint (SHA1): 95:6A:EB:DD:6E:96:AB:77:4B:30:AF:25:0A:A8:A9:C6:09:A6:EF:92 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5215: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:f7 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:09 2015 Not After : Tue Aug 18 22:13:09 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:b6:c3:e4:2f:b3:4b:88:50:d7:e6:8b:d2:75:83:75: 3d:4e:4a:bb:49:57:53:27:d1:0b:93:3a:7c:4d:28:f8: b1:92:a6:82:79:a5:3a:8b:25:52:03:3a:c4:df:62:1c: b7:b9:c8:8c:25:ed:3a:ee:7e:19:6b:96:00:7b:54:8a: e4:cb:4c:1d:f7:f0:19:92:7f:e7:20:38:ce:0d:63:7e: b5:9d:75:90:ea:71:89:e4:ab:66:dc:df:c6:0d:54:90: e4:f6:ad:df:6a:06:2d:7c:52:fc:62:29:62:b9:72:95: 6e:54:26:fb:e2:aa:50:b7:88:cd:48:47:8a:4a:1d:85 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:61:b4:94:ed:42:99:f8:ac:a3:73:c8:92:d6:bd:74: 09:dd:7e:45:33:ce:69:a3:01:bb:40:e7:23:d3:77:4a: 5c:02:63:8e:c0:2d:b9:9a:95:eb:de:30:f5:74:e4:9e: 10:f6:d2:5a:94:d3:02:e0:f7:58:9a:76:38:20:80:95: 75:30:95:fe:c5:6c:24:be:4c:3c:e6:14:f0:74:a0:60: 75:f1:ea:c0:35:6a:a2:04:51:df:2d:92:dc:6d:8b:3b: 89:59:d4:d8:7c:f3:99:dd:2e:a8:e2:3b:fd:44:56:04: 2e:01:c4:6b:21:5a:eb:c4:d2:67:08:a1:4d:bb:24:2d Fingerprint (SHA-256): 78:EF:26:AF:05:2F:FA:B1:53:E0:9D:C7:F4:DF:99:49:D0:3C:21:3F:E4:2E:9B:8B:96:43:E9:8E:2A:29:2F:93 Fingerprint (SHA1): D2:FA:ED:D1:77:EA:B4:2E:57:73:F7:91:2A:90:DA:9E:20:28:91:82 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5216: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:4f:fb Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:12 2015 Not After : Tue Aug 18 22:13:12 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:c8:c6:88:54:75:16:9e:f7:ab:76:12:9c:bb:f6:34: 44:24:2c:fd:e7:6e:ff:d4:93:9f:e1:c1:10:48:9b:a1: 26:6c:8c:99:63:c1:a3:6a:87:6b:15:12:bc:21:c5:a9: 9e:46:60:5e:00:2c:a9:bd:4b:f5:f5:a4:60:1f:81:7b: 5f:a4:8e:16:17:04:c9:53:fb:78:73:f5:c1:21:68:b9: 3f:f6:76:86:ec:cd:dd:a8:fb:bf:ee:c6:ba:ac:7d:94: 28:b9:a3:05:93:d3:1c:49:79:ac:39:f7:52:c9:18:e3: 8e:86:4e:a5:48:5d:79:01:b2:1e:1d:67:81:f1:ec:81 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5e:17:dd:bf:cb:ad:29:ff:d9:29:a6:fc:72:1b:03:ea: a0:e8:ca:a1:e1:13:2c:9e:0f:83:25:50:98:80:b9:ac: 33:9f:87:99:2a:b4:a3:77:1d:cf:f7:1d:cb:a4:44:1d: 85:c7:37:fe:75:51:a7:d2:69:b6:d6:1b:06:27:ed:f3: b8:44:82:91:60:bb:fd:ce:5b:8e:76:cf:3b:29:93:91: 58:45:9b:60:13:ab:5f:37:48:6e:b2:25:9a:77:cc:e9: d8:67:72:35:47:1b:5f:06:46:82:07:85:e1:13:ba:8c: 25:b4:80:19:bf:97:cb:a6:d1:2c:1d:c3:81:0d:64:00 Fingerprint (SHA-256): 41:48:BE:D1:CB:BC:E5:7A:57:B3:EA:13:A7:37:A4:91:57:7D:78:3F:61:4E:8F:AA:51:93:CC:6B:81:60:17:EF Fingerprint (SHA1): 4B:9F:46:58:33:BE:00:E8:A5:CD:F7:69:8A:38:8A:21:4E:A8:C9:8A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5217: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:01 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:15 2015 Not After : Tue Aug 18 22:13:15 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:d1:cd:69:6a:e1:83:33:9d:95:be:90:df:8f:83:40: 97:74:0f:d3:4a:8b:1a:b2:63:f5:c3:b9:5d:2a:62:82: d2:a7:b4:3c:69:97:58:b7:c7:2d:ae:1b:67:d9:79:d0: d5:01:2b:57:2b:e1:c0:14:52:dc:74:7d:38:5f:4e:7d: 99:1d:0b:ec:69:dd:f5:45:21:3b:29:e5:98:95:96:e3: 9f:3b:d6:25:28:40:31:f9:09:af:a3:07:1b:77:1e:6b: 10:8b:d7:63:42:2c:e4:b0:5c:9a:06:56:3c:5c:eb:d0: 74:85:94:79:de:fa:4a:50:0b:ea:05:7f:42:86:5a:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:6f:ab:5c:99:20:23:87:70:7b:7b:74:d9:ec:0e:19: da:a6:2b:91:32:b5:44:8c:bc:36:5d:e1:c0:e2:87:2c: a4:25:c0:ce:ba:9f:92:1c:8e:2f:ad:9a:18:32:9b:17: d6:75:fd:bd:2e:3f:a1:6e:5e:e6:70:81:0e:8b:80:19: 3c:71:b8:7a:27:92:bd:06:f5:9a:7b:1d:5f:3f:47:09: 4a:b9:04:03:41:0d:ad:15:f8:35:43:f6:c3:b9:ef:f4: da:93:0c:32:7e:2f:fc:27:e2:5d:18:1b:fc:e5:b5:98: 6b:52:bb:1f:6c:f2:54:1f:85:0a:f9:90:c7:f5:4e:58 Fingerprint (SHA-256): BE:BC:BA:1F:46:5A:35:AE:FD:E6:D2:F7:B4:6C:2D:24:01:10:55:28:AB:C7:99:9E:B5:6B:02:79:B6:D2:8A:24 Fingerprint (SHA1): 3F:AF:95:C3:02:0C:28:30:9D:57:6E:AE:CE:F8:4D:91:16:60:30:95 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5218: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:05 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:18 2015 Not After : Tue Aug 18 22:13:18 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:f6:89:13:8c:49:dc:48:9a:5a:33:f7:fe:aa:1a:e0: 7b:22:68:b8:67:74:f7:1e:83:bf:25:a3:ca:03:f9:dc: 09:db:2f:3a:9c:7a:70:a4:c8:d1:29:4b:fb:96:54:f7: 33:b0:f8:17:18:1b:17:d8:fb:29:93:0c:d0:a4:44:28: de:cd:f3:24:ec:7b:b3:70:98:d6:31:b4:cc:d2:d5:6c: 5a:c0:67:e8:11:01:cb:2a:ea:aa:7c:0b:9b:72:73:58: 88:c3:05:42:1b:f5:fc:42:38:06:8e:23:b6:95:c6:c3: 8b:1f:2c:a3:4a:d3:3b:86:b9:41:b8:a3:84:52:c0:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6e:99:f1:ea:00:82:5f:c7:d6:8d:34:59:f2:18:ab:e0: ee:54:5b:4b:ac:af:41:b0:cc:88:3b:d5:1d:25:42:48: 5e:a9:a8:69:09:dc:1c:56:1c:eb:88:c3:3f:d5:c4:fc: dd:df:5a:e7:85:09:d2:82:81:37:fe:c6:e9:98:3f:da: ff:70:10:33:20:98:b0:8c:8c:4c:d2:a0:89:92:f1:ce: 29:71:b5:ac:ef:0a:0d:4b:7a:25:8c:b6:88:7a:8e:85: c7:41:76:7e:ad:b8:c4:bc:79:18:f4:d3:42:64:0d:a1: c4:20:5e:71:90:c9:84:ca:ae:59:f6:3a:35:93:2d:0c Fingerprint (SHA-256): 99:E7:DE:BB:23:20:4F:83:FC:BA:73:EA:BB:61:41:12:20:7D:1C:75:64:89:1F:8F:70:8C:8C:1D:5D:3A:B0:87 Fingerprint (SHA1): 49:42:E6:2C:6A:F5:4C:4A:6E:AB:9E:9E:84:12:DD:78:69:54:E3:1E Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5219: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:0c Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:21 2015 Not After : Tue Aug 18 22:13:21 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:e2:23:02:be:7f:e6:bd:f6:1d:a6:00:8a:0b:ea:64: 30:46:97:9e:d8:02:a6:94:bd:e8:55:5c:03:86:30:c7: d4:22:19:f9:81:d4:56:20:d5:6a:85:91:4b:0a:35:3a: 1c:2a:f1:72:3d:52:6b:37:6a:24:60:db:a2:16:94:ae: 3d:c1:83:f3:fa:e9:35:43:53:cc:22:89:e1:9e:e9:f2: 74:10:7a:18:cd:b7:f5:12:4d:9c:a0:8b:06:78:99:50: 00:1b:7b:9f:7c:84:cc:3b:be:c0:f5:73:e8:40:60:b9: c6:cb:bf:98:a8:4a:11:d7:5c:93:66:ae:46:18:ed:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:2b:de:1f:07:d8:6e:19:3e:d2:1f:0c:a1:32:af:45: ee:56:e3:53:80:72:46:15:d1:34:f4:bb:32:62:9e:12: 3d:36:de:5e:cf:de:57:27:4b:28:17:98:e3:b3:30:09: b5:e1:dc:d9:67:18:a0:e8:6d:bf:57:34:16:43:a4:e0: da:3d:96:1a:6f:e7:08:0a:0f:59:ae:45:a4:79:57:0d: 52:dd:f3:af:3a:c7:d9:07:59:93:c7:89:e0:49:2b:0d: be:f7:9c:a9:9f:ce:8b:8c:a9:2b:db:30:2d:a7:e8:c0: c4:0d:51:65:43:f4:15:48:fa:d6:ca:96:a1:43:a2:be Fingerprint (SHA-256): C0:74:06:F5:4E:B4:75:2B:A7:DF:EA:2E:48:BC:24:38:20:BF:DF:B7:6A:EA:28:87:02:C4:8F:03:24:80:FC:1F Fingerprint (SHA1): 2B:84:AD:E6:6E:18:BB:43:A8:26:14:65:3C:03:D2:75:E0:8D:AD:C0 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5220: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:12 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Mon May 18 22:13:25 2015 Not After : Tue Aug 18 22:13:25 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:e7:94:96:9b:a4:96:f8:62:92:ad:be:f5:a5:91:ef: 27:ff:11:39:ff:31:0d:c6:a1:f3:e9:f6:ce:c8:4e:6b: 69:e4:89:ee:fc:a4:b9:c0:f5:26:08:21:2d:13:25:3e: 8a:f3:ad:d9:ef:0a:04:33:c5:d1:ba:01:d6:95:28:25: fc:e2:fa:f7:04:cb:84:b9:2b:ad:68:6d:89:89:1c:44: e9:73:fe:24:8f:5e:0c:27:69:b9:b7:3c:31:e3:d7:b1: 9c:3e:5e:94:a0:a0:07:69:94:9c:6a:33:86:6c:1b:2d: cd:cd:e7:52:35:f6:00:7c:6b:b0:4f:e3:07:78:48:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 45:aa:66:d6:12:bf:3c:c1:d9:75:85:a5:ec:6a:6d:3d: 9e:37:cb:90:7e:cc:f7:8b:4f:f8:21:d7:15:5d:f8:ea: 14:71:d4:ff:88:59:a0:c9:38:0a:32:30:49:00:5b:7d: c7:e6:77:e7:2f:c6:f6:62:4f:40:b2:32:5f:08:c3:71: 57:48:ec:60:95:91:e9:6e:fe:f3:ec:83:4f:34:55:d8: 81:4c:a1:7f:1e:eb:40:d6:f7:b1:ca:0a:32:5d:0a:1f: 18:c6:6d:42:c2:77:35:67:2b:31:16:8d:f2:a9:71:e7: 22:a4:b3:83:c9:f3:47:04:af:f7:7d:04:97:69:35:15 Fingerprint (SHA-256): A4:DC:A1:1F:01:6A:8C:DC:4C:29:9D:D6:8B:60:D8:DC:75:36:3F:1A:DD:A7:9B:3E:77:83:D0:46:D4:DB:73:0E Fingerprint (SHA1): 4A:8C:10:18:04:72:7D:11:4C:D7:8C:F1:E1:9F:F2:0E:0A:E9:1E:BE Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5221: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #5222: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #5223: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #5224: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:1f Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 22:13:31 2015 Not After : Tue Aug 18 22:13:31 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:9f:f7:00:fc:4d:7b:49:5c:a7:04:88:54:fc:14:de: 2f:d3:64:7f:01:97:23:30:bc:c4:1b:97:6c:9b:7c:b1: f7:33:90:51:a7:79:04:77:d1:0f:90:68:96:b4:cf:97: 12:e9:e2:76:c9:cb:cc:13:21:91:c7:03:89:2e:3b:37: b2:8c:44:e9:8e:d6:e0:23:6e:ad:81:ca:a3:37:7d:f0: 2b:d4:62:2b:72:68:f8:b1:13:3a:8d:fd:36:f2:b5:3b: d3:22:fc:71:28:f0:7c:bb:9a:7b:75:8d:f6:0c:83:75: 82:4c:09:ef:8c:a5:59:ae:f6:b4:6f:c1:6f:74:61:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 61:cb:19:39:c0:1b:1a:1a:f1:e5:4e:0d:e8:67:d1:8b: 80:01:54:3e:d8:74:21:a5:e9:57:be:1d:0d:8e:2b:59: d9:0d:18:64:a4:75:61:bc:40:c6:1c:c1:78:0c:71:18: eb:7b:36:81:69:4f:79:09:8f:e9:37:40:b1:e6:ec:1c: c4:d4:55:b6:11:86:cf:75:23:76:60:14:38:4e:a9:17: b5:ca:21:49:86:09:81:28:68:a8:29:60:fc:4f:63:a8: 1f:d9:a2:6f:e7:4f:06:2f:4f:77:36:03:a5:fb:3c:2a: ca:9e:c3:76:7a:99:a9:7a:9a:9b:be:39:79:77:ef:af Fingerprint (SHA-256): C4:F2:EC:97:5E:B2:35:6D:A8:52:49:BC:D8:4F:7F:18:40:C7:4E:8D:78:AB:AA:34:E1:6F:2C:25:BE:21:40:AF Fingerprint (SHA1): 61:C6:01:E3:83:82:EB:8C:26:49:49:93:69:BD:B6:15:1D:0B:B4:40 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5225: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der cert.sh: #5226: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #5227: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #5228: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5229: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5230: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5231: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #5232: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cc:50:34 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Mon May 18 22:13:42 2015 Not After : Tue Aug 18 22:13:42 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:9c:13:58:5e:87:5d:ed:13:00:ff:86:6f:3d:6e:f7: 93:ec:1e:d5:35:0f:44:af:fa:be:b7:64:77:80:22:f6: 85:d7:4e:2a:7f:f4:b4:7b:f0:c5:a7:9e:bc:67:f5:36: 6d:7f:19:3d:3b:40:40:40:d8:23:3c:fe:d9:f8:e0:f9: 71:fd:e2:e1:91:d6:13:2d:f2:ba:9f:91:be:e5:33:69: 62:c3:6d:3e:46:70:04:db:9e:78:8a:6a:24:22:f3:72: ea:5f:b0:7c:dd:d6:69:5a:75:ed:c5:60:bc:13:da:22: 2f:0a:41:bd:59:11:06:0c:f6:8a:66:63:da:49:82:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b4:42:ac:f5:87:1e:bb:15:e5:3f:b4:be:c4:9a:f0:b1: 13:3c:9e:fd:1d:58:03:fc:47:7f:b5:c9:e3:97:16:34: c3:47:b5:80:e6:7c:2f:b3:77:c9:87:9e:c8:77:28:41: fb:39:ab:44:73:4d:58:1a:3c:8b:25:6b:ff:d8:56:22: d5:e6:97:fa:a0:6e:a2:5c:46:1d:19:21:81:46:e4:67: e3:33:8c:2b:b0:98:13:8e:96:20:36:22:b7:ae:63:0e: 2f:cf:56:28:0f:f9:88:a1:7a:2c:e0:a1:4b:fa:6e:56: f3:c3:e2:8b:09:3f:3a:a8:dd:49:24:9a:af:be:25:3b Fingerprint (SHA-256): F4:CD:45:6A:52:ED:2C:0C:35:67:75:B1:0D:1E:0A:62:21:08:02:74:DF:78:D3:F5:AB:CC:29:01:F0:75:E5:42 Fingerprint (SHA1): 45:CB:77:81:39:8C:C2:EF:C2:2A:C2:60:BA:57:79:2A:EB:7A:F6:37 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5233: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #5234: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #5235: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw cert.sh: #5236: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5237: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5238: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -o root.cert cert.sh: #5239: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #5240: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5241: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #5242: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw cert.sh: #5243: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5244: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA.ca.cert cert.sh: #5245: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #5246: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5247: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #5248: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5249: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5250: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #5251: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5252: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5253: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #5254: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5255: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw cert.sh: #5256: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #5257: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -o root.cert cert.sh: #5258: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #5259: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5260: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #5261: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5262: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5263: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5264: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5265: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5266: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5267: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5268: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5269: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5270: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5271: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5272: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5273: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5274: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #5275: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5276: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #5277: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5278: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5279: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #5280: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5281: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5282: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #5283: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5284: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5285: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #5286: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5287: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5288: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #5289: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5290: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5291: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #5292: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5293: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5294: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #5295: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5296: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5297: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #5298: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5299: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5300: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #5301: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5302: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5303: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #5304: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5305: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5306: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #5307: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5308: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5309: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #5310: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5311: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5312: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #5313: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5314: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5315: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #5316: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5317: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5318: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #5319: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5320: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5321: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #5322: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5323: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5324: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #5325: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5326: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5327: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #5328: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5329: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5330: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #5331: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5332: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5333: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #5334: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5335: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5336: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #5337: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5338: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5339: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #5340: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5341: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5342: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #5343: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5344: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5345: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #5346: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5347: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5348: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #5349: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5350: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5351: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #5352: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5353: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5354: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #5355: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5356: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5357: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #5358: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5359: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5360: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #5361: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5362: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5363: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #5364: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5365: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5366: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #5367: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5368: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5369: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #5370: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5371: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5372: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #5373: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5374: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5375: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #5376: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5377: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5378: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #5379: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5380: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5381: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #5382: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5383: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5384: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #5385: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5386: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5387: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #5388: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5389: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5390: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #5391: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5392: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #5393: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #5394: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #5395: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #5396: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #5397: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #5398: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #5399: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #5400: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #5401: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #5402: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #5403: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #5404: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #5405: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #5406: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Mon May 18 18:16:20 EDT 2015 Running tests for dbtests TIMESTAMP dbtests BEGIN: Mon May 18 18:16:20 EDT 2015 ./dbtests.sh: line 173: syntax error near unexpected token `then' ./dbtests.sh: line 173: ` if [[ $EUID -ne 0 ]] then' TIMESTAMP dbtests END: Mon May 18 18:16:20 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Mon May 18 18:16:20 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5407: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 61:4d:c8:3c:ec:57:fd:64:f6:84:e2:e5:f5:2e:21:7d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5408: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5409: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5410: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5411: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 4d:85:57:2d:5c:e9:92:8b:5e:7d:e4:4a:9c:5e:ab:68 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 22:10:32 2015 Not After : Mon May 18 22:10:32 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:f2:22:8d:5a:ea:7f:03:f8:da:c3:5b:54:f1:3c: 26:72:73:82:f9:c1:32:1d:31:27:79:6e:a5:2b:9c:a2: 95:96:cd:e8:b2:09:3e:52:e4:fd:a6:84:34:fc:8f:70: 80:56:56:8d:53:95:39:ef:9b:fa:64:b4:7d:b1:64:17: af:dd:74:01:8b:7c:b5:86:6c:1e:ab:ff:33:c2:c9:40: 40:c0:9e:8d:f9:5f:e5:3f:4b:74:42:68:33:a3:22:af: 30:0c:6e:9e:ea:ca:a3:a0:74:90:55:3b:0f:d0:47:0a: 73:5e:e2:c3:ba:cc:fa:c6:b6:54:df:08:05:38:af:a0: f5:0e:25:76:8e Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:41:5c:fb:56:fe:7f:88:a3:32:46:56:2d: 5f:17:46:ab:6e:79:ee:7e:d1:ea:c1:ba:30:7f:ca:57: 1e:ba:61:fc:07:c3:e2:3c:eb:17:6c:45:70:7b:9f:e7: 11:fa:88:5c:4d:5a:72:05:09:56:c4:09:5b:c8:59:6c: ec:1d:87:3b:66:61:02:42:01:84:3f:5e:5f:fd:e9:6c: 19:09:5c:81:ba:03:f9:13:ab:98:d6:ed:90:e2:e3:ea: f0:9a:17:12:73:3c:25:ac:1e:03:cd:ce:d1:d6:f7:bd: 2a:14:25:7d:b9:0c:da:00:7a:3d:95:87:1e:35:2b:fd: 23:24:dd:ef:d1:25:80:25:df:b1 Fingerprint (SHA-256): A0:FF:BD:F4:40:31:36:AD:FF:13:1B:0D:FE:B4:B1:10:D5:CC:94:C6:13:88:D2:B8:28:67:0A:37:E8:CA:E6:49 Fingerprint (SHA1): 8A:DC:BE:1D:7A:40:70:A3:AE:C6:B1:14:34:EC:49:BB:67:01:CA:73 Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Mon May 18 22:11:52 2015 Not After : Mon May 18 22:11:52 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:01:8d:1a:d1:6b:c1:29:79:1e:51:1c:99:c6:ac:d1: a4:92:04:79:64:17:30:b4:00:2b:a7:13:a8:c3:c3:84: ff:b7:10:43:cd:05:05:56:9f:7b:cd:4a:3e:8c:32:2c: 02:af:19:a1:2c:f2:62:d4:bb:d7:48:ef:d2:60:a4:92: 45:f9:f9:c3:e6:31:93:5d:e7:dc:3c:52:b8:f2:77:ef: 16:9e:db:95:ed:22:ef:de:43:0c:3c:d8:48:99:6e:6e: 57 Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:00:dd:c3:77:e0:93:34:61:ff:54:58: 69:45:ad:61:94:e1:c7:7d:01:f8:1e:e9:48:7e:8a:05: f1:e8:ed:7d:49:1d:27:89:af:1b:73:88:e4:ea:01:26: 67:5b:4b:f0:a6:fb:71:b9:51:a6:13:1f:0f:7b:80:86: ad:a0:91:68:90:94:5f:02:42:00:af:a2:d5:4d:a8:3a: 62:4d:b3:0f:bc:ce:f1:8d:90:f5:78:81:1f:df:43:9b: 3f:8d:d9:7a:de:52:17:0a:d0:c4:db:eb:27:75:e8:2e: d0:0d:eb:60:98:7c:93:e5:56:fa:59:f1:8f:a2:f5:9c: a3:a9:18:f0:38:a6:a3:2c:e3:76:9c Fingerprint (SHA-256): C3:4A:E0:63:78:F5:3F:95:BF:63:9F:B2:25:4F:1F:49:CE:A6:BF:53:FA:81:39:9C:51:A9:69:F7:27:50:96:97 Fingerprint (SHA1): 2E:99:B2:E3:4F:84:27:FF:D6:63:CA:57:71:26:F1:4A:CB:62:2A:59 Friendly Name: Alice-ec tools.sh: #5412: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5413: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 72:40:11:e6:d5:3f:46:06:aa:8d:64:19:62:79:7d:8b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5414: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5415: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5416: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 2f:24:e8:59:5a:e8:3a:24:75:f8:5c:f5:89:06:95:9a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5417: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5418: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5419: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 0a:9d:b4:e3:6c:e5:cf:9a:6f:ce:ed:a5:b0:ad:47:fc Iteration Count: 2000 (0x7d0) tools.sh: #5420: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5421: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5422: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 88:1a:c5:95:52:85:db:00:91:dc:3b:ba:79:16:27:a6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5423: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5424: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5425: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 69:49:04:d1:38:6d:6d:81:25:8d:54:79:e7:38:6e:cc Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5426: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5427: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5428: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 97:5c:3b:0a:0e:28:8f:b7:07:ec:4e:7a:4b:e1:f5:e2 Iteration Count: 2000 (0x7d0) tools.sh: #5429: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5430: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5431: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: d2:89:56:d5:78:4f:ca:02:e7:00:01:08:d9:f4:33:fc Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:c4:c0:d4:12:32:af:be:51:11:08:73:18:49:8f: 94:e9 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5432: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5433: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5434: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: cf:8d:14:83:ce:cb:8e:90:c5:0a:60:d7:2b:f3:2a:c4 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:ea:9c:f2:fe:84:55:45:f1:3f:05:be:ee:ba:d7: 49:cd Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5435: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5436: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5437: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 23:b0:e3:10:2c:dd:00:95:97:2d:5f:d2:a4:58:bc:04 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:94:94:72:95:8d:53:4b:85:16:ad:7b:c9:f6:ed: c6:88 tools.sh: #5438: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5439: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5440: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 2f:40:1a:a4:37:eb:0e:c1:0f:7b:53:42:2f:1f:a1:50 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:0d:83:b1:65:4d:1d:73:5b:f7:4c:60:9f:d4:5a: 98:2f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5441: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5442: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5443: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 1f:d4:72:fd:48:9c:67:82:63:c4:f9:b1:3b:04:d9:eb Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:ea:4d:5b:68:2a:ba:49:5d:66:26:a9:7e:35:6a: 88:5c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5444: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5445: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5446: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 75:c9:ad:cb:28:c0:24:b7:44:9a:c3:9f:09:1a:d7:bf Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:df:5d:68:85:cb:04:10:a9:4b:d9:aa:24:0b:f9: e5:19 tools.sh: #5447: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5448: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5449: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: fe:b5:13:a1:c4:e5:27:a6:5b:81:ca:a0:27:fa:a9:cd Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:d0:a8:e9:67:a7:4c:1a:d1:6b:12:ba:b2:38:14: 4f:c8 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5450: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5451: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5452: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 99:4d:ab:d6:1e:1e:3b:c7:c9:b0:ea:48:71:13:bb:81 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:69:96:87:a8:f2:b2:ce:1f:c6:33:11:da:2d:da: f0:ca Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5453: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5454: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5455: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 09:ee:00:29:3c:9c:95:6b:9c:35:d2:ff:0d:78:bb:ef Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:cb:e7:83:f5:1b:33:71:d9:17:1d:cf:f7:e4:04: fc:33 tools.sh: #5456: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5457: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5458: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 2d:06:6c:69:02:3f:9e:4a:e2:1c:0a:69:17:e6:ef:31 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:70:f5:ce:76:ca:e9:e0:b9:c8:b5:a1:b9:38:6b: 50:5c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5459: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5460: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5461: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 0a:d6:f0:25:39:e3:a9:84:15:1c:fa:1c:12:9c:8b:c6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:21:d4:c5:b4:d7:0e:8d:e0:db:f5:73:aa:62:99: 0c:2d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5462: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5463: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5464: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: db:bf:87:19:7f:96:8a:4f:5a:9e:fe:cc:5c:0f:2b:31 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:84:82:2a:b2:72:ab:00:e3:8d:68:7b:c0:32:80: a5:3c tools.sh: #5465: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5466: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5467: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 41:e7:92:2b:a2:0a:f0:ca:11:8e:7b:a1:ac:ea:21:c9 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:2d:e3:0d:b3:41:71:66:11:03:2e:80:24:b9:d8: ff:49 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5468: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5469: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5470: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 52:b3:92:33:9f:af:2c:5d:a3:24:cc:21:93:e6:0e:39 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:c0:ea:88:7e:38:95:91:89:e2:ed:ce:db:73:18: b8:0f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5471: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5472: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5473: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a9:af:cf:87:25:65:0a:83:32:39:09:fb:65:cf:f8:44 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:22:4d:16:56:fb:82:21:5d:36:11:e9:1a:2d:0b: e8:82 tools.sh: #5474: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5475: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5476: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 36:f3:48:b4:37:c1:24:3d:92:f8:e1:62:a8:66:70:61 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:33:0e:f4:19:74:29:fc:ba:bf:58:11:cf:c9:f6: 70:9d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5477: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5478: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5479: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5b:10:11:61:b7:a3:b0:55:9d:b0:ec:d0:bc:9f:3f:97 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:d3:36:61:82:a8:27:98:7f:94:49:27:2f:45:13: 0a:fb Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5480: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5481: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5482: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 2a:97:2f:95:46:39:b9:88:83:0b:d3:d4:7b:c3:f8:63 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:76:c3:76:ef:f7:4c:2a:a9:18:5f:02:04:15:3e: b6:74 tools.sh: #5483: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5484: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5485: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 80:ea:7f:f7:d2:6d:a5:01:cc:e2:40:c2:d7:bb:8f:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5486: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5487: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5488: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 64:58:62:87:cd:97:c2:cd:96:e9:51:e5:43:01:ea:ac Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5489: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5490: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5491: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: e6:73:1c:fe:24:85:d2:93:b7:92:5f:b3:25:d5:a0:03 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5492: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5493: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5494: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 9f:91:55:67:1c:2c:1b:76:83:53:ef:1b:63:d9:c2:6d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5495: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5496: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5497: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 95:d6:45:8d:20:f7:07:f3:a8:5b:ce:8d:2d:1a:f0:53 Iteration Count: 2000 (0x7d0) tools.sh: #5498: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5499: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5500: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 90:14:91:f8:2b:0b:a7:24:ed:7f:b1:8f:39:63:e3:56 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5501: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5502: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5503: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 95:8f:2d:40:54:27:8a:25:af:e6:94:e6:ca:25:d3:db Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5504: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5505: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5506: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: a5:01:9e:56:92:6c:eb:f2:15:dc:f8:82:d2:4c:ad:a4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5507: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5508: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5509: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 66:99:6f:7d:6f:87:f9:ad:21:51:50:4d:c4:79:d4:32 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5510: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5511: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5512: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 06:0d:8d:2c:6b:4a:68:b4:7e:20:57:8f:f0:de:88:f3 Iteration Count: 2000 (0x7d0) tools.sh: #5513: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5514: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5515: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 09:8f:7c:55:75:d3:25:bc:af:78:91:e6:fb:75:75:55 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5516: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5517: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5518: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: f2:36:45:26:95:cc:8a:c8:aa:61:ad:f6:48:0f:c9:7c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5519: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5520: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5521: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: c2:af:43:c4:40:4a:a6:a5:5a:a9:86:56:0e:44:4c:4a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5522: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5523: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5524: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 97:2c:2b:17:10:dd:ea:7e:3a:94:30:c0:97:7d:3f:ef Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5525: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5526: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5527: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 02:9a:e2:61:8a:f5:41:81:88:43:fa:fb:17:bf:5c:ab Iteration Count: 2000 (0x7d0) tools.sh: #5528: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5529: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5530: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 18:c7:7d:53:ac:7f:18:ba:76:f7:9f:8f:a0:b5:28:d0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5531: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5532: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5533: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 8e:3c:46:77:3f:e4:7a:92:12:26:c0:e6:62:78:2b:49 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5534: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5535: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5536: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0a:f6:83:b6:22:87:28:25:24:fb:f0:68:62:9f:99:2d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5537: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5538: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5539: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 23:a7:bb:91:36:18:31:55:6f:be:7a:14:57:8b:c8:57 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5540: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5541: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5542: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b5:ff:c2:b1:67:f8:c5:b3:b2:c6:25:33:98:96:9d:0f Iteration Count: 2000 (0x7d0) tools.sh: #5543: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5544: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5545: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 3f:5e:61:d8:65:e7:bf:2d:4f:9c:07:64:33:75:d0:92 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5546: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5547: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5548: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c1:9e:39:e1:25:ad:e6:aa:3d:dc:bb:67:6d:2c:68:a4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5549: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5550: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5551: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a1:08:f6:e6:2b:5a:0a:46:ea:4a:81:0c:3d:13:30:1d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5552: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5553: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5554: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 88:66:8f:e3:cd:5f:30:bd:ac:47:b7:91:51:9f:8e:31 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5555: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5556: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5557: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 77:36:a5:67:2a:84:a7:08:30:3f:a2:c6:11:09:79:b6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5558: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5559: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5560: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 19:f9:f6:20:7e:87:ae:29:4b:0f:f9:b9:fe:f4:a1:69 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5561: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5562: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5563: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 52:22:1b:c3:41:1a:8f:d3:6b:60:a4:58:9c:cf:64:b9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5564: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5565: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5566: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b8:7f:15:67:bd:f6:36:57:62:2a:af:e0:54:27:a5:a9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5567: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5568: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5569: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 43:b5:1c:05:17:d9:f0:98:75:58:75:0e:35:de:ae:9a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5570: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5571: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5572: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: aa:db:a1:76:50:7d:c5:9b:a2:78:66:33:4b:23:35:fe Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:10:13 2015 Not After : Mon May 18 22:10:13 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:4b:5e:9d:e2:8a:20:be:cd:d7:6f:03:a0:c7:50:98: 52:e8:3a:22:84:1d:ea:36:f3:e9:14:63:58:cd:e7:dd: 03:bc:98:14:76:48:37:8a:2e:af:7a:6a:60:13:98:d7: 21:6d:e8:2e:84:2f:bd:90:a0:9e:17:07:98:e5:15:14: 17:8e:b4:21:e8:22:2b:38:59:7e:94:af:db:2f:86:39: 30:bb:44:71:cc:1c:40:63:8a:d1:e3:91:d0:4b:d0:75: f3:c6:3a:ff:45:04:3a:34:59:11:bf:af:22:d8:35:b2: 4c:42:53:ec:97:63:08:51:aa:e2:c1:a5:54:99:1e:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:81:51:26:ff:93:4e:31:dc:14:91:d3:69:63:d7:8c: 56:03:fe:f9:2f:46:08:dc:93:be:ba:89:96:40:dd:10: 55:4a:4e:d4:2a:ce:1f:5b:95:57:8a:cf:25:19:d7:17: e7:1d:7f:fd:08:78:ff:b4:99:bf:58:a6:ef:b0:f4:b4: 76:1e:f9:08:88:e5:28:c4:39:cb:4d:4f:bd:2f:d0:63: 27:d5:71:62:cf:3f:88:1c:52:14:bb:d0:9c:93:c4:08: 45:07:d1:ab:38:45:66:72:79:9e:9b:0c:0a:eb:75:88: 34:67:1d:7a:d7:9e:99:a7:92:6a:62:89:b3:bd:83:6b Fingerprint (SHA-256): 57:D7:03:D9:61:D6:2A:9A:A1:36:44:A6:7C:74:84:12:AD:2E:93:D9:8F:E8:1D:C1:8C:4B:2F:55:A4:A4:4B:A8 Fingerprint (SHA1): 48:1A:1F:9C:F6:73:EA:1E:02:3C:85:DA:1C:1A:6C:2A:D6:72:72:33 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:11:50 2015 Not After : Mon May 18 22:11:50 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e0:ea:8f:ad:62:32:6e:e0:f6:22:ef:ce:22:8b:bf: ab:ef:9e:a4:ce:9c:a5:cb:91:a5:c0:60:5b:ef:e9:11: 11:fa:01:8d:be:13:ab:4f:6c:7d:56:ce:83:77:0f:c7: 57:0e:21:71:6d:b5:5c:0c:0c:9c:6c:9e:f2:41:77:1a: 30:69:13:c0:ee:d4:47:85:57:1b:30:48:1f:7b:4c:a6: 60:92:26:fc:5d:3d:cb:cd:81:ff:e1:c8:4a:97:ac:f9: c6:8b:ac:b4:11:12:80:57:7f:9a:d1:dd:98:bb:5d:99: e9:58:e4:f5:22:ff:00:07:0e:2f:c7:87:fe:2b:e2:af Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:ad:82:9a:b2:a3:19:ac:2c:c0:dc:bc:4c:20:09:b6: 97:5f:9c:8d:7c:48:84:54:a8:68:e7:a0:1d:f4:72:97: 77:f7:e2:e0:d3:c4:71:81:d6:ea:34:32:a1:84:e1:c6: 49:a4:84:2d:86:47:9b:2a:c6:28:29:bd:83:1f:7c:01: 16:bf:62:3d:0c:24:60:2d:23:8e:fd:d1:53:9f:2f:cd: 5c:e3:30:64:11:b6:73:b2:3e:b3:5f:84:56:08:0e:23: 4b:46:6f:30:14:91:34:35:de:bc:f7:1f:49:08:3f:33: fd:f4:f2:4c:c9:cf:43:71:59:01:8c:c7:a3:d9:75:31 Fingerprint (SHA-256): 9F:80:95:89:21:C4:5D:06:1E:46:58:DB:DE:5C:60:02:AC:66:12:74:25:72:84:83:9E:3B:17:DB:F1:64:12:1E Fingerprint (SHA1): 92:C2:11:38:4C:D3:B4:48:CB:83:B8:ED:31:06:51:2A:B3:20:A3:9F Friendly Name: Alice tools.sh: #5573: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5574: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #5575: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5576: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #5577: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%) tree "../tools/html" signed successfully tools.sh: #5578: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #5579: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #5580: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #5581: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #5582: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #5583: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Mon May 18 18:18:20 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Mon May 18 18:18:20 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #5584: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #5585: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 8c3d1f4855c46895050d7e47e8024018a6a1b4fb NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #5586: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #5587: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #5588: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #5589: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #5590: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #5591: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #5592: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #5593: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #5594: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #5595: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #5596: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 8c3d1f4855c46895050d7e47e8024018a6a1b4fb FIPS_PUB_140_Test_Certificate fips.sh: #5597: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #5598: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #5599: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #5600: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #5601: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 8c3d1f4855c46895050d7e47e8024018a6a1b4fb FIPS_PUB_140_Test_Certificate fips.sh: #5602: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #5603: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #5604: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle dbtest -r -d ../fips fips.sh: #5605: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Mon May 18 18:19:40 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Mon May 18 18:19:40 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #5606: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #5607: CMMF test . - PASSED TIMESTAMP crmf END: Mon May 18 18:19:41 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Mon May 18 18:19:41 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #5608: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5609: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #5610: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #5611: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #5612: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #5613: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5614: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #5615: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #5616: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #5617: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #5618: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5619: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #5620: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #5621: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #5622: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #5623: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5624: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #5625: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #5626: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #5627: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #5628: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5629: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #5630: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #5631: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #5632: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #5633: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5634: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #5635: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #5636: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #5637: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #5638: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5639: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #5640: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #5641: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #5642: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #5643: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5644: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #5645: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #5646: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #5647: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #5648: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #5649: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #5650: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #5651: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #5652: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #5653: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #5654: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #5655: Decrypt with a Multiple Email cert . - PASSED smime.sh: #5656: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #5657: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #5658: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #5659: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #5660: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #5661: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #5662: Decode Encrypted-Data . - PASSED smime.sh: #5663: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #5664: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #5665: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #5666: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #5667: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #5668: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Mon May 18 18:20:13 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Mon May 18 18:20:13 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Mon May 18 18:20:13 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Mon May 18 18:20:13 EDT 2015 sdr.sh: SDR Tests =============================== sdr.sh: Creating an SDR key/SDR Encrypt - Value 1 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.25156 -t "Test1" sdr.sh: #5669: Creating SDR Key/Encrypt - Value 1 - PASSED sdr.sh: SDR Encrypt - Value 2 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v2.25156 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #5670: Encrypt - Value 2 - PASSED sdr.sh: SDR Encrypt - Value 3 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.25156 -t "1234567" sdr.sh: #5671: Encrypt - Value 3 - PASSED sdr.sh: SDR Decrypt - Value 1 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.25156 -t "Test1" sdr.sh: #5672: Decrypt - Value 1 - PASSED sdr.sh: SDR Decrypt - Value 2 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v2.25156 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #5673: Decrypt - Value 2 - PASSED sdr.sh: SDR Decrypt - Value 3 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.25156 -t "1234567" sdr.sh: #5674: Decrypt - Value 3 - PASSED merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #5675: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5676: Merging Dave - PASSED merge.sh: Merging in new user certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5677: Merging server - PASSED merge.sh: Merging in new chain certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5678: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5679: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5680: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:15:01 2015 Not After : Mon May 18 22:15:01 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:06:22:fa:db:38:ee:30:af:6c:4f:ee:34:30:24:04: 43:b8:87:f1:ec:38:32:68:e5:e2:85:99:dd:a8:51:b3: 44:95:31:93:dd:90:9a:90:d1:27:3d:18:b4:9d:f9:ec: 59:80:04:16:f1:88:ff:e7:37:69:3e:d4:63:ce:79:42: 27:53:36:7e:fa:69:b4:49:85:9d:cd:ce:44:5e:43:51: 46:dd:82:c8:94:04:f7:c8:f3:0e:7e:a6:fb:2e:83:34: f7:1a:a0:97:4b:2c:46:e7:18:9f:b7:95:5e:57:e5:e4: 15:b8:07:37:34:16:ea:1b:9a:c9:ac:eb:d9:02:0a:3b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:d1:db:88:76:55:e9:ca:bf:9d:dc:af:ae:37:e9:77: 20:39:aa:91:1e:24:08:fe:77:dc:f1:d2:8e:1b:60:e4: 61:20:6e:83:f4:c4:d7:71:3d:34:ff:6b:0c:eb:be:60: e4:eb:08:cb:e7:cf:bf:25:93:88:13:c6:f7:fb:71:c9: 5c:00:7c:e7:13:d4:14:3d:56:0f:e6:1a:5b:ab:8f:ff: 38:68:22:fb:61:5e:aa:38:ad:35:b1:5b:57:da:53:8e: 36:5c:2c:5a:b3:b5:35:7e:54:29:14:1c:9f:31:23:c4: a3:22:a7:83:6c:b2:d8:5d:33:55:70:f8:b3:2f:42:d9 Fingerprint (SHA-256): 44:5B:ED:9B:F3:74:A6:02:24:34:1C:B5:FC:5E:F5:FE:77:17:4E:53:A2:0F:08:76:5C:68:B2:C6:61:2B:C9:63 Fingerprint (SHA1): D4:9C:42:1F:DA:BA:DA:6B:55:27:3C:F5:48:62:5E:90:37:E1:26:72 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5681: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Mon May 18 22:15:08 2015 Not After : Mon May 18 22:15:08 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:b4:bc:e4:a9:55:3e:24:ef:d9:82:f2:cd:94:62:6f: 02:17:45:26:2d:19:eb:c9:89:94:ae:f0:fd:10:ae:19: 70:d4:1e:67:47:07:de:87:78:0f:69:f5:50:a8:18:43: f3:47:d2:8d:93:42:9f:59:2a:a2:b6:21:82:e9:23:f0: b3:a1:bd:8f:c1:8d:e1:c3:36:1c:b1:6b:d9:95:f4:71: c5:c9:4e:36:5f:48:5d:be:ab:b7:d4:42:6c:be:dd:01: 27:9c:0f:4c:88:8a:01:8c:74:9d:8f:0a:92:6e:99:06: af:c3:74:fb:e6:89:f9:f1:5a:12:65:4c:52:0b:7c:b9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:a2:61:87:c2:b6:2d:c0:c1:d9:17:48:04:14:ee:12: 31:05:56:c0:ba:33:28:ff:d6:aa:11:05:45:12:2a:a7: 3e:9a:35:15:3e:02:d6:e9:e9:0e:db:7e:2e:7e:a3:c5: 87:90:61:4c:46:76:ca:6b:99:63:bb:40:a7:e2:30:61: a3:0d:69:c5:a5:97:c6:6a:6d:84:fe:2b:69:99:cc:f9: ee:b5:a7:67:a4:b1:69:3a:8f:77:f8:86:02:a4:88:19: a7:c9:e4:ef:dd:1e:bb:1a:dd:e6:0d:68:e3:18:7e:45: ca:7d:cd:00:a0:7b:e2:be:2f:d4:8d:92:59:50:d6:bc Fingerprint (SHA-256): 71:F1:61:41:80:8E:80:69:88:38:4C:CA:C8:5A:79:24:40:AA:F6:46:40:79:DC:F5:F0:B0:8E:6F:56:6D:01:86 Fingerprint (SHA1): FB:3D:9A:5D:EC:BE:6B:E0:2F:59:7E:99:EB:E2:F6:E2:87:31:00:A7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5682: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5683: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI TestCA CT,C,C TestCA-ec CT,C,C Alice u,u,u Alice-ec u,u,u Alice-ecmixed u,u,u bob@bogus.com ,, Dave u,u,u eve@bogus.com ,, bob-ec@bogus.com ,, Dave-ec u,u,u Dave-ecmixed u,u,u localhost.localdomain u,u,u localhost.localdomain-ec u,u,u localhost.localdomain-ecmixed u,u,u localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec u,u,u localhost-sni.localdomain-ecmixed u,u,u ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec u,u,u serverCA-ec C,C,C ExtendedSSLUser-ecmixed u,u,u clientCA T,C,C chain-2-clientCA-ec ,, chain-2-clientCA ,, chain-1-clientCA ,, chain-1-clientCA-ec ,, clientCA-ec T,C,C Alice #2 ,, Alice #1 ,, Alice #99 ,, Alice #3 ,, Alice #4 ,, Alice #100 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.25156 -t Test2 -f ../tests.pw merge.sh: #5684: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.25156 -t Test1 -f ../tests.pw merge.sh: #5685: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #5686: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #5687: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #5688: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Mon May 18 22:16:08 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Mon May 18 22:10:09 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Mon May 18 22:16:05 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #5689: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Mon May 18 18:20:40 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Mon May 18 18:20:40 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #5690: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182041 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5691: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #5692: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5693: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #5694: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5695: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5696: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5697: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5698: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #5699: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5700: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5701: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5702: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5703: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #5704: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5705: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5706: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5707: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5708: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #5709: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5710: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5711: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5712: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #5713: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5714: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5715: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5716: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #5717: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5718: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5719: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5720: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #5721: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5722: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5723: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5724: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #5725: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5726: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5727: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5728: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #5729: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5730: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5731: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5732: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #5733: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5734: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5735: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5736: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #5737: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5738: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5739: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5740: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #5741: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5742: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5743: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5744: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #5745: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5746: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9683/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5747: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5748: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #5749: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5750: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9684 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5751: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5752: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518222135Z nextupdate=20160518222135Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 22:21:35 2015 Next Update: Wed May 18 22:21:35 2016 CRL Extensions: chains.sh: #5753: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150518222136Z addcert 2 20150518222136Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Mon May 18 22:21:36 2015 Next Update: Wed May 18 22:21:35 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:36 2015 CRL Extensions: chains.sh: #5754: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518222136Z nextupdate=20160518222136Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 22:21:36 2015 Next Update: Wed May 18 22:21:36 2016 CRL Extensions: chains.sh: #5755: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518222137Z addcert 2 20150518222137Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 22:21:37 2015 Next Update: Wed May 18 22:21:36 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:37 2015 CRL Extensions: chains.sh: #5756: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150518222138Z addcert 4 20150518222138Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Mon May 18 22:21:38 2015 Next Update: Wed May 18 22:21:36 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:37 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Mon May 18 22:21:38 2015 CRL Extensions: chains.sh: #5757: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518222139Z nextupdate=20160518222139Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 22:21:39 2015 Next Update: Wed May 18 22:21:39 2016 CRL Extensions: chains.sh: #5758: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518222140Z addcert 2 20150518222140Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 22:21:40 2015 Next Update: Wed May 18 22:21:39 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:40 2015 CRL Extensions: chains.sh: #5759: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150518222141Z addcert 3 20150518222141Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Mon May 18 22:21:41 2015 Next Update: Wed May 18 22:21:39 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:40 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 22:21:41 2015 CRL Extensions: chains.sh: #5760: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518222142Z nextupdate=20160518222142Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 22:21:42 2015 Next Update: Wed May 18 22:21:42 2016 CRL Extensions: chains.sh: #5761: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518222143Z addcert 2 20150518222143Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 22:21:43 2015 Next Update: Wed May 18 22:21:42 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:43 2015 CRL Extensions: chains.sh: #5762: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150518222144Z addcert 3 20150518222144Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Mon May 18 22:21:44 2015 Next Update: Wed May 18 22:21:42 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Mon May 18 22:21:43 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Mon May 18 22:21:44 2015 CRL Extensions: chains.sh: #5763: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #5764: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #5765: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #5766: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5767: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5768: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5769: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5770: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #5771: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #5772: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #5773: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #5774: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #5775: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #5776: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #5777: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #5778: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #5779: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #5780: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #5781: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #5782: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #5783: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #5784: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #5785: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #5786: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #5787: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Mon May 18 18:22:02 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 18:22:02 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 18:22:08 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5788: Waiting for Server - FAILED kill -0 21478 >/dev/null 2>/dev/null httpserv with PID 21478 found at Mon May 18 18:22:08 EDT 2015 httpserv with PID 21478 started at Mon May 18 18:22:08 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5789: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 21478 at Mon May 18 18:22:09 EDT 2015 kill -USR1 21478 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 21478 killed at Mon May 18 18:22:10 EDT 2015 httpserv starting at Mon May 18 18:22:10 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 18:22:10 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 18:22:15 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5790: Waiting for Server - FAILED kill -0 21566 >/dev/null 2>/dev/null httpserv with PID 21566 found at Mon May 18 18:22:16 EDT 2015 httpserv with PID 21566 started at Mon May 18 18:22:16 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9683 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5791: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 21566 at Mon May 18 18:22:17 EDT 2015 kill -USR1 21566 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 21566 killed at Mon May 18 18:22:18 EDT 2015 httpserv starting at Mon May 18 18:22:18 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 18:22:18 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 18:22:23 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5792: Waiting for Server - FAILED kill -0 21652 >/dev/null 2>/dev/null httpserv with PID 21652 found at Mon May 18 18:22:24 EDT 2015 httpserv with PID 21652 started at Mon May 18 18:22:24 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #5793: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182042 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5794: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #5795: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #5796: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182043 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5797: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #5798: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #5799: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5800: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182044 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5801: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5802: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182045 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5803: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5804: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #5805: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #5806: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5807: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518182046 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5808: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5809: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5810: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #5811: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #5812: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182043 (0x1ee2d49b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:22:30 2015 Not After : Mon May 18 22:22:30 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b1:2f:9f:7a:b5:da:72:00:76:f0:dd:8f:9a:a8:9f: 55:01:1f:6a:55:9c:ca:71:c8:40:48:0b:43:51:a4:9c: 90:9c:0a:f9:0d:d3:07:71:c3:73:4c:0a:9d:c3:77:f3: 80:45:fe:d1:49:12:19:2d:a0:e5:08:ee:1b:b6:db:d5: 2a:e3:2d:e2:f8:82:99:61:a3:a1:2e:ce:52:77:5b:dc: 85:42:8a:a3:82:3e:9d:86:4d:d0:f7:1c:5f:d4:fa:2d: 5e:c3:59:cf:92:62:3f:e0:ad:58:3b:3d:21:75:a3:e9: 16:ef:b7:12:6e:6a:51:86:56:19:5b:e7:04:eb:13:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:8f:3e:f2:9d:7f:f4:71:4c:ab:3c:56:cf:d9:75:65: 3f:2a:31:a9:15:e5:43:71:42:16:be:ab:c1:d2:16:cd: 1a:06:41:bb:68:eb:b0:1d:9c:e8:08:ae:5f:3d:76:8b: b7:15:03:3d:1b:ef:f5:a0:4a:be:9c:c5:39:41:d4:99: 15:c0:49:2a:8d:0d:95:01:cc:15:a1:46:dc:38:81:35: 98:65:73:09:43:f1:84:83:86:cb:cd:5f:ce:d9:f3:cb: a8:44:a1:47:f8:d8:8d:7d:bb:f8:77:3d:00:d4:62:d7: 09:21:75:ee:5c:93:85:6c:a1:5e:d2:5a:dc:04:32:69 Fingerprint (SHA-256): 14:CA:A9:DC:77:A9:35:3A:47:05:81:76:91:65:35:59:91:DF:ED:5A:36:D0:74:A0:27:F8:1A:41:5E:28:A6:71 Fingerprint (SHA1): 90:34:31:8C:30:12:F3:0F:C8:F3:AB:11:38:D2:27:7F:26:A1:18:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5813: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182042 (0x1ee2d49a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:22:26 2015 Not After : Mon May 18 22:22:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:5c:36:45:8c:d9:ee:b4:80:ad:6c:d7:70:5b:a3:09: 74:a2:0a:9c:fa:9e:19:ae:49:8d:75:ca:0e:82:79:a7: c2:94:38:e8:7d:51:a1:de:8b:50:40:1d:32:3a:42:7f: 57:78:33:07:43:ed:9c:4d:33:e1:96:44:8a:51:b4:16: a2:f8:d4:4a:ef:d1:8f:64:ab:5e:dc:f0:28:65:a7:e2: e1:5e:98:1b:4e:0e:1c:9c:9f:22:71:ca:96:a5:94:f9: 87:87:df:17:20:7d:9d:f3:e8:a2:79:fd:8f:99:f3:0a: 52:4c:7b:4b:0d:b2:6c:9f:7b:57:49:46:96:58:55:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ef:b2:26:09:72:e1:77:85:61:c0:09:2e:c8:2d:79: 5a:54:82:a4:d2:d9:e7:62:97:da:67:af:ef:0e:6a:bb: 1a:83:91:eb:c0:c9:87:95:84:2f:ba:b4:a7:88:d1:d1: cd:60:05:c2:e8:13:54:b4:47:50:71:36:1c:0c:38:29: cb:64:fe:ca:0a:0a:19:4b:84:ad:71:49:a4:34:90:b5: f8:6f:29:a9:9f:ce:64:df:25:ee:2d:4b:7d:e0:a8:f0: 5b:44:f7:ff:3e:bf:45:1c:e0:de:6b:f1:1e:0f:22:b5: 6d:dd:13:82:42:67:16:cf:3d:4d:84:10:7c:f0:93:7d Fingerprint (SHA-256): AF:AE:57:7D:69:29:0B:BD:76:43:90:C5:3A:A0:35:49:F6:7A:79:BF:6C:8D:55:DE:21:45:4D:56:9D:DA:E6:2B Fingerprint (SHA1): C8:10:DC:B5:76:3D:12:26:39:65:2B:A6:94:E1:69:22:57:3D:3A:62 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5814: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5815: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #5816: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #5817: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182042 (0x1ee2d49a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:22:26 2015 Not After : Mon May 18 22:22:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:5c:36:45:8c:d9:ee:b4:80:ad:6c:d7:70:5b:a3:09: 74:a2:0a:9c:fa:9e:19:ae:49:8d:75:ca:0e:82:79:a7: c2:94:38:e8:7d:51:a1:de:8b:50:40:1d:32:3a:42:7f: 57:78:33:07:43:ed:9c:4d:33:e1:96:44:8a:51:b4:16: a2:f8:d4:4a:ef:d1:8f:64:ab:5e:dc:f0:28:65:a7:e2: e1:5e:98:1b:4e:0e:1c:9c:9f:22:71:ca:96:a5:94:f9: 87:87:df:17:20:7d:9d:f3:e8:a2:79:fd:8f:99:f3:0a: 52:4c:7b:4b:0d:b2:6c:9f:7b:57:49:46:96:58:55:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ef:b2:26:09:72:e1:77:85:61:c0:09:2e:c8:2d:79: 5a:54:82:a4:d2:d9:e7:62:97:da:67:af:ef:0e:6a:bb: 1a:83:91:eb:c0:c9:87:95:84:2f:ba:b4:a7:88:d1:d1: cd:60:05:c2:e8:13:54:b4:47:50:71:36:1c:0c:38:29: cb:64:fe:ca:0a:0a:19:4b:84:ad:71:49:a4:34:90:b5: f8:6f:29:a9:9f:ce:64:df:25:ee:2d:4b:7d:e0:a8:f0: 5b:44:f7:ff:3e:bf:45:1c:e0:de:6b:f1:1e:0f:22:b5: 6d:dd:13:82:42:67:16:cf:3d:4d:84:10:7c:f0:93:7d Fingerprint (SHA-256): AF:AE:57:7D:69:29:0B:BD:76:43:90:C5:3A:A0:35:49:F6:7A:79:BF:6C:8D:55:DE:21:45:4D:56:9D:DA:E6:2B Fingerprint (SHA1): C8:10:DC:B5:76:3D:12:26:39:65:2B:A6:94:E1:69:22:57:3D:3A:62 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5818: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182043 (0x1ee2d49b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:22:30 2015 Not After : Mon May 18 22:22:30 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b1:2f:9f:7a:b5:da:72:00:76:f0:dd:8f:9a:a8:9f: 55:01:1f:6a:55:9c:ca:71:c8:40:48:0b:43:51:a4:9c: 90:9c:0a:f9:0d:d3:07:71:c3:73:4c:0a:9d:c3:77:f3: 80:45:fe:d1:49:12:19:2d:a0:e5:08:ee:1b:b6:db:d5: 2a:e3:2d:e2:f8:82:99:61:a3:a1:2e:ce:52:77:5b:dc: 85:42:8a:a3:82:3e:9d:86:4d:d0:f7:1c:5f:d4:fa:2d: 5e:c3:59:cf:92:62:3f:e0:ad:58:3b:3d:21:75:a3:e9: 16:ef:b7:12:6e:6a:51:86:56:19:5b:e7:04:eb:13:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:8f:3e:f2:9d:7f:f4:71:4c:ab:3c:56:cf:d9:75:65: 3f:2a:31:a9:15:e5:43:71:42:16:be:ab:c1:d2:16:cd: 1a:06:41:bb:68:eb:b0:1d:9c:e8:08:ae:5f:3d:76:8b: b7:15:03:3d:1b:ef:f5:a0:4a:be:9c:c5:39:41:d4:99: 15:c0:49:2a:8d:0d:95:01:cc:15:a1:46:dc:38:81:35: 98:65:73:09:43:f1:84:83:86:cb:cd:5f:ce:d9:f3:cb: a8:44:a1:47:f8:d8:8d:7d:bb:f8:77:3d:00:d4:62:d7: 09:21:75:ee:5c:93:85:6c:a1:5e:d2:5a:dc:04:32:69 Fingerprint (SHA-256): 14:CA:A9:DC:77:A9:35:3A:47:05:81:76:91:65:35:59:91:DF:ED:5A:36:D0:74:A0:27:F8:1A:41:5E:28:A6:71 Fingerprint (SHA1): 90:34:31:8C:30:12:F3:0F:C8:F3:AB:11:38:D2:27:7F:26:A1:18:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5819: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #5820: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #5821: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #5822: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5823: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5824: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182043 (0x1ee2d49b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:22:30 2015 Not After : Mon May 18 22:22:30 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b1:2f:9f:7a:b5:da:72:00:76:f0:dd:8f:9a:a8:9f: 55:01:1f:6a:55:9c:ca:71:c8:40:48:0b:43:51:a4:9c: 90:9c:0a:f9:0d:d3:07:71:c3:73:4c:0a:9d:c3:77:f3: 80:45:fe:d1:49:12:19:2d:a0:e5:08:ee:1b:b6:db:d5: 2a:e3:2d:e2:f8:82:99:61:a3:a1:2e:ce:52:77:5b:dc: 85:42:8a:a3:82:3e:9d:86:4d:d0:f7:1c:5f:d4:fa:2d: 5e:c3:59:cf:92:62:3f:e0:ad:58:3b:3d:21:75:a3:e9: 16:ef:b7:12:6e:6a:51:86:56:19:5b:e7:04:eb:13:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:8f:3e:f2:9d:7f:f4:71:4c:ab:3c:56:cf:d9:75:65: 3f:2a:31:a9:15:e5:43:71:42:16:be:ab:c1:d2:16:cd: 1a:06:41:bb:68:eb:b0:1d:9c:e8:08:ae:5f:3d:76:8b: b7:15:03:3d:1b:ef:f5:a0:4a:be:9c:c5:39:41:d4:99: 15:c0:49:2a:8d:0d:95:01:cc:15:a1:46:dc:38:81:35: 98:65:73:09:43:f1:84:83:86:cb:cd:5f:ce:d9:f3:cb: a8:44:a1:47:f8:d8:8d:7d:bb:f8:77:3d:00:d4:62:d7: 09:21:75:ee:5c:93:85:6c:a1:5e:d2:5a:dc:04:32:69 Fingerprint (SHA-256): 14:CA:A9:DC:77:A9:35:3A:47:05:81:76:91:65:35:59:91:DF:ED:5A:36:D0:74:A0:27:F8:1A:41:5E:28:A6:71 Fingerprint (SHA1): 90:34:31:8C:30:12:F3:0F:C8:F3:AB:11:38:D2:27:7F:26:A1:18:5D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5825: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182043 (0x1ee2d49b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:22:30 2015 Not After : Mon May 18 22:22:30 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b1:2f:9f:7a:b5:da:72:00:76:f0:dd:8f:9a:a8:9f: 55:01:1f:6a:55:9c:ca:71:c8:40:48:0b:43:51:a4:9c: 90:9c:0a:f9:0d:d3:07:71:c3:73:4c:0a:9d:c3:77:f3: 80:45:fe:d1:49:12:19:2d:a0:e5:08:ee:1b:b6:db:d5: 2a:e3:2d:e2:f8:82:99:61:a3:a1:2e:ce:52:77:5b:dc: 85:42:8a:a3:82:3e:9d:86:4d:d0:f7:1c:5f:d4:fa:2d: 5e:c3:59:cf:92:62:3f:e0:ad:58:3b:3d:21:75:a3:e9: 16:ef:b7:12:6e:6a:51:86:56:19:5b:e7:04:eb:13:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:8f:3e:f2:9d:7f:f4:71:4c:ab:3c:56:cf:d9:75:65: 3f:2a:31:a9:15:e5:43:71:42:16:be:ab:c1:d2:16:cd: 1a:06:41:bb:68:eb:b0:1d:9c:e8:08:ae:5f:3d:76:8b: b7:15:03:3d:1b:ef:f5:a0:4a:be:9c:c5:39:41:d4:99: 15:c0:49:2a:8d:0d:95:01:cc:15:a1:46:dc:38:81:35: 98:65:73:09:43:f1:84:83:86:cb:cd:5f:ce:d9:f3:cb: a8:44:a1:47:f8:d8:8d:7d:bb:f8:77:3d:00:d4:62:d7: 09:21:75:ee:5c:93:85:6c:a1:5e:d2:5a:dc:04:32:69 Fingerprint (SHA-256): 14:CA:A9:DC:77:A9:35:3A:47:05:81:76:91:65:35:59:91:DF:ED:5A:36:D0:74:A0:27:F8:1A:41:5E:28:A6:71 Fingerprint (SHA1): 90:34:31:8C:30:12:F3:0F:C8:F3:AB:11:38:D2:27:7F:26:A1:18:5D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5826: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #5827: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #5828: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #5829: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #5830: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #5831: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182042 (0x1ee2d49a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:22:26 2015 Not After : Mon May 18 22:22:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:5c:36:45:8c:d9:ee:b4:80:ad:6c:d7:70:5b:a3:09: 74:a2:0a:9c:fa:9e:19:ae:49:8d:75:ca:0e:82:79:a7: c2:94:38:e8:7d:51:a1:de:8b:50:40:1d:32:3a:42:7f: 57:78:33:07:43:ed:9c:4d:33:e1:96:44:8a:51:b4:16: a2:f8:d4:4a:ef:d1:8f:64:ab:5e:dc:f0:28:65:a7:e2: e1:5e:98:1b:4e:0e:1c:9c:9f:22:71:ca:96:a5:94:f9: 87:87:df:17:20:7d:9d:f3:e8:a2:79:fd:8f:99:f3:0a: 52:4c:7b:4b:0d:b2:6c:9f:7b:57:49:46:96:58:55:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ef:b2:26:09:72:e1:77:85:61:c0:09:2e:c8:2d:79: 5a:54:82:a4:d2:d9:e7:62:97:da:67:af:ef:0e:6a:bb: 1a:83:91:eb:c0:c9:87:95:84:2f:ba:b4:a7:88:d1:d1: cd:60:05:c2:e8:13:54:b4:47:50:71:36:1c:0c:38:29: cb:64:fe:ca:0a:0a:19:4b:84:ad:71:49:a4:34:90:b5: f8:6f:29:a9:9f:ce:64:df:25:ee:2d:4b:7d:e0:a8:f0: 5b:44:f7:ff:3e:bf:45:1c:e0:de:6b:f1:1e:0f:22:b5: 6d:dd:13:82:42:67:16:cf:3d:4d:84:10:7c:f0:93:7d Fingerprint (SHA-256): AF:AE:57:7D:69:29:0B:BD:76:43:90:C5:3A:A0:35:49:F6:7A:79:BF:6C:8D:55:DE:21:45:4D:56:9D:DA:E6:2B Fingerprint (SHA1): C8:10:DC:B5:76:3D:12:26:39:65:2B:A6:94:E1:69:22:57:3D:3A:62 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5832: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182042 (0x1ee2d49a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:22:26 2015 Not After : Mon May 18 22:22:26 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:5c:36:45:8c:d9:ee:b4:80:ad:6c:d7:70:5b:a3:09: 74:a2:0a:9c:fa:9e:19:ae:49:8d:75:ca:0e:82:79:a7: c2:94:38:e8:7d:51:a1:de:8b:50:40:1d:32:3a:42:7f: 57:78:33:07:43:ed:9c:4d:33:e1:96:44:8a:51:b4:16: a2:f8:d4:4a:ef:d1:8f:64:ab:5e:dc:f0:28:65:a7:e2: e1:5e:98:1b:4e:0e:1c:9c:9f:22:71:ca:96:a5:94:f9: 87:87:df:17:20:7d:9d:f3:e8:a2:79:fd:8f:99:f3:0a: 52:4c:7b:4b:0d:b2:6c:9f:7b:57:49:46:96:58:55:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:ef:b2:26:09:72:e1:77:85:61:c0:09:2e:c8:2d:79: 5a:54:82:a4:d2:d9:e7:62:97:da:67:af:ef:0e:6a:bb: 1a:83:91:eb:c0:c9:87:95:84:2f:ba:b4:a7:88:d1:d1: cd:60:05:c2:e8:13:54:b4:47:50:71:36:1c:0c:38:29: cb:64:fe:ca:0a:0a:19:4b:84:ad:71:49:a4:34:90:b5: f8:6f:29:a9:9f:ce:64:df:25:ee:2d:4b:7d:e0:a8:f0: 5b:44:f7:ff:3e:bf:45:1c:e0:de:6b:f1:1e:0f:22:b5: 6d:dd:13:82:42:67:16:cf:3d:4d:84:10:7c:f0:93:7d Fingerprint (SHA-256): AF:AE:57:7D:69:29:0B:BD:76:43:90:C5:3A:A0:35:49:F6:7A:79:BF:6C:8D:55:DE:21:45:4D:56:9D:DA:E6:2B Fingerprint (SHA1): C8:10:DC:B5:76:3D:12:26:39:65:2B:A6:94:E1:69:22:57:3D:3A:62 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5833: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #5834: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182047 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5835: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #5836: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #5837: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182048 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5838: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #5839: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #5840: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182049 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5841: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #5842: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #5843: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182050 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5844: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #5845: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #5846: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182051 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5847: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #5848: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #5849: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182052 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5850: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #5851: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #5852: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182053 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5853: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #5854: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #5855: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182054 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5856: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #5857: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #5858: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182055 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5859: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #5860: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #5861: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5862: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518182056 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5863: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5864: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518182057 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5865: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5866: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518182058 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5867: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5868: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #5869: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #5870: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5871: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518182059 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5872: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5873: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518182060 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5874: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5875: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518182061 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5876: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5877: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #5878: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #5879: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5880: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518182062 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5881: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5882: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518182063 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5883: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5884: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518182064 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5885: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5886: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #5887: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #5888: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5889: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518182065 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5890: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5891: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518182066 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5892: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5893: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518182067 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5894: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5895: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #5896: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5897: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5898: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518182068 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5899: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5900: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #5901: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5902: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182069 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5903: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5904: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182047 (0x1ee2d49f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 22:23:00 2015 Not After : Mon May 18 22:23:00 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:9a:e3:7c:42:46:b4:fd:b7:6c:1e:22:cf:a0:a3:d5: 9b:d2:18:2e:5b:2c:f7:7e:b9:08:12:e6:0c:81:51:ef: 1b:63:3e:bc:c1:dc:c5:94:f6:0b:ac:74:4d:55:32:ee: 0e:95:7e:11:eb:e9:a2:e9:37:4e:57:d5:8e:9a:cb:ce: 4d:4b:1d:ef:5a:67:34:1b:92:b4:59:0c:4c:c3:07:4e: 25:b4:b3:6e:96:b4:5f:a4:d4:a4:29:48:e5:ac:f2:f3: 8c:f6:e4:02:f0:96:5f:13:05:7b:04:85:1b:14:bb:21: ae:ee:36:a3:ba:0b:3a:42:fc:7b:a8:c8:5a:5d:3a:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 77:42:8c:99:a7:a8:09:4e:4c:33:2c:25:b2:1d:48:a0: ef:39:3d:03:e9:a0:84:79:30:00:4b:a9:33:76:60:58: 14:b9:d2:8c:de:4b:3d:99:34:2a:80:40:58:b7:38:44: de:06:7d:0b:50:0b:e5:66:29:c2:53:36:cb:be:d6:b7: 62:b4:d7:c6:99:d2:8e:a1:9a:62:ce:7b:ef:81:74:2e: dc:ef:08:90:36:ce:ff:24:28:7b:1f:e0:db:22:c9:31: b2:cd:e7:3b:81:79:13:52:d6:87:11:d9:bc:bc:1a:4c: 7d:c4:9c:44:8c:ae:f0:f8:98:1a:66:f8:22:f3:69:a4 Fingerprint (SHA-256): E6:73:6A:F7:DA:FA:53:D1:A4:61:B3:D2:05:D6:5A:AC:F7:B1:BF:A8:07:44:F6:A0:C1:DB:6F:B6:7A:89:15:BE Fingerprint (SHA1): FC:71:84:64:26:AE:6B:6E:8F:F1:51:4A:D7:CF:B4:CE:90:18:D0:FD Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5905: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182048 (0x1ee2d4a0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 22:23:04 2015 Not After : Mon May 18 22:23:04 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: fa:a3:e1:c4:2d:b8:74:1c:a2:a3:97:8c:00:65:e1:6b: 8b:43:3d:21:fb:97:0d:99:b6:98:03:db:37:95:8c:39: a9:7c:9b:c0:2d:30:5f:c2:ff:9b:6a:06:62:ba:a7:e7: 30:f2:18:77:43:e0:0e:c0:49:b0:0c:38:44:e2:2b:6d: 5f:ee:4f:d2:5e:8f:9c:9a:36:89:55:cc:88:20:25:5c: f2:11:63:0a:a1:48:d6:0a:22:93:a1:d6:e9:db:af:df: 15:9f:68:45:c1:23:09:bf:06:4c:97:b7:7c:d6:a7:a0: db:71:72:f1:e2:27:37:9d:4e:30:e8:f5:e8:71:d7:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:58:6a:dc:22:ff:e7:35:f4:be:da:74:27:c8:c4:13: 81:ec:1f:e0:45:ec:a3:58:bf:1e:11:11:c0:54:e9:b1: 95:54:f4:ec:19:06:61:49:4e:7f:37:65:e2:b3:f5:ea: 40:59:e7:b4:8c:c9:89:63:68:10:7e:f8:a7:ca:a3:39: 7d:d1:96:87:4c:51:85:76:5a:5b:08:8a:5c:3e:b2:fb: 5b:8b:2c:55:84:ce:34:c6:b4:dd:57:99:e1:b6:c8:cf: c7:aa:6a:f3:5a:9a:7e:52:c6:db:46:c5:0e:21:5a:c7: 47:97:94:47:e8:4a:e7:c0:f3:a3:93:12:01:df:5f:5c Fingerprint (SHA-256): 4A:0B:ED:4B:22:F4:B1:02:0D:69:01:34:C3:1B:85:48:A4:78:8B:34:90:71:24:E9:D4:7C:9C:96:11:34:7B:47 Fingerprint (SHA1): E4:17:11:68:B7:32:0C:2D:FB:DE:5F:D9:D7:EC:7B:45:44:3B:2E:45 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5906: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182049 (0x1ee2d4a1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 22:23:07 2015 Not After : Mon May 18 22:23:07 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0b:1d:d4:d9:10:fc:df:bd:d3:07:2a:a7:d8:58:cd: eb:f5:ea:e7:1a:ae:af:df:53:fb:e2:70:70:d1:17:6f: 6e:4e:01:5b:65:eb:c9:31:18:e9:87:3e:08:cd:19:72: 10:1e:6a:7f:88:5e:50:de:62:bd:59:a9:27:a2:d5:e1: 90:25:98:59:91:bf:9e:24:be:2d:36:45:40:26:8d:78: a6:6d:79:51:f0:41:25:da:63:b3:80:24:52:fc:f3:b4: a7:83:44:ab:44:aa:09:fc:5b:7b:b5:35:97:42:e2:3a: d3:cc:d2:bf:c3:b7:07:05:4b:88:ee:6a:6f:31:bd:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b9:2a:48:39:fe:c7:c6:f2:95:94:75:45:16:01:25:60: df:93:4a:31:96:7c:d1:d9:52:c9:dd:77:ff:b4:f7:69: 53:c2:6e:8b:7e:47:c5:29:3e:8b:87:bc:38:c7:48:eb: 78:81:4e:be:d4:43:ce:ec:6b:b9:eb:25:a2:fc:22:6b: b0:e5:40:0c:92:88:30:4c:36:b8:8f:17:6b:03:0a:df: ac:cb:2c:14:fb:9c:b8:58:88:22:c0:45:d3:d0:4e:b2: 78:c8:cc:95:14:79:47:aa:0d:ed:65:43:3a:42:70:0a: 54:b8:40:0e:da:05:4a:9e:6a:e6:fa:67:bb:39:55:fd Fingerprint (SHA-256): F6:72:DD:C7:B9:C4:14:A4:9A:0C:05:15:45:F1:21:E5:F7:14:15:6F:68:E0:0A:82:70:06:32:EE:18:C0:9D:39 Fingerprint (SHA1): BE:A0:14:7E:0A:3D:8A:E9:DA:1C:1B:6D:E9:7A:E4:13:96:A7:21:8D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5907: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182050 (0x1ee2d4a2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 22:23:10 2015 Not After : Mon May 18 22:23:10 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:7e:e9:87:8a:fd:13:b1:77:29:eb:5f:af:90:e1:2f: cb:3b:c1:b7:f2:62:c9:45:46:d9:10:01:72:62:0b:29: 99:05:76:1c:86:b8:e8:d3:a0:00:e7:37:1e:20:0f:3c: 25:88:69:3f:9b:27:41:c1:c6:b8:0e:1c:52:c7:fb:4f: 25:8a:78:ad:9f:14:8d:ca:d2:d4:06:db:ce:13:bb:5f: 2c:68:f5:e9:d5:94:f2:cb:2a:32:15:dd:2b:c3:61:d2: f4:22:f3:81:61:fd:3d:0c:98:a5:a8:f0:b9:1d:7a:7d: e9:05:94:4d:2b:07:85:f0:c3:bb:52:cf:3f:ab:73:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:68:a9:d2:ba:7d:4f:98:9f:0c:c2:77:d5:cc:6b:eb: 98:e4:29:28:05:e3:e0:12:bb:43:a4:8b:82:aa:12:0c: 55:f4:26:15:c2:d0:af:0c:43:c7:bf:50:50:93:52:b5: 9c:3f:28:88:99:d2:47:46:5e:0c:f6:99:80:06:50:36: ac:4b:e0:e0:1a:55:27:4e:49:29:c6:c2:fa:9b:3f:eb: 96:3c:4b:77:2b:77:28:d7:09:3b:9e:3b:96:14:0d:31: 83:49:fd:28:3e:c5:1f:2d:94:d5:2b:dc:b9:d2:1a:3d: 99:cd:0a:26:5c:04:46:3a:f4:f5:f6:6f:6c:b4:b8:06 Fingerprint (SHA-256): 71:50:4D:3D:88:01:D7:1D:68:82:94:FD:8F:BB:1A:D7:BD:4D:3C:B7:DD:AF:4C:3E:E3:C3:27:14:65:CD:CF:89 Fingerprint (SHA1): 26:01:91:71:27:8B:87:19:F3:CF:1A:34:8E:84:C6:B1:49:D0:FB:EC Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5908: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182051 (0x1ee2d4a3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 22:23:13 2015 Not After : Mon May 18 22:23:13 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:fc:bf:70:eb:9e:17:46:98:16:fb:61:23:76:80:01: ad:6d:1c:d0:83:2f:45:fd:1e:62:f8:ee:62:4c:cb:a0: d9:1e:61:b3:6f:77:3e:a5:41:b6:ba:f9:80:fb:ae:e2: 79:0a:0a:76:04:e7:bd:c1:40:40:e4:1d:5d:a9:35:b7: bb:24:02:f4:9f:f8:75:7d:87:e2:47:6e:00:59:e2:f5: 67:65:32:1a:7d:ce:d4:d7:bb:ce:06:55:7b:47:fb:01: 32:01:0a:0b:c5:85:49:52:a6:48:fe:d6:3b:c8:b0:47: 0f:5f:f3:9a:27:dd:00:83:9a:e2:19:03:3c:b7:81:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7b:63:7a:9a:05:37:8b:17:cd:f6:97:65:c0:d9:c2:c6: ad:66:a6:88:8c:c6:27:a3:d4:12:ef:32:ef:9b:0a:7d: 06:f5:00:96:b1:de:c3:1a:f2:41:f6:ed:8f:3d:3c:55: 6c:84:e3:84:98:45:d4:14:52:3c:9d:6f:bb:f5:c7:e4: 5b:fc:d4:ed:36:de:3e:87:f5:2e:89:55:c5:9e:a8:55: eb:d2:a4:f1:d4:b5:84:55:20:80:73:1a:e9:d2:7f:56: d7:ac:8a:0f:e3:29:56:76:77:97:56:9b:cf:f1:c1:7e: 75:9e:47:79:32:62:d1:c6:84:ae:ad:25:bd:c8:82:6b Fingerprint (SHA-256): C3:98:27:1A:8C:B8:65:4B:9B:C7:2F:63:BF:FB:1B:56:EA:27:D1:33:20:B4:28:E6:03:FA:C2:78:E5:3F:02:11 Fingerprint (SHA1): 24:1B:F6:03:07:9C:46:BE:3D:02:E6:A8:19:84:A8:44:52:4E:A2:C4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5909: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182052 (0x1ee2d4a4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 22:23:16 2015 Not After : Mon May 18 22:23:16 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:b4:e3:57:7e:68:33:ee:fe:97:04:d3:c1:57:9a:78: 6e:ae:b5:49:c9:aa:7a:9f:3a:c0:6b:0f:e5:49:29:50: 02:63:6f:6f:ba:d6:dd:b9:dc:84:5a:98:3a:8f:ff:cd: c7:fb:ae:f6:e3:40:84:48:f0:ea:b9:7a:95:3b:e2:70: b8:9b:ef:35:4c:3d:15:1a:1d:da:61:1a:72:61:37:69: fe:e0:24:61:76:89:9d:c7:39:1e:11:37:d8:b1:94:47: b4:5c:eb:de:71:95:ad:cc:74:98:55:c4:70:23:71:a3: c8:a7:59:8b:c1:e4:45:98:c0:38:d2:6c:7f:c1:b1:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 93:df:19:9a:65:a7:6e:93:74:c3:2e:a6:2b:f7:72:21: 8e:cd:ff:58:96:4f:d9:bb:3e:d6:26:f8:7a:8d:eb:7b: cb:d1:f2:02:35:ef:90:a2:8d:a0:25:cd:95:70:16:1a: a9:22:58:cd:93:ef:fb:09:0f:5d:26:d9:40:3d:d7:02: 91:f2:76:51:93:e8:91:b1:ee:e9:1c:30:22:fd:5a:45: 5e:80:ca:77:ef:1f:e1:7c:a5:bc:37:14:0d:43:4e:70: d8:fc:ec:3b:fd:ee:a7:ef:d5:14:11:af:52:c8:86:0f: b0:43:fe:03:e2:18:63:c6:aa:9a:d3:94:95:bf:9d:3f Fingerprint (SHA-256): CF:AC:8C:F0:41:E1:C7:2D:9A:C7:77:4A:20:FC:1A:4E:7C:2B:9B:F9:76:44:E3:F9:E8:CC:F3:5F:A7:BB:4D:B3 Fingerprint (SHA1): 94:CC:43:30:3B:4B:1C:D2:69:D6:5B:2B:9A:51:CE:BC:7C:EF:02:3F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5910: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182053 (0x1ee2d4a5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 22:23:19 2015 Not After : Mon May 18 22:23:19 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:79:dc:8e:da:3a:23:e2:c2:34:5b:43:be:51:f5:cc: 67:6e:05:97:e9:f8:53:23:fe:d1:b3:48:6a:aa:f1:14: 95:47:05:70:33:d0:52:9a:68:9a:2f:16:70:44:55:2c: 04:31:43:89:ed:ab:83:ca:20:f7:2c:7a:dc:f3:c2:b3: 40:62:96:a2:78:15:6f:28:c5:ac:f8:8d:f7:b1:22:1a: 4f:0f:d9:64:7e:ad:13:be:46:b4:ca:e0:74:91:47:8f: 14:23:33:71:fe:b2:a6:ac:bc:56:b0:2c:c3:af:eb:6a: 39:d7:c2:18:6e:ea:e8:92:f2:43:c2:7d:e0:5e:24:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:81:52:7e:8a:52:92:1d:cb:25:d4:2d:ba:8c:85:60: 1b:68:c7:67:6d:98:e0:e3:14:6a:40:77:5b:c9:be:9b: d3:9c:85:23:b1:db:d0:b5:cd:62:0a:96:28:62:34:e8: ce:25:93:86:e4:f5:73:bc:00:e1:c0:3a:b5:ab:b0:dd: 24:ea:c9:fa:dd:de:6b:97:f6:88:c7:17:29:8c:a2:2c: f0:66:15:13:4f:98:92:2e:07:ff:22:9c:6b:a7:4c:69: 59:65:aa:95:a9:1c:d6:70:94:34:ea:5e:f4:5c:45:90: f0:e0:d5:d4:d3:33:da:7a:8f:60:9f:cc:10:ed:54:a9 Fingerprint (SHA-256): 18:5D:12:8A:BA:75:80:7D:7E:E9:7A:F7:9A:F8:84:FF:B2:A5:2D:48:37:19:F7:C2:26:70:8A:E2:A4:F1:C1:A4 Fingerprint (SHA1): 31:7E:8E:0A:BD:08:90:31:4C:21:BE:A8:F4:6F:C1:77:52:FD:52:EA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5911: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182054 (0x1ee2d4a6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 22:23:22 2015 Not After : Mon May 18 22:23:22 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:63:a1:38:69:60:48:b8:fa:b3:19:a7:b3:d8:c9:c0: 82:f2:fc:85:3f:65:e2:f8:4d:d4:6a:53:73:cb:02:ed: c9:c5:c8:59:44:e5:ce:f3:51:93:e7:7b:e1:14:d0:3b: cb:9a:4f:71:ac:ba:f7:7b:5f:88:d7:7d:ba:30:5f:3c: ca:a0:2c:8e:97:be:09:97:7b:7d:ba:e4:05:98:51:fc: ac:98:7c:55:09:82:e2:f9:f6:25:ef:39:dd:5f:0d:e3: 48:fc:9e:85:69:1c:06:0b:5c:86:57:ff:ec:31:76:4b: ee:33:2e:10:65:17:4b:12:b7:be:6c:0a:29:18:0a:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 83:f8:5d:4f:22:fa:01:a8:eb:5e:a0:29:ff:40:c8:f5: 95:39:52:f5:19:18:d7:50:91:11:72:72:8b:28:35:d5: e1:4b:a2:e7:9f:d4:2c:35:e1:ed:10:2f:a7:47:9f:69: e1:70:ae:5c:b3:07:07:3a:29:26:cf:b9:9e:11:ef:72: fd:d7:d5:b5:37:87:e6:46:cb:a3:3f:41:ec:94:c8:6e: 12:c1:68:8c:e5:c0:20:5c:cd:d5:7b:66:12:d1:b6:3f: b8:a9:a7:29:11:fb:c1:c8:28:3a:e3:4d:0a:7d:b8:60: bf:be:1b:75:13:68:be:a3:3b:3b:db:7c:5b:c1:30:04 Fingerprint (SHA-256): 61:4C:18:40:35:B7:8A:73:EB:97:58:1B:FE:03:29:4D:44:B3:63:13:90:1F:3B:32:28:A9:91:DB:D0:B7:F4:46 Fingerprint (SHA1): 85:F9:BA:4F:94:E2:D9:B9:0F:F2:62:F1:E7:CB:43:F4:66:C7:1D:12 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5912: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182055 (0x1ee2d4a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 22:23:25 2015 Not After : Mon May 18 22:23:25 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:c2:40:62:1e:c8:48:d5:e9:37:41:04:48:be:25:e6: 00:06:73:5e:a5:e2:82:e8:6d:51:40:e2:c1:22:f9:2b: bf:73:a4:6b:ca:d3:19:20:a3:dd:51:ef:65:e8:04:66: a3:c2:f7:70:d3:31:b8:1d:6d:58:d4:1a:90:34:a1:0d: a8:a4:39:70:b5:b1:ed:be:e1:b0:aa:c6:6d:51:2a:f8: 8c:c5:3d:73:c7:67:c0:c3:bc:f7:21:01:2d:c8:90:ea: 7b:7e:df:92:c3:e9:64:88:9b:b2:33:b2:b2:1d:a5:61: ff:df:1c:8d:49:f5:53:84:84:aa:f0:c9:0f:10:6f:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:6a:45:5d:e4:a3:9e:fa:d7:0d:77:fc:1d:3c:fd:d3: c9:69:99:6f:5f:b9:22:db:ab:03:4d:98:bf:02:60:1d: 0e:73:3b:a6:d9:ba:ef:01:2a:75:11:70:de:e6:08:a0: df:94:b0:6d:4e:8c:bf:fe:0c:f7:70:df:86:ca:27:f4: 43:b1:75:28:42:a9:66:b9:f1:e5:32:04:7d:4f:28:ae: d4:e1:6c:5f:5a:11:b1:18:98:8a:67:ee:77:85:2c:02: 90:8e:d2:fa:bb:fb:11:e0:0e:90:4b:43:77:a0:84:61: 26:99:c9:a6:60:ea:f8:5e:89:da:27:a4:93:d1:d3:84 Fingerprint (SHA-256): 56:21:38:C9:28:8A:9D:62:AA:12:99:45:AC:45:5E:F3:DA:85:84:55:45:68:5E:60:6A:C2:36:41:D2:39:21:C4 Fingerprint (SHA1): CF:60:8B:2F:36:C9:1A:F1:E9:8D:37:22:85:19:F5:59:02:A9:3C:B1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5913: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #5914: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182070 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5915: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #5916: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5917: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5918: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182071 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5919: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5920: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5921: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5922: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182072 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5923: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5924: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #5925: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5926: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182073 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5927: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5928: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5929: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182070 (0x1ee2d4b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:09 2015 Not After : Mon May 18 22:24:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:66:9a:08:8d:11:fc:90:97:d4:81:60:5e:22:e3:a1: 58:08:70:b3:4c:30:6c:2d:2f:38:18:dc:fa:ae:30:f4: b5:9f:68:30:a3:f4:fe:e9:d4:82:4e:a1:74:09:b1:90: 1c:70:9b:89:d0:64:84:93:95:fa:d6:b2:b6:56:f6:ff: 2c:ae:9a:d6:7d:28:fc:09:58:1a:26:a7:0f:bb:5b:a7: 53:af:92:dd:e5:a7:9c:dd:b3:e5:ff:31:42:ae:15:38: ec:66:2e:5f:10:6f:dd:9c:52:e5:f4:9f:fc:33:25:2b: f0:40:f6:32:82:a8:4a:30:ea:53:86:e2:6c:5d:dc:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b2:6e:10:27:f0:0a:92:ab:c2:ee:cc:cd:2c:47:a4:34: d8:c1:c6:51:a6:d7:0d:5b:89:77:6d:8a:1e:a9:aa:63: 49:77:2f:97:ff:49:6a:f3:85:d0:47:f1:ee:ab:79:90: ef:b7:97:00:a6:b8:6d:ac:98:78:18:a7:8a:88:5e:5a: ba:75:ec:b2:4a:16:bf:13:6e:11:2d:9b:96:c2:ee:b9: bd:a8:f8:e9:dc:0b:ad:10:87:bf:c5:20:94:02:35:25: 4a:9d:8c:e7:a6:ac:6e:10:30:db:25:d7:78:48:5c:4b: 48:82:56:f2:41:4a:1b:46:83:6b:d8:11:1d:08:2c:ca Fingerprint (SHA-256): 75:FC:65:BD:7B:05:BB:A0:2A:CA:25:B5:A5:ED:51:DF:02:7B:9C:60:E4:C8:73:DC:29:54:7E:A1:E9:AB:D9:B6 Fingerprint (SHA1): EE:CC:A2:85:26:0B:98:6F:86:81:EF:AA:3B:7A:25:F6:CB:4B:7F:4E Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5930: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5931: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182071 (0x1ee2d4b7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:14 2015 Not After : Mon May 18 22:24:14 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:97:31:4a:83:bd:8e:4d:28:f9:45:78:04:17:ea:c7: 30:ef:dd:7e:9c:a9:29:3c:9f:4a:36:68:49:de:0d:65: 0f:2a:4f:70:c9:73:08:82:d4:69:52:8b:f5:63:7a:ff: 8c:d6:c0:fd:8d:6d:03:09:7c:27:fe:0d:86:99:1d:0e: ac:c6:ad:ab:c9:65:6a:e5:75:3e:cb:45:53:2f:06:0a: b4:47:fd:ff:f1:97:5c:49:84:e9:9c:4e:b7:aa:c5:12: 4a:8a:e5:98:db:ac:2c:c1:59:99:3d:09:b8:e9:c7:1a: b1:ff:f2:dc:1d:86:46:8e:09:38:71:18:23:f2:0b:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:b8:f1:38:88:41:ef:0a:09:df:2d:1a:2b:0b:78:9e: 40:3f:40:f5:c1:34:05:d3:5e:70:d7:45:7c:8a:b6:e2: bf:1b:b9:20:76:0a:5e:03:db:9f:cc:76:6a:83:f1:5e: bc:ee:5f:90:f7:b8:31:91:6f:17:52:63:c5:08:d3:68: 3e:d1:94:4b:11:39:c7:de:61:5a:04:ee:71:b9:1e:48: c4:67:70:21:81:ea:64:6c:62:86:68:bb:06:60:19:74: f2:b3:17:82:04:b4:42:cf:db:54:5c:50:be:1c:76:62: 57:44:15:b3:59:11:87:21:7d:a0:5d:4c:9f:28:84:ff Fingerprint (SHA-256): 6F:4B:7C:93:F4:39:E3:67:90:95:88:C2:0D:8D:76:E0:F2:36:FA:49:9C:32:58:76:6B:80:F7:8B:3A:C1:BE:D4 Fingerprint (SHA1): A2:D7:D9:6D:33:84:CF:B5:18:85:F9:8C:EE:DB:6C:9C:83:00:D3:6A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5932: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5933: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182072 (0x1ee2d4b8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:18 2015 Not After : Mon May 18 22:24:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:94:2b:e8:8a:09:48:1a:16:af:6f:f6:da:03:b5:99: 44:91:02:fd:4d:0c:fb:35:b9:e6:1d:69:79:88:2a:9c: 66:9c:f1:26:04:93:34:d3:4b:9b:54:fb:73:b2:ba:6c: 1c:9a:f8:b4:a5:09:f4:a8:f2:44:c2:87:fa:3d:f9:03: 61:9c:32:85:fa:f0:f1:4d:be:01:6b:08:15:a2:fd:ba: b5:28:3a:c8:1f:6a:d0:dd:d6:24:0f:00:ae:ab:b9:5c: 35:d0:56:ff:2e:97:82:fa:04:bc:de:14:01:3f:d5:42: 6c:51:0c:31:12:29:12:8a:90:fd:73:23:a9:e6:ce:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:68:24:63:96:d9:0d:a5:03:5f:a2:8b:4d:29:3d:5f: 2d:6a:d0:a4:3f:03:fe:2f:05:e9:42:2c:22:25:e6:08: f9:f6:8a:2c:ba:2a:67:e2:18:e5:c5:8f:68:51:0e:50: 0b:51:eb:4e:35:62:5d:dd:29:9d:35:77:f6:2f:d7:25: 0e:ba:e3:b6:13:47:e3:32:f7:39:84:0f:13:fa:12:93: e4:03:47:e5:22:93:d4:2d:9b:6d:2a:e5:73:60:d5:26: db:67:12:41:01:9a:9e:ef:0e:30:2a:4d:a0:4d:7c:b4: db:c4:51:2b:7d:27:b5:41:1d:c7:e1:83:c6:b0:54:a7 Fingerprint (SHA-256): 34:FE:66:57:4C:9D:C2:98:F1:11:C9:C1:AB:7D:5A:09:B5:52:E6:BB:6D:87:C0:5C:D6:8A:F0:1B:25:7A:A9:BE Fingerprint (SHA1): 15:67:BB:7A:A3:7F:49:31:BC:48:B6:D0:D1:BB:60:5D:39:BC:38:71 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #5934: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5935: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #5936: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #5937: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #5938: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182070 (0x1ee2d4b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:09 2015 Not After : Mon May 18 22:24:09 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:66:9a:08:8d:11:fc:90:97:d4:81:60:5e:22:e3:a1: 58:08:70:b3:4c:30:6c:2d:2f:38:18:dc:fa:ae:30:f4: b5:9f:68:30:a3:f4:fe:e9:d4:82:4e:a1:74:09:b1:90: 1c:70:9b:89:d0:64:84:93:95:fa:d6:b2:b6:56:f6:ff: 2c:ae:9a:d6:7d:28:fc:09:58:1a:26:a7:0f:bb:5b:a7: 53:af:92:dd:e5:a7:9c:dd:b3:e5:ff:31:42:ae:15:38: ec:66:2e:5f:10:6f:dd:9c:52:e5:f4:9f:fc:33:25:2b: f0:40:f6:32:82:a8:4a:30:ea:53:86:e2:6c:5d:dc:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b2:6e:10:27:f0:0a:92:ab:c2:ee:cc:cd:2c:47:a4:34: d8:c1:c6:51:a6:d7:0d:5b:89:77:6d:8a:1e:a9:aa:63: 49:77:2f:97:ff:49:6a:f3:85:d0:47:f1:ee:ab:79:90: ef:b7:97:00:a6:b8:6d:ac:98:78:18:a7:8a:88:5e:5a: ba:75:ec:b2:4a:16:bf:13:6e:11:2d:9b:96:c2:ee:b9: bd:a8:f8:e9:dc:0b:ad:10:87:bf:c5:20:94:02:35:25: 4a:9d:8c:e7:a6:ac:6e:10:30:db:25:d7:78:48:5c:4b: 48:82:56:f2:41:4a:1b:46:83:6b:d8:11:1d:08:2c:ca Fingerprint (SHA-256): 75:FC:65:BD:7B:05:BB:A0:2A:CA:25:B5:A5:ED:51:DF:02:7B:9C:60:E4:C8:73:DC:29:54:7E:A1:E9:AB:D9:B6 Fingerprint (SHA1): EE:CC:A2:85:26:0B:98:6F:86:81:EF:AA:3B:7A:25:F6:CB:4B:7F:4E Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5939: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5940: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182071 (0x1ee2d4b7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:14 2015 Not After : Mon May 18 22:24:14 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:97:31:4a:83:bd:8e:4d:28:f9:45:78:04:17:ea:c7: 30:ef:dd:7e:9c:a9:29:3c:9f:4a:36:68:49:de:0d:65: 0f:2a:4f:70:c9:73:08:82:d4:69:52:8b:f5:63:7a:ff: 8c:d6:c0:fd:8d:6d:03:09:7c:27:fe:0d:86:99:1d:0e: ac:c6:ad:ab:c9:65:6a:e5:75:3e:cb:45:53:2f:06:0a: b4:47:fd:ff:f1:97:5c:49:84:e9:9c:4e:b7:aa:c5:12: 4a:8a:e5:98:db:ac:2c:c1:59:99:3d:09:b8:e9:c7:1a: b1:ff:f2:dc:1d:86:46:8e:09:38:71:18:23:f2:0b:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:b8:f1:38:88:41:ef:0a:09:df:2d:1a:2b:0b:78:9e: 40:3f:40:f5:c1:34:05:d3:5e:70:d7:45:7c:8a:b6:e2: bf:1b:b9:20:76:0a:5e:03:db:9f:cc:76:6a:83:f1:5e: bc:ee:5f:90:f7:b8:31:91:6f:17:52:63:c5:08:d3:68: 3e:d1:94:4b:11:39:c7:de:61:5a:04:ee:71:b9:1e:48: c4:67:70:21:81:ea:64:6c:62:86:68:bb:06:60:19:74: f2:b3:17:82:04:b4:42:cf:db:54:5c:50:be:1c:76:62: 57:44:15:b3:59:11:87:21:7d:a0:5d:4c:9f:28:84:ff Fingerprint (SHA-256): 6F:4B:7C:93:F4:39:E3:67:90:95:88:C2:0D:8D:76:E0:F2:36:FA:49:9C:32:58:76:6B:80:F7:8B:3A:C1:BE:D4 Fingerprint (SHA1): A2:D7:D9:6D:33:84:CF:B5:18:85:F9:8C:EE:DB:6C:9C:83:00:D3:6A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5941: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5942: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182072 (0x1ee2d4b8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:18 2015 Not After : Mon May 18 22:24:18 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:94:2b:e8:8a:09:48:1a:16:af:6f:f6:da:03:b5:99: 44:91:02:fd:4d:0c:fb:35:b9:e6:1d:69:79:88:2a:9c: 66:9c:f1:26:04:93:34:d3:4b:9b:54:fb:73:b2:ba:6c: 1c:9a:f8:b4:a5:09:f4:a8:f2:44:c2:87:fa:3d:f9:03: 61:9c:32:85:fa:f0:f1:4d:be:01:6b:08:15:a2:fd:ba: b5:28:3a:c8:1f:6a:d0:dd:d6:24:0f:00:ae:ab:b9:5c: 35:d0:56:ff:2e:97:82:fa:04:bc:de:14:01:3f:d5:42: 6c:51:0c:31:12:29:12:8a:90:fd:73:23:a9:e6:ce:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:68:24:63:96:d9:0d:a5:03:5f:a2:8b:4d:29:3d:5f: 2d:6a:d0:a4:3f:03:fe:2f:05:e9:42:2c:22:25:e6:08: f9:f6:8a:2c:ba:2a:67:e2:18:e5:c5:8f:68:51:0e:50: 0b:51:eb:4e:35:62:5d:dd:29:9d:35:77:f6:2f:d7:25: 0e:ba:e3:b6:13:47:e3:32:f7:39:84:0f:13:fa:12:93: e4:03:47:e5:22:93:d4:2d:9b:6d:2a:e5:73:60:d5:26: db:67:12:41:01:9a:9e:ef:0e:30:2a:4d:a0:4d:7c:b4: db:c4:51:2b:7d:27:b5:41:1d:c7:e1:83:c6:b0:54:a7 Fingerprint (SHA-256): 34:FE:66:57:4C:9D:C2:98:F1:11:C9:C1:AB:7D:5A:09:B5:52:E6:BB:6D:87:C0:5C:D6:8A:F0:1B:25:7A:A9:BE Fingerprint (SHA1): 15:67:BB:7A:A3:7F:49:31:BC:48:B6:D0:D1:BB:60:5D:39:BC:38:71 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #5943: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5944: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #5945: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182074 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5946: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #5947: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5948: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5949: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182075 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5950: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5951: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5952: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5953: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182076 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5954: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5955: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #5956: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5957: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518182077 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5958: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5959: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #5960: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5961: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518182078 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5962: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5963: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5964: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182074 (0x1ee2d4ba) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:35 2015 Not After : Mon May 18 22:24:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:f5:aa:ce:cb:e9:98:89:75:f2:f9:e1:31:cf:ce:a6: 5f:84:19:e6:da:f4:24:48:a3:23:d2:68:9a:07:a8:e4: e1:aa:d1:c9:c2:f0:38:50:cc:0e:6f:98:ca:7a:d1:c2: a2:5a:ca:8c:05:ea:77:db:93:fb:a0:60:06:ba:4b:6e: be:e8:17:c7:65:96:70:73:c6:4a:85:66:8a:20:c7:5f: 7e:33:5d:b2:78:84:a3:8e:a4:31:66:a9:68:59:39:57: 48:01:0e:08:b9:da:8c:8e:57:06:8c:49:fc:b6:d5:8d: 31:b0:2d:b2:7c:76:7c:89:b2:1b:18:6e:83:03:fb:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:ce:33:71:fa:1d:a3:0d:a7:83:3c:79:8e:0b:89:f4: ee:22:dc:71:87:6e:02:b4:e8:e8:de:f2:f8:c3:85:9f: 75:82:52:7c:b2:6b:3a:5a:b6:67:ab:62:e5:ed:2d:39: 82:11:62:4e:03:b3:6f:da:37:37:e9:20:9c:b2:0f:43: 7f:44:37:75:6a:be:76:c8:47:97:4b:56:5c:9e:1d:0f: bc:5e:91:8e:13:51:3d:87:b1:1c:a0:41:88:f9:8d:55: be:3c:c6:20:67:e4:7b:ad:a8:e8:70:f2:71:f8:2f:72: e4:a5:35:66:33:b1:2f:4e:85:6e:33:b9:97:a4:f5:88 Fingerprint (SHA-256): FD:1C:78:2F:2D:E8:FD:79:07:BB:40:A0:CA:7B:9B:C3:91:3D:D0:9C:47:94:ED:1B:7E:C0:0A:AB:B5:90:B5:B4 Fingerprint (SHA1): F8:91:DE:F9:FE:9E:28:6A:1D:90:4A:18:D7:3F:7B:F2:61:D0:3F:46 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5965: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5966: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182075 (0x1ee2d4bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:39 2015 Not After : Mon May 18 22:24:39 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:f2:66:fd:aa:4f:54:f5:28:be:8f:68:cc:d2:4c:24: 65:ae:57:96:9d:77:b2:cd:d2:d8:ea:ed:fd:35:6d:73: eb:f9:28:73:e6:d2:5f:38:b5:00:5a:52:e0:54:d9:f6: 2a:08:6c:15:2c:1e:09:3d:55:f3:15:c7:96:51:9d:42: 3f:72:c1:70:be:d4:f4:bd:15:bb:76:80:7f:df:51:f3: dc:59:f4:c9:fd:39:1d:ac:80:27:11:e8:f6:a6:1b:34: 6e:06:05:d4:3f:2b:0b:27:25:a8:ec:0e:af:29:ce:79: ca:b4:09:ee:a9:21:c8:8f:74:f4:7f:f5:12:7e:b5:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 47:ab:2b:dd:40:00:2b:12:61:37:eb:6e:19:1a:62:78: f8:15:62:da:8f:0e:f8:42:82:7e:3b:59:08:ae:2c:bf: 4b:5f:db:f8:de:e7:66:80:52:79:af:3d:7e:a5:a4:6a: e7:02:df:b5:73:3d:fa:e5:4e:ad:4f:b0:57:b5:e8:9f: bc:fa:f4:1d:37:51:91:12:5c:bf:4c:13:9b:3a:65:17: 49:24:b0:03:3c:e3:da:e8:19:62:e2:70:d1:98:9e:4f: fa:b4:88:0a:75:f2:e6:9b:f4:75:4c:88:92:1c:71:0a: be:9f:d5:74:4e:b5:30:09:e1:72:46:8c:e7:44:45:83 Fingerprint (SHA-256): 42:F4:C7:97:73:EC:8A:53:E1:9E:5C:BA:CF:AA:8F:78:93:51:74:44:C8:8C:8D:94:1D:F1:83:99:F1:83:40:72 Fingerprint (SHA1): 3A:46:1B:57:18:86:07:A2:D1:E6:EA:5F:61:70:BE:BA:FC:E3:F4:B8 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5967: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5968: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182076 (0x1ee2d4bc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:44 2015 Not After : Mon May 18 22:24:44 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:e8:c0:33:42:a3:d0:d9:e3:b6:d4:bb:f7:f6:9d:82: 0c:30:0a:0d:d2:94:d4:12:10:7d:c0:03:e5:d2:f8:60: dd:0b:42:1e:f5:c9:74:d3:4a:ae:85:9d:da:fd:c8:70: 0c:f9:a0:65:a3:b5:c2:e2:87:86:e4:d8:1c:8d:8a:ac: e3:50:f3:8d:8e:e9:c8:cd:b3:ec:d9:39:8c:63:bf:79: 6b:5c:90:de:37:2d:c3:8d:62:c1:eb:2e:8a:b5:c0:8d: 32:b5:c7:b8:e0:5c:2a:f0:0e:10:86:a3:ed:19:5e:5f: e5:c2:f2:2e:45:87:fb:42:78:2c:15:3c:36:df:1a:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:51:3e:0b:b3:95:1f:ed:8f:f9:37:c9:e2:98:4e:f1: 58:15:9e:fb:6f:f2:ef:81:5f:d6:66:ec:33:6d:72:6e: 36:a1:a8:95:19:f2:98:94:4b:cc:51:50:05:29:1c:cc: 34:66:8d:7d:17:0c:a9:a8:90:04:ad:22:4a:ee:32:b0: 25:7c:0f:fc:1c:3f:67:8b:cb:72:c5:16:26:ed:7e:52: 2b:b5:bb:c5:67:e8:7f:24:29:70:f6:90:96:52:67:c9: b3:bf:e1:7d:3a:17:63:47:17:cc:3c:54:84:ff:df:0a: 34:50:7e:a3:89:1e:22:47:b4:3d:0e:cd:6b:2a:8d:d5 Fingerprint (SHA-256): 4A:5F:E4:E5:EB:FD:D6:99:29:C4:4B:F6:0C:45:9D:5B:11:DB:00:8F:CC:B9:4E:7F:CE:EB:65:3A:4B:75:5F:AA Fingerprint (SHA1): 57:A4:EE:95:78:51:E0:55:29:FB:B9:4B:EF:D1:00:E9:18:06:D5:D5 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #5969: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5970: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #5971: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #5972: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #5973: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182074 (0x1ee2d4ba) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:35 2015 Not After : Mon May 18 22:24:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:f5:aa:ce:cb:e9:98:89:75:f2:f9:e1:31:cf:ce:a6: 5f:84:19:e6:da:f4:24:48:a3:23:d2:68:9a:07:a8:e4: e1:aa:d1:c9:c2:f0:38:50:cc:0e:6f:98:ca:7a:d1:c2: a2:5a:ca:8c:05:ea:77:db:93:fb:a0:60:06:ba:4b:6e: be:e8:17:c7:65:96:70:73:c6:4a:85:66:8a:20:c7:5f: 7e:33:5d:b2:78:84:a3:8e:a4:31:66:a9:68:59:39:57: 48:01:0e:08:b9:da:8c:8e:57:06:8c:49:fc:b6:d5:8d: 31:b0:2d:b2:7c:76:7c:89:b2:1b:18:6e:83:03:fb:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:ce:33:71:fa:1d:a3:0d:a7:83:3c:79:8e:0b:89:f4: ee:22:dc:71:87:6e:02:b4:e8:e8:de:f2:f8:c3:85:9f: 75:82:52:7c:b2:6b:3a:5a:b6:67:ab:62:e5:ed:2d:39: 82:11:62:4e:03:b3:6f:da:37:37:e9:20:9c:b2:0f:43: 7f:44:37:75:6a:be:76:c8:47:97:4b:56:5c:9e:1d:0f: bc:5e:91:8e:13:51:3d:87:b1:1c:a0:41:88:f9:8d:55: be:3c:c6:20:67:e4:7b:ad:a8:e8:70:f2:71:f8:2f:72: e4:a5:35:66:33:b1:2f:4e:85:6e:33:b9:97:a4:f5:88 Fingerprint (SHA-256): FD:1C:78:2F:2D:E8:FD:79:07:BB:40:A0:CA:7B:9B:C3:91:3D:D0:9C:47:94:ED:1B:7E:C0:0A:AB:B5:90:B5:B4 Fingerprint (SHA1): F8:91:DE:F9:FE:9E:28:6A:1D:90:4A:18:D7:3F:7B:F2:61:D0:3F:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5974: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5975: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182075 (0x1ee2d4bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:39 2015 Not After : Mon May 18 22:24:39 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:f2:66:fd:aa:4f:54:f5:28:be:8f:68:cc:d2:4c:24: 65:ae:57:96:9d:77:b2:cd:d2:d8:ea:ed:fd:35:6d:73: eb:f9:28:73:e6:d2:5f:38:b5:00:5a:52:e0:54:d9:f6: 2a:08:6c:15:2c:1e:09:3d:55:f3:15:c7:96:51:9d:42: 3f:72:c1:70:be:d4:f4:bd:15:bb:76:80:7f:df:51:f3: dc:59:f4:c9:fd:39:1d:ac:80:27:11:e8:f6:a6:1b:34: 6e:06:05:d4:3f:2b:0b:27:25:a8:ec:0e:af:29:ce:79: ca:b4:09:ee:a9:21:c8:8f:74:f4:7f:f5:12:7e:b5:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 47:ab:2b:dd:40:00:2b:12:61:37:eb:6e:19:1a:62:78: f8:15:62:da:8f:0e:f8:42:82:7e:3b:59:08:ae:2c:bf: 4b:5f:db:f8:de:e7:66:80:52:79:af:3d:7e:a5:a4:6a: e7:02:df:b5:73:3d:fa:e5:4e:ad:4f:b0:57:b5:e8:9f: bc:fa:f4:1d:37:51:91:12:5c:bf:4c:13:9b:3a:65:17: 49:24:b0:03:3c:e3:da:e8:19:62:e2:70:d1:98:9e:4f: fa:b4:88:0a:75:f2:e6:9b:f4:75:4c:88:92:1c:71:0a: be:9f:d5:74:4e:b5:30:09:e1:72:46:8c:e7:44:45:83 Fingerprint (SHA-256): 42:F4:C7:97:73:EC:8A:53:E1:9E:5C:BA:CF:AA:8F:78:93:51:74:44:C8:8C:8D:94:1D:F1:83:99:F1:83:40:72 Fingerprint (SHA1): 3A:46:1B:57:18:86:07:A2:D1:E6:EA:5F:61:70:BE:BA:FC:E3:F4:B8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5976: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5977: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182076 (0x1ee2d4bc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:44 2015 Not After : Mon May 18 22:24:44 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:e8:c0:33:42:a3:d0:d9:e3:b6:d4:bb:f7:f6:9d:82: 0c:30:0a:0d:d2:94:d4:12:10:7d:c0:03:e5:d2:f8:60: dd:0b:42:1e:f5:c9:74:d3:4a:ae:85:9d:da:fd:c8:70: 0c:f9:a0:65:a3:b5:c2:e2:87:86:e4:d8:1c:8d:8a:ac: e3:50:f3:8d:8e:e9:c8:cd:b3:ec:d9:39:8c:63:bf:79: 6b:5c:90:de:37:2d:c3:8d:62:c1:eb:2e:8a:b5:c0:8d: 32:b5:c7:b8:e0:5c:2a:f0:0e:10:86:a3:ed:19:5e:5f: e5:c2:f2:2e:45:87:fb:42:78:2c:15:3c:36:df:1a:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:51:3e:0b:b3:95:1f:ed:8f:f9:37:c9:e2:98:4e:f1: 58:15:9e:fb:6f:f2:ef:81:5f:d6:66:ec:33:6d:72:6e: 36:a1:a8:95:19:f2:98:94:4b:cc:51:50:05:29:1c:cc: 34:66:8d:7d:17:0c:a9:a8:90:04:ad:22:4a:ee:32:b0: 25:7c:0f:fc:1c:3f:67:8b:cb:72:c5:16:26:ed:7e:52: 2b:b5:bb:c5:67:e8:7f:24:29:70:f6:90:96:52:67:c9: b3:bf:e1:7d:3a:17:63:47:17:cc:3c:54:84:ff:df:0a: 34:50:7e:a3:89:1e:22:47:b4:3d:0e:cd:6b:2a:8d:d5 Fingerprint (SHA-256): 4A:5F:E4:E5:EB:FD:D6:99:29:C4:4B:F6:0C:45:9D:5B:11:DB:00:8F:CC:B9:4E:7F:CE:EB:65:3A:4B:75:5F:AA Fingerprint (SHA1): 57:A4:EE:95:78:51:E0:55:29:FB:B9:4B:EF:D1:00:E9:18:06:D5:D5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #5978: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5979: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182074 (0x1ee2d4ba) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:35 2015 Not After : Mon May 18 22:24:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:f5:aa:ce:cb:e9:98:89:75:f2:f9:e1:31:cf:ce:a6: 5f:84:19:e6:da:f4:24:48:a3:23:d2:68:9a:07:a8:e4: e1:aa:d1:c9:c2:f0:38:50:cc:0e:6f:98:ca:7a:d1:c2: a2:5a:ca:8c:05:ea:77:db:93:fb:a0:60:06:ba:4b:6e: be:e8:17:c7:65:96:70:73:c6:4a:85:66:8a:20:c7:5f: 7e:33:5d:b2:78:84:a3:8e:a4:31:66:a9:68:59:39:57: 48:01:0e:08:b9:da:8c:8e:57:06:8c:49:fc:b6:d5:8d: 31:b0:2d:b2:7c:76:7c:89:b2:1b:18:6e:83:03:fb:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:ce:33:71:fa:1d:a3:0d:a7:83:3c:79:8e:0b:89:f4: ee:22:dc:71:87:6e:02:b4:e8:e8:de:f2:f8:c3:85:9f: 75:82:52:7c:b2:6b:3a:5a:b6:67:ab:62:e5:ed:2d:39: 82:11:62:4e:03:b3:6f:da:37:37:e9:20:9c:b2:0f:43: 7f:44:37:75:6a:be:76:c8:47:97:4b:56:5c:9e:1d:0f: bc:5e:91:8e:13:51:3d:87:b1:1c:a0:41:88:f9:8d:55: be:3c:c6:20:67:e4:7b:ad:a8:e8:70:f2:71:f8:2f:72: e4:a5:35:66:33:b1:2f:4e:85:6e:33:b9:97:a4:f5:88 Fingerprint (SHA-256): FD:1C:78:2F:2D:E8:FD:79:07:BB:40:A0:CA:7B:9B:C3:91:3D:D0:9C:47:94:ED:1B:7E:C0:0A:AB:B5:90:B5:B4 Fingerprint (SHA1): F8:91:DE:F9:FE:9E:28:6A:1D:90:4A:18:D7:3F:7B:F2:61:D0:3F:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5980: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182074 (0x1ee2d4ba) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:35 2015 Not After : Mon May 18 22:24:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:f5:aa:ce:cb:e9:98:89:75:f2:f9:e1:31:cf:ce:a6: 5f:84:19:e6:da:f4:24:48:a3:23:d2:68:9a:07:a8:e4: e1:aa:d1:c9:c2:f0:38:50:cc:0e:6f:98:ca:7a:d1:c2: a2:5a:ca:8c:05:ea:77:db:93:fb:a0:60:06:ba:4b:6e: be:e8:17:c7:65:96:70:73:c6:4a:85:66:8a:20:c7:5f: 7e:33:5d:b2:78:84:a3:8e:a4:31:66:a9:68:59:39:57: 48:01:0e:08:b9:da:8c:8e:57:06:8c:49:fc:b6:d5:8d: 31:b0:2d:b2:7c:76:7c:89:b2:1b:18:6e:83:03:fb:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 73:ce:33:71:fa:1d:a3:0d:a7:83:3c:79:8e:0b:89:f4: ee:22:dc:71:87:6e:02:b4:e8:e8:de:f2:f8:c3:85:9f: 75:82:52:7c:b2:6b:3a:5a:b6:67:ab:62:e5:ed:2d:39: 82:11:62:4e:03:b3:6f:da:37:37:e9:20:9c:b2:0f:43: 7f:44:37:75:6a:be:76:c8:47:97:4b:56:5c:9e:1d:0f: bc:5e:91:8e:13:51:3d:87:b1:1c:a0:41:88:f9:8d:55: be:3c:c6:20:67:e4:7b:ad:a8:e8:70:f2:71:f8:2f:72: e4:a5:35:66:33:b1:2f:4e:85:6e:33:b9:97:a4:f5:88 Fingerprint (SHA-256): FD:1C:78:2F:2D:E8:FD:79:07:BB:40:A0:CA:7B:9B:C3:91:3D:D0:9C:47:94:ED:1B:7E:C0:0A:AB:B5:90:B5:B4 Fingerprint (SHA1): F8:91:DE:F9:FE:9E:28:6A:1D:90:4A:18:D7:3F:7B:F2:61:D0:3F:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5981: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182075 (0x1ee2d4bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:39 2015 Not After : Mon May 18 22:24:39 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:f2:66:fd:aa:4f:54:f5:28:be:8f:68:cc:d2:4c:24: 65:ae:57:96:9d:77:b2:cd:d2:d8:ea:ed:fd:35:6d:73: eb:f9:28:73:e6:d2:5f:38:b5:00:5a:52:e0:54:d9:f6: 2a:08:6c:15:2c:1e:09:3d:55:f3:15:c7:96:51:9d:42: 3f:72:c1:70:be:d4:f4:bd:15:bb:76:80:7f:df:51:f3: dc:59:f4:c9:fd:39:1d:ac:80:27:11:e8:f6:a6:1b:34: 6e:06:05:d4:3f:2b:0b:27:25:a8:ec:0e:af:29:ce:79: ca:b4:09:ee:a9:21:c8:8f:74:f4:7f:f5:12:7e:b5:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 47:ab:2b:dd:40:00:2b:12:61:37:eb:6e:19:1a:62:78: f8:15:62:da:8f:0e:f8:42:82:7e:3b:59:08:ae:2c:bf: 4b:5f:db:f8:de:e7:66:80:52:79:af:3d:7e:a5:a4:6a: e7:02:df:b5:73:3d:fa:e5:4e:ad:4f:b0:57:b5:e8:9f: bc:fa:f4:1d:37:51:91:12:5c:bf:4c:13:9b:3a:65:17: 49:24:b0:03:3c:e3:da:e8:19:62:e2:70:d1:98:9e:4f: fa:b4:88:0a:75:f2:e6:9b:f4:75:4c:88:92:1c:71:0a: be:9f:d5:74:4e:b5:30:09:e1:72:46:8c:e7:44:45:83 Fingerprint (SHA-256): 42:F4:C7:97:73:EC:8A:53:E1:9E:5C:BA:CF:AA:8F:78:93:51:74:44:C8:8C:8D:94:1D:F1:83:99:F1:83:40:72 Fingerprint (SHA1): 3A:46:1B:57:18:86:07:A2:D1:E6:EA:5F:61:70:BE:BA:FC:E3:F4:B8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5982: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182075 (0x1ee2d4bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:24:39 2015 Not After : Mon May 18 22:24:39 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:f2:66:fd:aa:4f:54:f5:28:be:8f:68:cc:d2:4c:24: 65:ae:57:96:9d:77:b2:cd:d2:d8:ea:ed:fd:35:6d:73: eb:f9:28:73:e6:d2:5f:38:b5:00:5a:52:e0:54:d9:f6: 2a:08:6c:15:2c:1e:09:3d:55:f3:15:c7:96:51:9d:42: 3f:72:c1:70:be:d4:f4:bd:15:bb:76:80:7f:df:51:f3: dc:59:f4:c9:fd:39:1d:ac:80:27:11:e8:f6:a6:1b:34: 6e:06:05:d4:3f:2b:0b:27:25:a8:ec:0e:af:29:ce:79: ca:b4:09:ee:a9:21:c8:8f:74:f4:7f:f5:12:7e:b5:ff Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 47:ab:2b:dd:40:00:2b:12:61:37:eb:6e:19:1a:62:78: f8:15:62:da:8f:0e:f8:42:82:7e:3b:59:08:ae:2c:bf: 4b:5f:db:f8:de:e7:66:80:52:79:af:3d:7e:a5:a4:6a: e7:02:df:b5:73:3d:fa:e5:4e:ad:4f:b0:57:b5:e8:9f: bc:fa:f4:1d:37:51:91:12:5c:bf:4c:13:9b:3a:65:17: 49:24:b0:03:3c:e3:da:e8:19:62:e2:70:d1:98:9e:4f: fa:b4:88:0a:75:f2:e6:9b:f4:75:4c:88:92:1c:71:0a: be:9f:d5:74:4e:b5:30:09:e1:72:46:8c:e7:44:45:83 Fingerprint (SHA-256): 42:F4:C7:97:73:EC:8A:53:E1:9E:5C:BA:CF:AA:8F:78:93:51:74:44:C8:8C:8D:94:1D:F1:83:99:F1:83:40:72 Fingerprint (SHA1): 3A:46:1B:57:18:86:07:A2:D1:E6:EA:5F:61:70:BE:BA:FC:E3:F4:B8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5983: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182076 (0x1ee2d4bc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:44 2015 Not After : Mon May 18 22:24:44 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:e8:c0:33:42:a3:d0:d9:e3:b6:d4:bb:f7:f6:9d:82: 0c:30:0a:0d:d2:94:d4:12:10:7d:c0:03:e5:d2:f8:60: dd:0b:42:1e:f5:c9:74:d3:4a:ae:85:9d:da:fd:c8:70: 0c:f9:a0:65:a3:b5:c2:e2:87:86:e4:d8:1c:8d:8a:ac: e3:50:f3:8d:8e:e9:c8:cd:b3:ec:d9:39:8c:63:bf:79: 6b:5c:90:de:37:2d:c3:8d:62:c1:eb:2e:8a:b5:c0:8d: 32:b5:c7:b8:e0:5c:2a:f0:0e:10:86:a3:ed:19:5e:5f: e5:c2:f2:2e:45:87:fb:42:78:2c:15:3c:36:df:1a:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:51:3e:0b:b3:95:1f:ed:8f:f9:37:c9:e2:98:4e:f1: 58:15:9e:fb:6f:f2:ef:81:5f:d6:66:ec:33:6d:72:6e: 36:a1:a8:95:19:f2:98:94:4b:cc:51:50:05:29:1c:cc: 34:66:8d:7d:17:0c:a9:a8:90:04:ad:22:4a:ee:32:b0: 25:7c:0f:fc:1c:3f:67:8b:cb:72:c5:16:26:ed:7e:52: 2b:b5:bb:c5:67:e8:7f:24:29:70:f6:90:96:52:67:c9: b3:bf:e1:7d:3a:17:63:47:17:cc:3c:54:84:ff:df:0a: 34:50:7e:a3:89:1e:22:47:b4:3d:0e:cd:6b:2a:8d:d5 Fingerprint (SHA-256): 4A:5F:E4:E5:EB:FD:D6:99:29:C4:4B:F6:0C:45:9D:5B:11:DB:00:8F:CC:B9:4E:7F:CE:EB:65:3A:4B:75:5F:AA Fingerprint (SHA1): 57:A4:EE:95:78:51:E0:55:29:FB:B9:4B:EF:D1:00:E9:18:06:D5:D5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #5984: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182076 (0x1ee2d4bc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:24:44 2015 Not After : Mon May 18 22:24:44 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:e8:c0:33:42:a3:d0:d9:e3:b6:d4:bb:f7:f6:9d:82: 0c:30:0a:0d:d2:94:d4:12:10:7d:c0:03:e5:d2:f8:60: dd:0b:42:1e:f5:c9:74:d3:4a:ae:85:9d:da:fd:c8:70: 0c:f9:a0:65:a3:b5:c2:e2:87:86:e4:d8:1c:8d:8a:ac: e3:50:f3:8d:8e:e9:c8:cd:b3:ec:d9:39:8c:63:bf:79: 6b:5c:90:de:37:2d:c3:8d:62:c1:eb:2e:8a:b5:c0:8d: 32:b5:c7:b8:e0:5c:2a:f0:0e:10:86:a3:ed:19:5e:5f: e5:c2:f2:2e:45:87:fb:42:78:2c:15:3c:36:df:1a:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:51:3e:0b:b3:95:1f:ed:8f:f9:37:c9:e2:98:4e:f1: 58:15:9e:fb:6f:f2:ef:81:5f:d6:66:ec:33:6d:72:6e: 36:a1:a8:95:19:f2:98:94:4b:cc:51:50:05:29:1c:cc: 34:66:8d:7d:17:0c:a9:a8:90:04:ad:22:4a:ee:32:b0: 25:7c:0f:fc:1c:3f:67:8b:cb:72:c5:16:26:ed:7e:52: 2b:b5:bb:c5:67:e8:7f:24:29:70:f6:90:96:52:67:c9: b3:bf:e1:7d:3a:17:63:47:17:cc:3c:54:84:ff:df:0a: 34:50:7e:a3:89:1e:22:47:b4:3d:0e:cd:6b:2a:8d:d5 Fingerprint (SHA-256): 4A:5F:E4:E5:EB:FD:D6:99:29:C4:4B:F6:0C:45:9D:5B:11:DB:00:8F:CC:B9:4E:7F:CE:EB:65:3A:4B:75:5F:AA Fingerprint (SHA1): 57:A4:EE:95:78:51:E0:55:29:FB:B9:4B:EF:D1:00:E9:18:06:D5:D5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #5985: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #5986: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182079 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5987: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #5988: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5989: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5990: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182080 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5991: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5992: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5993: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5994: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182081 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #5995: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5996: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #5997: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5998: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518182082 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5999: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6000: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6001: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6002: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518182083 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6003: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6004: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6005: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6006: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518182084 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6007: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6008: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #6009: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6010: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518182085 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6011: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6012: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6013: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #6014: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #6015: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6016: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #6017: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182079 (0x1ee2d4bf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:11 2015 Not After : Mon May 18 22:25:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:26:1e:6a:30:b8:94:7d:a2:fc:54:49:aa:16:30:02: 30:f8:f4:07:8e:9f:57:18:cf:7d:df:52:9b:66:fc:da: a2:30:e7:5c:62:c4:fc:a0:d5:07:b2:6f:d7:98:4e:99: 80:ed:53:ea:f9:9a:ae:f0:44:fd:78:db:dc:d7:86:f8: 0e:f0:de:06:a8:69:14:5b:be:f6:7d:75:e5:fb:f0:3e: 26:fb:3e:d3:a1:29:d3:2b:01:30:ef:41:73:ed:7c:b0: 8e:ef:99:62:02:47:e5:ac:0c:e4:5d:f8:4d:b3:88:e9: e7:b9:ff:b8:e6:55:12:09:6d:bc:ee:04:68:06:8a:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:92:68:92:68:a6:fb:ed:3e:21:2d:d4:4d:f1:2c:22: 67:e6:67:94:10:a0:3c:75:8f:59:c0:1e:be:27:0c:dd: 96:ae:47:34:5f:05:8c:f7:17:bb:50:64:08:73:30:c0: 6c:03:b4:22:b5:97:e2:ab:6d:88:ce:75:25:69:7a:9f: cf:d6:f9:89:b9:d1:7a:d7:d4:85:d8:f3:df:71:dd:13: da:ce:78:ee:f5:6f:03:b2:21:d5:0c:67:5f:28:db:58: bf:79:c7:06:56:86:e7:dc:d7:81:36:30:d4:fb:78:22: 38:a2:1d:d5:65:27:0a:0d:57:cb:41:00:6e:f3:ef:84 Fingerprint (SHA-256): 43:21:D3:2F:2C:7A:3B:B2:E5:E4:40:A0:3D:C6:BF:E1:A3:44:31:D4:BC:46:E3:BD:F6:A2:9F:09:F6:02:B7:DB Fingerprint (SHA1): DD:9A:13:66:C0:13:F1:53:1D:5B:CA:40:0D:22:F6:C4:41:3A:46:5A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6018: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6019: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6020: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6021: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182079 (0x1ee2d4bf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:11 2015 Not After : Mon May 18 22:25:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:26:1e:6a:30:b8:94:7d:a2:fc:54:49:aa:16:30:02: 30:f8:f4:07:8e:9f:57:18:cf:7d:df:52:9b:66:fc:da: a2:30:e7:5c:62:c4:fc:a0:d5:07:b2:6f:d7:98:4e:99: 80:ed:53:ea:f9:9a:ae:f0:44:fd:78:db:dc:d7:86:f8: 0e:f0:de:06:a8:69:14:5b:be:f6:7d:75:e5:fb:f0:3e: 26:fb:3e:d3:a1:29:d3:2b:01:30:ef:41:73:ed:7c:b0: 8e:ef:99:62:02:47:e5:ac:0c:e4:5d:f8:4d:b3:88:e9: e7:b9:ff:b8:e6:55:12:09:6d:bc:ee:04:68:06:8a:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:92:68:92:68:a6:fb:ed:3e:21:2d:d4:4d:f1:2c:22: 67:e6:67:94:10:a0:3c:75:8f:59:c0:1e:be:27:0c:dd: 96:ae:47:34:5f:05:8c:f7:17:bb:50:64:08:73:30:c0: 6c:03:b4:22:b5:97:e2:ab:6d:88:ce:75:25:69:7a:9f: cf:d6:f9:89:b9:d1:7a:d7:d4:85:d8:f3:df:71:dd:13: da:ce:78:ee:f5:6f:03:b2:21:d5:0c:67:5f:28:db:58: bf:79:c7:06:56:86:e7:dc:d7:81:36:30:d4:fb:78:22: 38:a2:1d:d5:65:27:0a:0d:57:cb:41:00:6e:f3:ef:84 Fingerprint (SHA-256): 43:21:D3:2F:2C:7A:3B:B2:E5:E4:40:A0:3D:C6:BF:E1:A3:44:31:D4:BC:46:E3:BD:F6:A2:9F:09:F6:02:B7:DB Fingerprint (SHA1): DD:9A:13:66:C0:13:F1:53:1D:5B:CA:40:0D:22:F6:C4:41:3A:46:5A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6022: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6023: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6024: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182086 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6025: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6026: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6027: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6028: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182087 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6029: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6030: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #6031: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6032: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518182088 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6033: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6034: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #6035: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6036: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518182089 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6037: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6038: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6039: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6040: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518182090 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6041: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6042: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #6043: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6044: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518182091 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6045: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6046: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #6047: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6048: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518182092 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6049: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6050: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6051: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6052: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518182093 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6053: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6054: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #6055: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6056: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518182094 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6057: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6058: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #6059: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6060: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518182095 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6061: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6062: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6063: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6064: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518182096 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6065: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6066: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #6067: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6068: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518182097 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6069: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6070: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #6071: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6072: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518182098 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6073: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6074: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6075: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6076: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518182099 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6077: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6078: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #6079: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6080: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518182100 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6081: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6082: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #6083: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6084: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518182101 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6085: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6086: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #6087: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6088: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518182102 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6089: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6090: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #6091: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6092: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518182103 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6093: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6094: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #6095: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6096: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518182104 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6097: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6098: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #6099: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6100: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518182105 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6101: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6102: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #6103: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6104: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518182106 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6105: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6106: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #6107: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6108: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518182107 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6109: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6110: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #6111: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6112: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518182108 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6113: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6114: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #6115: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6116: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518182109 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6117: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6118: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #6119: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6120: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518182110 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6121: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6122: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #6123: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6124: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518182111 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6125: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6126: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #6127: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6128: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518182112 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6129: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6130: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #6131: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6132: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518182113 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6133: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6134: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #6135: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6136: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518182114 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6137: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6138: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #6139: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6140: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518182115 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6141: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6142: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6143: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6144: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6145: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6146: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6147: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6148: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6149: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6150: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6151: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6152: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6153: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6154: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6155: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6156: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6157: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6158: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6159: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6160: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6161: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6162: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6163: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6164: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6165: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182086 (0x1ee2d4c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:25:43 2015 Not After : Mon May 18 22:25:43 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:b5:3a:84:7d:4d:7a:5c:a5:86:55:0f:28:6a:69:8c: 47:b4:ef:64:40:dc:7d:11:96:8a:4b:0f:6c:48:b8:7c: 8e:a1:d9:2e:b5:83:a5:31:df:f4:82:00:6f:38:a3:82: 01:c4:06:83:70:0a:7f:99:2c:e3:73:2f:14:b4:b3:83: 89:ff:d4:6a:3a:e1:7c:7a:91:be:6d:55:83:77:83:d8: e0:cc:77:ef:6f:b9:65:a8:f7:c8:c1:0f:37:65:be:a8: 4e:25:a3:fc:0b:74:6f:52:14:90:88:1f:5a:a5:40:74: bc:ed:31:92:ce:c4:61:6c:ca:eb:a7:34:0a:c2:ff:c7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7d:10:32:b6:3a:b6:d8:02:b4:e2:73:98:7a:ac:fd:54: db:fc:0c:a6:03:4d:2d:74:5e:d3:78:67:45:ee:46:15: 7b:d3:13:c4:20:99:4f:49:db:bf:2e:59:32:0d:1a:64: d4:b0:34:64:87:a9:97:91:78:b1:c3:47:01:62:8b:d7: 4e:86:df:2a:9b:ab:20:c0:d1:2c:ea:34:94:57:cd:5b: 66:05:4a:35:78:f9:1c:b3:cc:b3:99:93:f3:3c:ad:35: a3:a5:1d:5b:f7:47:fc:a2:5a:2a:5a:50:00:c1:cc:46: 90:ba:9e:66:83:9e:41:62:c5:ac:ae:5f:9d:f4:76:e3 Fingerprint (SHA-256): DB:37:EB:1E:D9:61:B9:CB:25:FF:31:F7:CF:1B:9F:FD:4B:F7:DC:86:87:61:CC:F4:6C:F4:1D:28:DF:A7:30:41 Fingerprint (SHA1): 4E:7C:AF:5C:D2:3A:99:2A:DA:EB:7B:D5:23:94:8D:4F:01:9D:99:B9 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6166: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6167: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6168: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182116 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6169: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6170: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #6171: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6172: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518182117 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6173: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6174: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #6175: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6176: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518182118 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6177: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6178: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #6179: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6180: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518182119 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6181: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6182: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #6183: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6184: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518182120 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6185: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6186: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #6187: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6188: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518182121 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6189: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6190: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #6191: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6192: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518182122 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6193: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6194: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6195: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182116 (0x1ee2d4e4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:27:53 2015 Not After : Mon May 18 22:27:53 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:35:ba:67:56:c1:34:e3:16:88:7e:fb:20:b2:b3:39: d9:45:8f:12:1c:8c:00:40:ac:f3:92:6c:40:aa:00:e1: 81:5c:05:d1:7f:d8:73:f6:dd:b3:72:04:2b:a7:e7:65: 75:b1:ab:0c:eb:72:d8:22:1d:b2:fc:08:4f:94:cc:c6: ab:4c:c7:47:00:8c:62:56:6b:4f:a7:f2:7b:c9:64:6d: c6:0a:9b:f4:af:c6:fa:2e:60:00:78:9d:d5:a7:87:de: 4e:4e:f3:7c:1d:f4:69:1a:38:db:22:99:e2:a0:2d:12: d0:1e:95:62:67:a1:e0:51:ab:57:b8:a6:50:9e:b1:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e9:5c:73:e0:b3:57:e1:86:7e:6c:25:4e:93:e2:5d:68: 58:35:6b:66:e4:37:ea:f7:23:36:ec:06:77:50:36:54: 16:87:c1:d8:32:0d:56:a6:05:a5:8c:be:70:19:20:1e: 30:c6:6d:87:17:14:7b:e9:d8:f6:ca:ea:a8:f1:ea:92: 42:c7:9d:df:44:fd:5b:68:d1:13:86:2f:29:9a:cb:83: 1b:9b:eb:8f:fa:c7:8c:8b:60:ad:b9:eb:b3:43:9b:1d: 48:5f:70:d2:3e:3a:d1:4f:d3:3a:4a:c8:0a:80:18:72: e4:35:23:c1:de:72:96:98:70:5c:34:d1:e8:b5:df:1b Fingerprint (SHA-256): B0:E0:7D:6B:30:A3:20:8A:F8:44:8F:B7:65:3D:74:B9:8D:D2:33:19:AA:03:73:BE:F7:1B:08:CF:C8:E6:8F:00 Fingerprint (SHA1): 30:C8:65:CD:96:17:9E:9F:82:C8:3B:72:E1:26:CD:E5:9C:3E:78:7C Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #6196: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6197: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6198: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6199: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182116 (0x1ee2d4e4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:27:53 2015 Not After : Mon May 18 22:27:53 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:35:ba:67:56:c1:34:e3:16:88:7e:fb:20:b2:b3:39: d9:45:8f:12:1c:8c:00:40:ac:f3:92:6c:40:aa:00:e1: 81:5c:05:d1:7f:d8:73:f6:dd:b3:72:04:2b:a7:e7:65: 75:b1:ab:0c:eb:72:d8:22:1d:b2:fc:08:4f:94:cc:c6: ab:4c:c7:47:00:8c:62:56:6b:4f:a7:f2:7b:c9:64:6d: c6:0a:9b:f4:af:c6:fa:2e:60:00:78:9d:d5:a7:87:de: 4e:4e:f3:7c:1d:f4:69:1a:38:db:22:99:e2:a0:2d:12: d0:1e:95:62:67:a1:e0:51:ab:57:b8:a6:50:9e:b1:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e9:5c:73:e0:b3:57:e1:86:7e:6c:25:4e:93:e2:5d:68: 58:35:6b:66:e4:37:ea:f7:23:36:ec:06:77:50:36:54: 16:87:c1:d8:32:0d:56:a6:05:a5:8c:be:70:19:20:1e: 30:c6:6d:87:17:14:7b:e9:d8:f6:ca:ea:a8:f1:ea:92: 42:c7:9d:df:44:fd:5b:68:d1:13:86:2f:29:9a:cb:83: 1b:9b:eb:8f:fa:c7:8c:8b:60:ad:b9:eb:b3:43:9b:1d: 48:5f:70:d2:3e:3a:d1:4f:d3:3a:4a:c8:0a:80:18:72: e4:35:23:c1:de:72:96:98:70:5c:34:d1:e8:b5:df:1b Fingerprint (SHA-256): B0:E0:7D:6B:30:A3:20:8A:F8:44:8F:B7:65:3D:74:B9:8D:D2:33:19:AA:03:73:BE:F7:1B:08:CF:C8:E6:8F:00 Fingerprint (SHA1): 30:C8:65:CD:96:17:9E:9F:82:C8:3B:72:E1:26:CD:E5:9C:3E:78:7C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #6200: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6201: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6202: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6203: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182123 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6204: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6205: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6206: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6207: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182124 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6208: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6209: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6210: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6211: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182125 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6212: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6213: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6214: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6215: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182126 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6216: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6217: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6218: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6219: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6220: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6221: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182123 (0x1ee2d4eb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:28:26 2015 Not After : Mon May 18 22:28:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:11:d9:3a:2c:26:8d:73:61:95:c9:85:8a:29:f2:b2: cf:95:09:9b:b4:24:d0:0d:a9:4f:50:5a:47:23:3b:07: f0:ee:52:19:ec:9b:32:35:3f:47:d7:51:77:1c:a7:ab: b1:f9:3c:69:3f:97:fe:d7:86:66:2a:26:9c:3a:bb:2e: 4e:45:10:98:c4:57:32:76:eb:11:aa:68:49:34:4c:31: 01:75:a4:eb:12:d5:89:83:bb:b6:f3:99:23:49:c6:ca: 20:27:14:92:a0:ed:a2:ac:a7:c0:30:45:74:58:7d:cb: d4:39:f9:fc:78:39:72:70:e3:79:dd:75:fb:4d:c2:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:1a:ae:21:22:7f:c1:60:fa:9a:42:60:49:73:dd:19: 5d:4f:aa:cc:03:7b:ab:9d:93:2d:d8:63:9e:c1:58:f3: 5d:54:ee:ad:16:2a:5e:17:79:dc:23:e2:b1:35:d9:fb: a6:e7:2b:08:65:06:d9:98:cc:9d:47:a8:88:1b:a7:24: 0f:f0:21:89:38:c3:40:2d:ea:a5:37:1f:4e:ba:fd:56: 23:da:07:d8:a4:dc:9d:7b:d4:2e:b8:e6:aa:8c:1a:5d: 68:6c:b3:68:43:fe:89:99:3d:3d:d5:a3:43:67:0a:a3: 64:ad:a9:31:ea:61:ef:82:2f:37:3f:79:5c:6a:7e:e7 Fingerprint (SHA-256): A0:57:2D:69:FF:10:6A:18:66:AF:56:F5:A6:FE:26:6A:A2:30:AA:55:89:8B:93:E9:7E:37:55:BD:BF:A3:A3:33 Fingerprint (SHA1): FF:20:06:6D:AD:22:65:00:2A:27:AB:8D:0F:F2:93:E7:BF:68:F4:AE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6222: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6223: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6224: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182124 (0x1ee2d4ec) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:28:30 2015 Not After : Mon May 18 22:28:30 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:e2:d1:b0:b4:96:56:65:86:97:bd:66:76:9c:54:2c: e8:13:3e:5a:38:c0:fa:b8:19:87:68:f4:fb:b2:16:a6: 2e:a0:47:09:4c:0d:d5:e1:9a:c7:33:58:e0:0b:74:82: af:1e:30:a0:2d:ae:08:a5:d4:ca:ab:f8:8d:62:e2:54: ee:1d:d9:b1:75:37:30:9d:6f:ab:de:c4:d1:0b:a9:3a: 63:e8:ee:60:96:e5:80:14:f5:d6:95:fc:9d:89:47:f3: 42:08:07:10:98:45:7d:db:ab:2b:0c:c8:f5:51:fb:ee: 8a:08:8e:d4:13:e0:1e:d2:fc:83:37:2b:01:9c:1a:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:e3:1a:0c:be:cc:44:8b:36:34:e1:c5:b1:af:cc:71: a1:75:95:8c:15:46:bc:52:50:58:59:50:37:5b:d8:00: 6d:72:cb:bc:5a:42:ed:77:15:e3:b8:a1:d1:e2:f5:30: 0b:2e:b5:95:cc:9d:52:d9:0c:98:0f:1a:b1:45:6b:1f: a0:a0:b1:ff:fa:6e:c9:5d:94:f1:7c:b4:07:7d:03:49: 75:98:02:e0:bd:80:c1:2f:a2:61:e1:18:89:b6:39:bd: 6a:3f:10:3e:00:f5:72:07:da:ca:bf:63:f3:3e:1a:a8: f0:0f:77:a5:e7:85:11:32:eb:aa:16:0a:25:8f:f3:b0 Fingerprint (SHA-256): E6:05:53:A6:86:6B:F1:0F:8D:5C:97:4B:26:2E:53:7D:BE:5E:EA:9B:67:3A:16:B7:48:56:42:68:85:7B:F9:44 Fingerprint (SHA1): 4D:74:25:9E:0B:B5:0B:58:FA:77:F7:B9:8E:79:27:23:3A:54:A2:CC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6225: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6226: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182125 (0x1ee2d4ed) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:28:34 2015 Not After : Mon May 18 22:28:34 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:9a:ce:84:79:55:22:52:ba:fe:e8:bc:48:5d:9b:8b: 1e:a8:87:1e:57:cb:ec:f4:5c:e3:74:20:e3:8e:24:06: ea:ea:43:31:01:80:81:c3:01:b6:fe:94:d6:3c:97:c4: fe:10:3b:87:ab:07:21:a4:31:37:1d:1c:cc:0f:09:0c: e2:c0:13:c6:4f:17:ed:e6:a7:7b:2b:08:55:50:08:6d: 64:cd:05:7f:4a:a0:87:3c:f7:68:12:95:3d:dc:c1:86: 1d:93:0a:8a:95:53:59:04:fe:09:c9:e0:f0:cf:67:4a: 51:12:3e:28:43:92:31:20:09:84:8e:40:c9:e1:3e:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6a:60:84:8d:08:7f:28:b4:21:d3:48:c1:8c:c8:23:37: c1:ac:01:3d:66:54:e3:af:5e:d7:eb:47:7b:03:bb:a1: d9:98:98:28:c0:da:c2:b8:f1:2d:d3:c5:d4:f0:46:fb: 9a:02:fc:37:0a:64:65:f4:a2:ca:35:7d:c4:6d:0b:f7: 9d:a8:d2:21:9f:3b:2a:cc:3d:eb:3e:03:cb:58:da:93: e5:a6:72:48:f3:88:e3:8d:1a:ce:e0:61:c1:a5:ad:a8: c5:71:21:fe:73:56:5b:ac:9a:01:be:a6:10:88:4a:02: 08:30:97:36:d0:03:22:9c:1d:cd:20:6e:42:d8:00:36 Fingerprint (SHA-256): 59:81:1A:D3:31:B1:20:01:CB:1B:A0:C0:03:68:44:C5:1C:98:69:8D:94:AD:0F:FF:0D:AE:D3:31:FE:CE:2C:D7 Fingerprint (SHA1): 72:A0:0C:93:A6:C2:85:01:86:DF:DB:DE:2C:E0:8B:C1:4A:66:34:D8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6227: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6228: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182127 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6229: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6230: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6231: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6232: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182128 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6233: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6234: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6235: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6236: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182129 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6237: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6238: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6239: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6240: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518182130 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6241: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6242: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6243: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6244: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518182131 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6245: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6246: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6247: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6248: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6249: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6250: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #6251: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182127 (0x1ee2d4ef) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:28:49 2015 Not After : Mon May 18 22:28:49 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f6:f6:78:39:41:ef:5d:2f:ff:0f:90:6c:32:80:34:03: 83:f9:68:3b:56:15:4e:fd:0e:95:93:f6:5f:1f:4f:4a: 13:a9:39:fc:e9:c0:14:d2:24:fd:b8:a8:32:80:70:9f: f5:42:d5:f5:83:a0:b1:c1:a2:07:31:e1:7b:56:3c:68: bf:01:75:8e:24:15:01:b8:99:b4:af:b8:c5:a4:af:53: d4:9c:f4:05:d2:a1:14:33:06:20:69:b4:a0:61:07:0d: da:91:ed:2e:3c:32:42:13:a7:e9:5d:00:4a:a9:f9:5b: 7a:d2:b9:f4:d3:9b:0e:97:71:98:c2:bb:f3:75:6c:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5f:35:d4:df:70:51:32:49:d9:d5:dc:16:49:df:08:98: c4:31:3e:e5:9b:ad:f5:44:c0:9c:09:ef:18:c8:1d:3b: 5c:66:9a:5a:90:c2:62:32:9b:c5:96:53:13:bc:5b:74: 9a:69:fa:f4:5f:38:a1:45:28:02:c4:00:14:17:2f:5d: 37:5c:9e:09:17:15:12:29:8f:55:f9:79:d4:14:eb:ab: 99:22:90:16:d0:cf:0e:3e:3c:ac:23:9c:e3:db:f7:ca: c4:b5:0d:57:2d:72:43:ac:f2:4e:73:79:a3:21:b1:4b: 61:7f:fc:f1:4f:c4:cd:e9:e7:a9:0f:21:30:df:06:38 Fingerprint (SHA-256): 42:3E:C9:9E:F0:64:24:66:16:DA:93:CE:F1:24:C3:CB:61:82:82:73:2E:A0:42:80:93:E6:57:CF:5E:A0:09:FB Fingerprint (SHA1): A3:43:3A:E0:AA:9D:FB:2B:2B:1E:40:F3:3A:E1:F1:8D:24:F9:5A:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6252: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6253: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182128 (0x1ee2d4f0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:28:53 2015 Not After : Mon May 18 22:28:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:5c:05:50:d6:93:aa:a8:a6:40:7d:76:2d:34:a3:f9: e2:66:8e:19:23:7d:e2:b6:7b:fc:bb:52:73:d0:e2:66: f1:71:ab:f7:38:8d:dc:5a:74:f5:3b:1e:48:e5:40:69: c3:17:83:2a:10:9d:f4:d2:0d:b6:3d:a8:c3:fc:9c:89: a4:3c:f4:80:91:89:a0:b5:1b:04:85:c9:53:25:4e:51: 64:8f:91:a6:d4:38:cc:28:eb:e5:ec:bf:fe:6e:b9:45: b4:21:44:df:65:32:d9:d3:87:53:d2:58:d3:3f:95:81: 7a:95:b8:4e:15:92:31:70:72:fd:1e:4e:81:4d:6b:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 13:aa:de:81:de:de:c7:a0:1e:31:18:e5:5d:a4:0f:7f: b7:5a:c5:d2:9a:c0:a8:0c:54:8e:45:3f:35:72:c0:e6: a4:9a:21:54:55:5e:a9:1e:94:45:6c:da:53:fa:fe:5e: d7:39:62:18:9e:c8:66:3b:0b:6e:5e:03:cb:71:70:f7: ae:c8:ea:4b:b6:16:f5:4c:b5:39:4e:28:5f:d5:8b:ea: 97:07:a4:a2:09:71:4b:6d:05:90:9b:1b:22:b5:d2:ca: 08:83:d7:31:28:85:84:69:a0:97:a3:9a:73:f6:25:3a: de:2a:9b:1b:88:f3:54:b4:42:31:12:08:8c:00:89:6c Fingerprint (SHA-256): 84:B7:37:0B:CA:D4:94:81:F2:9F:11:5E:51:7C:D4:AE:A5:E5:A6:4F:64:86:F0:E4:34:6B:9F:DF:85:5A:09:21 Fingerprint (SHA1): 39:08:D5:39:6E:FA:90:5F:EB:C2:14:F4:86:93:21:A7:FF:E3:04:2E Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6254: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6255: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6256: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182129 (0x1ee2d4f1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:28:56 2015 Not After : Mon May 18 22:28:56 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:59:dd:00:f1:d9:cd:f5:c2:25:f5:04:8b:8a:e9:33: 86:c1:b8:62:72:f2:ea:d9:a5:ad:f8:76:82:72:6a:94: 37:43:76:07:ba:c5:80:82:e5:d5:11:62:60:ee:8b:34: 45:08:c9:1a:64:8a:82:4e:92:2f:a3:af:36:08:37:d0: 62:31:5f:86:30:8f:0d:1c:be:28:6f:93:c2:dd:86:ee: bf:ac:81:ae:5d:95:d9:09:26:12:ea:09:00:84:a9:cb: 22:07:3a:07:71:fa:ff:c9:20:1f:7a:d6:17:27:e2:39: 8d:0a:16:2d:e9:6b:c1:52:43:87:c1:13:3f:17:e0:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:fa:97:75:30:5a:90:69:a1:04:7b:79:84:89:d8:8c: 63:6b:68:d3:b1:89:74:0e:50:c7:89:d8:bc:d3:b5:c3: 55:48:67:21:8f:a4:82:72:2c:a7:eb:be:f3:bb:bf:34: fd:98:39:ee:f4:cb:2a:3c:a2:82:5d:3f:03:98:47:8e: 80:9e:51:4f:a1:dd:57:b0:29:87:7e:93:c9:68:63:b6: d2:97:d7:85:49:e8:8b:fd:14:28:08:06:2c:34:b0:81: c7:78:2c:da:68:c6:5a:29:10:b3:51:62:bc:2d:eb:f4: c4:24:bb:61:95:8e:99:0f:fe:af:ed:8c:68:47:15:16 Fingerprint (SHA-256): 78:57:67:BD:89:47:F1:A1:1E:77:68:BD:C8:BC:B1:FA:00:6C:62:14:98:BE:27:43:DD:6A:1B:F5:13:D8:AB:F2 Fingerprint (SHA1): F7:6A:2C:EC:74:A8:0B:7E:3B:70:57:71:0B:5D:D8:4C:B1:DC:D9:53 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #6257: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6258: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182132 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6259: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6260: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6261: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6262: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182133 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6263: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6264: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6265: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6266: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182134 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518182041.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6267: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6268: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6269: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6270: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182135 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6271: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6272: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #6273: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182132 (0x1ee2d4f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:29:14 2015 Not After : Mon May 18 22:29:14 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:c4:1f:1e:13:0f:59:e1:67:6d:81:6a:f0:a7:1c:10: cd:75:56:eb:76:b3:c6:e4:2e:f2:2b:04:cf:64:2c:e1: 02:4f:7b:9c:0d:0c:33:c9:dc:10:00:15:ff:e4:60:19: e5:9a:80:ea:e0:20:df:7e:e6:64:c6:97:86:ba:10:2d: c0:3b:aa:32:14:4e:30:57:6a:30:00:8c:88:e7:1c:c0: 3b:30:e9:3a:e4:86:b4:a4:aa:79:90:e6:fd:59:5a:a2: ed:6f:78:f4:5d:80:1a:cd:de:0b:52:55:ca:75:05:33: 19:8d:9c:dc:e9:d0:5f:bd:92:6b:78:e7:7b:be:22:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 83:32:ee:67:43:ed:be:44:d9:71:9f:f6:a3:84:99:61: ff:83:8d:b5:23:0c:c4:cb:f3:14:b5:67:9f:61:d9:26: fe:5c:1b:01:11:c0:cd:28:9f:9d:5a:f0:eb:63:9c:3e: a5:43:31:39:5e:50:8d:61:8b:ef:bd:4c:f8:44:39:84: 4a:49:d8:81:90:a6:89:e8:42:ec:70:01:8c:ff:7e:f7: 81:72:0c:d4:97:be:e5:e2:ef:92:d2:6c:14:69:8a:99: cb:04:d9:ac:35:ee:6f:6a:12:e1:39:b2:22:b0:f0:6d: 89:7a:83:90:1a:e1:6f:18:ad:53:31:aa:fd:ab:83:a1 Fingerprint (SHA-256): F0:EE:A6:EC:6B:22:19:14:81:8D:00:47:BF:1B:C4:00:C9:53:EB:45:19:84:C4:4E:46:32:5F:A5:DE:15:ED:89 Fingerprint (SHA1): E5:56:FD:40:4C:1B:E0:05:11:6C:C6:3A:7A:B7:09:D4:E4:1B:E7:6A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6274: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6275: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182136 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6276: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6277: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6278: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182137 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6279: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6280: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6281: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6282: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182138 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6283: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6284: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182139 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6285: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6286: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6287: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6288: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6289: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182140 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518182042.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6290: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6291: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6292: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6293: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182141 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6294: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6295: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6296: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182136 (0x1ee2d4f8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:29:31 2015 Not After : Mon May 18 22:29:31 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:54:9d:ea:b6:f0:46:62:38:f6:28:61:45:e0:00:67: 5b:1a:9d:6e:d1:90:59:52:26:86:93:29:b9:9d:90:ec: ca:fa:0f:6d:84:e2:04:4f:bc:3e:33:df:0e:fe:4a:02: 95:9f:f0:3c:ce:bf:f2:fa:5b:32:dc:13:2a:81:48:b4: 90:56:dc:3c:7a:96:89:25:a1:81:b4:6f:14:bc:54:4d: ad:26:3c:73:92:05:e5:e9:2e:eb:fc:cb:f2:b4:45:58: 49:3f:b8:6c:5f:67:6b:53:4d:1c:4b:6c:87:fe:25:ed: fe:e1:e8:a2:ed:8a:0d:ba:6e:97:5a:79:a6:a0:af:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:16:4a:1e:e1:b7:1c:d8:e5:c8:84:3e:61:20:02:b5: e6:38:0d:c4:c5:24:65:fd:af:3e:5f:04:4d:30:60:49: 17:21:f1:30:62:71:56:a9:d0:85:f1:b0:e9:d9:3b:08: 26:6b:e4:6d:d2:d6:b7:01:b3:09:7a:85:74:f3:62:14: 1c:69:12:90:59:57:bf:96:ab:0c:12:d9:d6:29:ea:1b: e2:e2:cc:e9:e0:4d:6b:9c:4e:19:04:4e:a8:72:e5:f8: 39:be:a9:25:29:87:88:0b:8d:c4:6e:df:4a:b3:6c:b2: 34:b9:b4:ce:e2:7e:b2:3f:c8:ac:f7:e7:3e:03:9a:86 Fingerprint (SHA-256): 1D:B6:B6:80:4C:C1:95:43:08:36:57:77:4D:5C:33:47:C4:02:F9:D7:0B:2A:51:21:49:03:B9:21:95:34:89:21 Fingerprint (SHA1): AA:CB:46:40:69:E6:0B:17:19:8B:31:04:B9:55:93:98:31:36:F9:B4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6297: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182137 (0x1ee2d4f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:34 2015 Not After : Mon May 18 22:29:34 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:b4:94:6f:f3:9f:e0:a4:c8:93:2d:0a:cc:27:ee:e1: 95:b8:24:5f:82:d3:ba:2b:2d:72:0f:e1:80:30:46:80: d3:a6:4b:fc:8e:c6:db:ea:56:d4:ac:86:f6:78:47:49: 0a:ff:2e:e1:c3:a0:01:5d:c8:84:9d:61:c9:7b:bd:44: fa:80:8f:7a:05:89:be:ad:1f:e4:40:a7:8b:f9:b9:d6: 53:2a:d6:17:8b:bb:c3:ce:e7:54:99:0a:97:e6:58:f6: e0:26:3b:78:87:7d:27:73:62:ca:7b:fe:92:74:58:40: 91:ae:1c:a2:bb:95:17:54:1f:42:43:1b:f5:f6:80:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:a8:03:21:43:0f:dd:b8:99:46:b5:b9:94:11:f2:f8: fd:39:23:0d:a2:e6:36:80:47:b4:54:08:ba:e1:48:14: d2:b1:82:8e:34:6c:bf:cf:1b:2d:5b:74:67:de:c6:10: ac:3c:43:3c:6d:a1:31:14:c5:b4:08:91:6c:2c:84:d9: 4c:51:d2:56:d2:e5:a5:8f:4d:4f:55:43:98:9d:cf:38: 51:ec:3a:b2:40:92:4e:ac:34:89:6e:88:8b:55:dc:0d: 20:e8:ee:a6:5f:3d:87:54:41:3d:cf:ae:64:16:45:00: 8e:7a:f5:11:da:d5:86:1b:89:9f:cd:e3:88:1a:b6:37 Fingerprint (SHA-256): FF:C9:30:53:73:D9:D7:CE:9D:12:E7:B5:76:71:32:85:50:95:AA:61:ED:C1:2D:04:27:49:C2:E9:84:42:3F:02 Fingerprint (SHA1): 97:2B:EB:E4:2E:1C:26:5C:34:67:5E:6B:F7:A4:69:F8:A2:6A:CE:58 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6298: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182137 (0x1ee2d4f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:34 2015 Not After : Mon May 18 22:29:34 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:b4:94:6f:f3:9f:e0:a4:c8:93:2d:0a:cc:27:ee:e1: 95:b8:24:5f:82:d3:ba:2b:2d:72:0f:e1:80:30:46:80: d3:a6:4b:fc:8e:c6:db:ea:56:d4:ac:86:f6:78:47:49: 0a:ff:2e:e1:c3:a0:01:5d:c8:84:9d:61:c9:7b:bd:44: fa:80:8f:7a:05:89:be:ad:1f:e4:40:a7:8b:f9:b9:d6: 53:2a:d6:17:8b:bb:c3:ce:e7:54:99:0a:97:e6:58:f6: e0:26:3b:78:87:7d:27:73:62:ca:7b:fe:92:74:58:40: 91:ae:1c:a2:bb:95:17:54:1f:42:43:1b:f5:f6:80:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9b:a8:03:21:43:0f:dd:b8:99:46:b5:b9:94:11:f2:f8: fd:39:23:0d:a2:e6:36:80:47:b4:54:08:ba:e1:48:14: d2:b1:82:8e:34:6c:bf:cf:1b:2d:5b:74:67:de:c6:10: ac:3c:43:3c:6d:a1:31:14:c5:b4:08:91:6c:2c:84:d9: 4c:51:d2:56:d2:e5:a5:8f:4d:4f:55:43:98:9d:cf:38: 51:ec:3a:b2:40:92:4e:ac:34:89:6e:88:8b:55:dc:0d: 20:e8:ee:a6:5f:3d:87:54:41:3d:cf:ae:64:16:45:00: 8e:7a:f5:11:da:d5:86:1b:89:9f:cd:e3:88:1a:b6:37 Fingerprint (SHA-256): FF:C9:30:53:73:D9:D7:CE:9D:12:E7:B5:76:71:32:85:50:95:AA:61:ED:C1:2D:04:27:49:C2:E9:84:42:3F:02 Fingerprint (SHA1): 97:2B:EB:E4:2E:1C:26:5C:34:67:5E:6B:F7:A4:69:F8:A2:6A:CE:58 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6299: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6300: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182142 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6301: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6302: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6303: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182143 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6304: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6305: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6306: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6307: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182144 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6308: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6309: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182145 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6310: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6311: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6312: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6313: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6314: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182146 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518182043.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6315: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6316: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6317: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6318: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182147 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6319: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6320: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6321: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6322: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518182148 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518182044.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6323: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6324: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6325: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6326: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182149 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6327: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6328: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6329: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182142 (0x1ee2d4fe) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:29:55 2015 Not After : Mon May 18 22:29:55 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:52:ed:71:da:48:15:31:03:2e:0b:f5:c4:1a:1c:e4: 30:3b:e3:3d:9a:80:97:12:ba:5d:eb:6e:96:c6:45:3d: c0:cd:6b:a3:38:fe:c1:67:6f:47:c1:db:df:c1:d0:db: af:5d:59:b2:b2:9f:22:0d:e8:ce:da:67:5c:b5:f6:4d: 77:43:bb:18:e7:36:61:b6:3b:59:94:6f:de:56:1e:3f: ea:f9:92:57:51:53:f7:40:cd:c2:64:b7:37:61:3e:78: 03:c0:13:2d:3a:a0:54:f5:e7:8c:ef:f8:22:7b:72:e3: 63:b1:5e:60:00:32:00:4d:5d:fa:b2:3c:82:aa:2c:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:ea:02:88:91:f5:40:09:f5:d1:39:d5:25:13:0c:29: 42:a8:b3:19:68:4f:36:d0:9c:76:d9:75:7d:52:a5:aa: 7f:e2:fd:28:57:ca:da:5a:dd:6e:69:d5:eb:37:9d:6b: 5f:97:0a:8e:34:de:f0:9c:29:9a:1c:dd:68:a0:b0:66: 4f:cf:ad:fe:9b:d5:47:c3:21:8f:6c:74:51:88:75:ad: 3c:83:ef:25:8c:ec:29:1f:9a:42:c4:9e:95:3d:83:72: d7:7f:77:b0:15:d3:15:95:da:e3:8b:7d:65:ee:b6:44: a5:af:8e:e6:77:b6:ae:ea:09:65:2d:0c:ab:b1:3f:46 Fingerprint (SHA-256): 92:FB:6F:94:70:0A:4E:21:0D:92:56:2C:39:80:E5:3F:12:38:AE:FA:94:CF:14:B2:75:06:15:BC:4F:31:64:BF Fingerprint (SHA1): 63:BC:C7:F7:0B:26:66:68:AF:62:B8:DB:9C:1D:E6:E7:AB:28:42:68 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6330: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182143 (0x1ee2d4ff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:58 2015 Not After : Mon May 18 22:29:58 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:c3:34:bd:48:5d:e8:8e:52:2b:ec:58:c9:49:24:5e: 36:95:c5:62:31:b1:69:91:b4:a4:e2:90:b4:47:62:9a: be:a1:ac:9d:64:b0:2e:75:67:ca:3d:2a:56:dd:8f:f3: c7:4a:13:04:91:a0:ba:fe:bd:19:c2:c7:09:2b:49:48: 61:3e:66:50:da:a0:1e:72:b8:7e:0b:af:eb:b3:89:f5: da:7b:a6:ae:2a:05:7a:7c:1a:5c:93:73:d4:c7:4b:b0: da:bf:a4:64:b9:38:f7:37:64:dc:b8:ca:7e:28:b1:36: ef:01:50:01:74:10:8d:1e:83:54:c2:90:d3:54:f1:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:a7:6c:60:c3:ae:ea:4f:79:83:00:db:8c:b3:46:c7: 28:e1:22:4b:af:60:52:06:16:0b:71:e9:ed:02:b0:af: 7a:5b:db:dd:22:77:d0:70:6a:e1:bb:e1:84:56:26:3a: 8e:90:eb:ef:d6:be:86:f4:e8:23:f6:f3:2e:20:31:30: 96:92:41:a3:56:bf:c2:10:7c:cf:26:64:cc:83:d9:83: 18:88:5e:26:b2:19:fa:af:34:e0:c4:7c:8b:6f:a8:aa: d6:fd:3c:ee:52:1b:25:7e:ed:2d:2e:04:62:5b:c8:10: 93:b7:2c:0c:17:d2:dc:5b:60:7a:39:6c:5e:03:b7:e7 Fingerprint (SHA-256): 00:6B:F0:30:D2:EC:F9:07:7A:F2:75:66:69:1F:BC:9D:97:68:AB:F9:31:20:83:28:C3:94:D2:48:AA:14:08:8A Fingerprint (SHA1): C9:51:64:5C:F1:58:0E:BF:88:27:B0:68:0A:5F:D9:18:86:FA:85:B2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6331: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182143 (0x1ee2d4ff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:58 2015 Not After : Mon May 18 22:29:58 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:c3:34:bd:48:5d:e8:8e:52:2b:ec:58:c9:49:24:5e: 36:95:c5:62:31:b1:69:91:b4:a4:e2:90:b4:47:62:9a: be:a1:ac:9d:64:b0:2e:75:67:ca:3d:2a:56:dd:8f:f3: c7:4a:13:04:91:a0:ba:fe:bd:19:c2:c7:09:2b:49:48: 61:3e:66:50:da:a0:1e:72:b8:7e:0b:af:eb:b3:89:f5: da:7b:a6:ae:2a:05:7a:7c:1a:5c:93:73:d4:c7:4b:b0: da:bf:a4:64:b9:38:f7:37:64:dc:b8:ca:7e:28:b1:36: ef:01:50:01:74:10:8d:1e:83:54:c2:90:d3:54:f1:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:a7:6c:60:c3:ae:ea:4f:79:83:00:db:8c:b3:46:c7: 28:e1:22:4b:af:60:52:06:16:0b:71:e9:ed:02:b0:af: 7a:5b:db:dd:22:77:d0:70:6a:e1:bb:e1:84:56:26:3a: 8e:90:eb:ef:d6:be:86:f4:e8:23:f6:f3:2e:20:31:30: 96:92:41:a3:56:bf:c2:10:7c:cf:26:64:cc:83:d9:83: 18:88:5e:26:b2:19:fa:af:34:e0:c4:7c:8b:6f:a8:aa: d6:fd:3c:ee:52:1b:25:7e:ed:2d:2e:04:62:5b:c8:10: 93:b7:2c:0c:17:d2:dc:5b:60:7a:39:6c:5e:03:b7:e7 Fingerprint (SHA-256): 00:6B:F0:30:D2:EC:F9:07:7A:F2:75:66:69:1F:BC:9D:97:68:AB:F9:31:20:83:28:C3:94:D2:48:AA:14:08:8A Fingerprint (SHA1): C9:51:64:5C:F1:58:0E:BF:88:27:B0:68:0A:5F:D9:18:86:FA:85:B2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6332: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #6333: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182142 (0x1ee2d4fe) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:29:55 2015 Not After : Mon May 18 22:29:55 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:52:ed:71:da:48:15:31:03:2e:0b:f5:c4:1a:1c:e4: 30:3b:e3:3d:9a:80:97:12:ba:5d:eb:6e:96:c6:45:3d: c0:cd:6b:a3:38:fe:c1:67:6f:47:c1:db:df:c1:d0:db: af:5d:59:b2:b2:9f:22:0d:e8:ce:da:67:5c:b5:f6:4d: 77:43:bb:18:e7:36:61:b6:3b:59:94:6f:de:56:1e:3f: ea:f9:92:57:51:53:f7:40:cd:c2:64:b7:37:61:3e:78: 03:c0:13:2d:3a:a0:54:f5:e7:8c:ef:f8:22:7b:72:e3: 63:b1:5e:60:00:32:00:4d:5d:fa:b2:3c:82:aa:2c:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:ea:02:88:91:f5:40:09:f5:d1:39:d5:25:13:0c:29: 42:a8:b3:19:68:4f:36:d0:9c:76:d9:75:7d:52:a5:aa: 7f:e2:fd:28:57:ca:da:5a:dd:6e:69:d5:eb:37:9d:6b: 5f:97:0a:8e:34:de:f0:9c:29:9a:1c:dd:68:a0:b0:66: 4f:cf:ad:fe:9b:d5:47:c3:21:8f:6c:74:51:88:75:ad: 3c:83:ef:25:8c:ec:29:1f:9a:42:c4:9e:95:3d:83:72: d7:7f:77:b0:15:d3:15:95:da:e3:8b:7d:65:ee:b6:44: a5:af:8e:e6:77:b6:ae:ea:09:65:2d:0c:ab:b1:3f:46 Fingerprint (SHA-256): 92:FB:6F:94:70:0A:4E:21:0D:92:56:2C:39:80:E5:3F:12:38:AE:FA:94:CF:14:B2:75:06:15:BC:4F:31:64:BF Fingerprint (SHA1): 63:BC:C7:F7:0B:26:66:68:AF:62:B8:DB:9C:1D:E6:E7:AB:28:42:68 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6334: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182143 (0x1ee2d4ff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:58 2015 Not After : Mon May 18 22:29:58 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:c3:34:bd:48:5d:e8:8e:52:2b:ec:58:c9:49:24:5e: 36:95:c5:62:31:b1:69:91:b4:a4:e2:90:b4:47:62:9a: be:a1:ac:9d:64:b0:2e:75:67:ca:3d:2a:56:dd:8f:f3: c7:4a:13:04:91:a0:ba:fe:bd:19:c2:c7:09:2b:49:48: 61:3e:66:50:da:a0:1e:72:b8:7e:0b:af:eb:b3:89:f5: da:7b:a6:ae:2a:05:7a:7c:1a:5c:93:73:d4:c7:4b:b0: da:bf:a4:64:b9:38:f7:37:64:dc:b8:ca:7e:28:b1:36: ef:01:50:01:74:10:8d:1e:83:54:c2:90:d3:54:f1:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:a7:6c:60:c3:ae:ea:4f:79:83:00:db:8c:b3:46:c7: 28:e1:22:4b:af:60:52:06:16:0b:71:e9:ed:02:b0:af: 7a:5b:db:dd:22:77:d0:70:6a:e1:bb:e1:84:56:26:3a: 8e:90:eb:ef:d6:be:86:f4:e8:23:f6:f3:2e:20:31:30: 96:92:41:a3:56:bf:c2:10:7c:cf:26:64:cc:83:d9:83: 18:88:5e:26:b2:19:fa:af:34:e0:c4:7c:8b:6f:a8:aa: d6:fd:3c:ee:52:1b:25:7e:ed:2d:2e:04:62:5b:c8:10: 93:b7:2c:0c:17:d2:dc:5b:60:7a:39:6c:5e:03:b7:e7 Fingerprint (SHA-256): 00:6B:F0:30:D2:EC:F9:07:7A:F2:75:66:69:1F:BC:9D:97:68:AB:F9:31:20:83:28:C3:94:D2:48:AA:14:08:8A Fingerprint (SHA1): C9:51:64:5C:F1:58:0E:BF:88:27:B0:68:0A:5F:D9:18:86:FA:85:B2 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6335: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182143 (0x1ee2d4ff) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:29:58 2015 Not After : Mon May 18 22:29:58 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:c3:34:bd:48:5d:e8:8e:52:2b:ec:58:c9:49:24:5e: 36:95:c5:62:31:b1:69:91:b4:a4:e2:90:b4:47:62:9a: be:a1:ac:9d:64:b0:2e:75:67:ca:3d:2a:56:dd:8f:f3: c7:4a:13:04:91:a0:ba:fe:bd:19:c2:c7:09:2b:49:48: 61:3e:66:50:da:a0:1e:72:b8:7e:0b:af:eb:b3:89:f5: da:7b:a6:ae:2a:05:7a:7c:1a:5c:93:73:d4:c7:4b:b0: da:bf:a4:64:b9:38:f7:37:64:dc:b8:ca:7e:28:b1:36: ef:01:50:01:74:10:8d:1e:83:54:c2:90:d3:54:f1:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:a7:6c:60:c3:ae:ea:4f:79:83:00:db:8c:b3:46:c7: 28:e1:22:4b:af:60:52:06:16:0b:71:e9:ed:02:b0:af: 7a:5b:db:dd:22:77:d0:70:6a:e1:bb:e1:84:56:26:3a: 8e:90:eb:ef:d6:be:86:f4:e8:23:f6:f3:2e:20:31:30: 96:92:41:a3:56:bf:c2:10:7c:cf:26:64:cc:83:d9:83: 18:88:5e:26:b2:19:fa:af:34:e0:c4:7c:8b:6f:a8:aa: d6:fd:3c:ee:52:1b:25:7e:ed:2d:2e:04:62:5b:c8:10: 93:b7:2c:0c:17:d2:dc:5b:60:7a:39:6c:5e:03:b7:e7 Fingerprint (SHA-256): 00:6B:F0:30:D2:EC:F9:07:7A:F2:75:66:69:1F:BC:9D:97:68:AB:F9:31:20:83:28:C3:94:D2:48:AA:14:08:8A Fingerprint (SHA1): C9:51:64:5C:F1:58:0E:BF:88:27:B0:68:0A:5F:D9:18:86:FA:85:B2 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6336: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6337: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182150 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6338: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6339: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6340: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182151 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6341: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6342: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #6343: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6344: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518182152 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6345: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6346: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #6347: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6348: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518182153 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6349: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6350: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6351: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6352: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518182154 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6353: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6354: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518182155 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6355: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6356: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #6357: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6358: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6359: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182156 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6360: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6361: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6362: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6363: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518182157 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6364: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6365: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6366: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6367: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182158 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6368: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6369: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6370: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6371: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182159 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6372: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6373: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182150 (0x1ee2d506) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:30:28 2015 Not After : Mon May 18 22:30:28 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:6d:a1:6a:df:62:83:c0:dc:a4:aa:76:dc:17:61:15: b1:fd:62:5c:f8:90:4f:96:d0:b8:2b:4e:75:07:29:1a: 54:1c:b8:2e:b6:57:1b:44:2b:aa:e8:cc:30:58:b4:84: b8:6a:56:15:3b:a8:cd:7d:06:16:32:75:c0:c9:3d:f8: 54:09:89:67:38:08:fa:f3:f2:ee:f9:d1:bf:37:83:e7: 33:0b:eb:d1:27:16:76:80:20:3d:c6:2f:30:17:c6:52: 0c:46:fe:28:84:49:67:e4:78:92:ce:df:f9:ad:2b:a0: 09:7c:73:9d:ff:0f:57:13:6c:b8:96:01:8b:60:48:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3e:3a:c0:0f:5b:f1:c3:f8:4f:ab:f8:f9:34:34:39:28: 1a:19:8d:a2:31:ca:26:34:be:03:21:e0:45:31:fd:a3: 6b:13:39:c5:e2:a1:e0:60:30:fa:c2:68:b5:96:2a:ee: 39:cd:a2:8c:31:1b:d0:90:44:1f:5c:aa:61:26:8d:39: 18:19:93:6e:37:c6:fc:c9:46:08:0d:db:33:51:5d:42: e8:0d:4f:43:6d:b8:d7:5b:ce:4f:bb:cc:64:51:93:64: 4f:e8:c3:f2:6c:8e:b1:ec:86:16:be:57:21:fa:6d:8b: 38:39:99:fe:7e:48:06:32:8f:76:fc:46:59:c2:e8:72 Fingerprint (SHA-256): F1:DD:77:88:8F:34:5C:EE:D6:39:F4:67:6B:F5:73:67:21:94:A2:BF:F7:01:78:BA:14:89:0E:12:D3:BC:47:3D Fingerprint (SHA1): A8:4D:EF:EE:5F:7F:31:FA:5C:91:A9:8C:F4:5B:AD:78:96:D1:0D:00 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #6375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6380: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6381: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6382: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6383: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182151 (0x1ee2d507) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:30:32 2015 Not After : Mon May 18 22:30:32 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:17:01:03:f1:4d:72:ca:1e:64:7e:b4:9f:1f:9d:fb: 07:08:a4:05:f0:e7:35:59:f4:2f:eb:96:ce:ef:b7:ad: 40:40:15:2b:cb:31:ac:d4:98:8b:58:42:0c:c9:8a:a2: 8f:c7:fe:3f:84:82:32:54:09:f4:2f:db:18:12:67:4c: 4c:da:58:6c:02:1c:c9:40:18:bf:e0:89:7a:10:c4:92: 5e:1c:d6:e8:a8:30:58:32:33:6b:e9:02:4b:4e:8d:f4: cc:31:29:98:29:0e:9b:8e:8e:39:04:3f:80:ce:de:9a: d4:4f:b4:82:ff:69:69:9c:d2:5f:e3:50:c4:07:fe:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:f3:2d:f1:df:bf:3a:ca:7e:01:37:cb:43:d8:bd:45: 1f:1f:45:f7:4f:6c:de:4e:bc:9b:30:c2:81:92:c5:7b: ad:04:5d:e5:52:b5:70:95:46:a8:7b:29:39:e6:48:2c: e5:e2:57:19:fb:83:8c:f8:1c:e9:f5:b1:70:ee:09:e8: 8e:2f:3c:15:91:48:7e:85:80:7c:f7:e1:b0:2b:3b:99: 06:33:cc:5b:89:55:bd:1a:10:3a:a1:87:73:99:8b:cd: ec:e8:80:8a:15:64:ea:c0:40:53:4e:a4:c2:de:f1:0f: 83:07:dd:67:81:11:48:94:0a:90:86:59:88:9a:d8:b3 Fingerprint (SHA-256): 7B:34:A0:2F:75:71:15:D6:F6:C5:83:36:C6:24:46:FF:6F:BF:9F:2C:87:D4:17:3D:C1:97:21:6F:79:66:44:A9 Fingerprint (SHA1): 85:0D:E1:61:10:C3:D4:2E:64:62:3E:6F:CD:98:9E:F6:D9:30:08:3A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #6384: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6385: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6386: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6387: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6388: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6389: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6390: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #6391: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #6392: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #6393: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #6394: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #6395: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #6396: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #6397: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #6398: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #6399: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #6400: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #6401: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6402: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182160 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6403: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6404: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6405: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6406: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182161 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6407: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6408: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6409: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6410: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182162 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6411: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6412: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6413: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6414: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518182163 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6415: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6416: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6417: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6418: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182164 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6419: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6420: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6421: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6422: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518182165 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6423: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6424: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6425: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6426: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518182166 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6427: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6428: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #6429: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6430: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518182167 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6431: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6432: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6433: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6434: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518182168 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6435: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6436: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6437: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182160 (0x1ee2d510) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:31:27 2015 Not After : Mon May 18 22:31:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 15:48:12:a4:e4:fb:d0:fd:68:b9:c5:eb:88:5f:a1:51: 4a:62:6c:6b:42:d7:10:df:d0:cb:60:64:2d:61:2e:16: d2:92:82:99:69:56:26:cb:0c:1c:a6:4d:78:bd:b9:8f: 69:ae:10:33:3d:9e:31:49:19:e3:d5:60:95:0f:09:69: 77:30:35:f6:0e:36:7e:81:12:85:67:26:00:b4:7b:07: be:bb:4f:9e:33:d3:8c:0c:b4:64:fe:14:7c:03:ef:f5: be:66:44:cc:c6:ce:f6:56:de:f9:b7:d7:39:45:c5:08: 82:81:da:df:2f:4b:8a:4e:c5:e4:31:22:d9:b6:d1:c7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:70:69:43:d8:e4:df:7f:1f:56:69:f1:ff: 0d:f3:3d:4a:20:a8:97:35:02:14:18:4b:71:25:23:5f: a9:72:e6:ee:72:54:7f:fd:bc:7d:61:99:bf:30 Fingerprint (SHA-256): 08:CB:AD:17:E8:5B:1E:A3:1F:DA:68:B1:20:71:55:DD:4E:2D:3F:3A:5C:21:5F:72:C4:63:F6:EC:43:D9:FD:30 Fingerprint (SHA1): 95:36:FC:27:C8:2C:90:0F:E4:77:10:1F:87:34:C6:9E:03:EA:3F:36 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6438: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182160 (0x1ee2d510) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:31:27 2015 Not After : Mon May 18 22:31:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 15:48:12:a4:e4:fb:d0:fd:68:b9:c5:eb:88:5f:a1:51: 4a:62:6c:6b:42:d7:10:df:d0:cb:60:64:2d:61:2e:16: d2:92:82:99:69:56:26:cb:0c:1c:a6:4d:78:bd:b9:8f: 69:ae:10:33:3d:9e:31:49:19:e3:d5:60:95:0f:09:69: 77:30:35:f6:0e:36:7e:81:12:85:67:26:00:b4:7b:07: be:bb:4f:9e:33:d3:8c:0c:b4:64:fe:14:7c:03:ef:f5: be:66:44:cc:c6:ce:f6:56:de:f9:b7:d7:39:45:c5:08: 82:81:da:df:2f:4b:8a:4e:c5:e4:31:22:d9:b6:d1:c7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:70:69:43:d8:e4:df:7f:1f:56:69:f1:ff: 0d:f3:3d:4a:20:a8:97:35:02:14:18:4b:71:25:23:5f: a9:72:e6:ee:72:54:7f:fd:bc:7d:61:99:bf:30 Fingerprint (SHA-256): 08:CB:AD:17:E8:5B:1E:A3:1F:DA:68:B1:20:71:55:DD:4E:2D:3F:3A:5C:21:5F:72:C4:63:F6:EC:43:D9:FD:30 Fingerprint (SHA1): 95:36:FC:27:C8:2C:90:0F:E4:77:10:1F:87:34:C6:9E:03:EA:3F:36 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6439: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182160 (0x1ee2d510) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:31:27 2015 Not After : Mon May 18 22:31:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 15:48:12:a4:e4:fb:d0:fd:68:b9:c5:eb:88:5f:a1:51: 4a:62:6c:6b:42:d7:10:df:d0:cb:60:64:2d:61:2e:16: d2:92:82:99:69:56:26:cb:0c:1c:a6:4d:78:bd:b9:8f: 69:ae:10:33:3d:9e:31:49:19:e3:d5:60:95:0f:09:69: 77:30:35:f6:0e:36:7e:81:12:85:67:26:00:b4:7b:07: be:bb:4f:9e:33:d3:8c:0c:b4:64:fe:14:7c:03:ef:f5: be:66:44:cc:c6:ce:f6:56:de:f9:b7:d7:39:45:c5:08: 82:81:da:df:2f:4b:8a:4e:c5:e4:31:22:d9:b6:d1:c7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:70:69:43:d8:e4:df:7f:1f:56:69:f1:ff: 0d:f3:3d:4a:20:a8:97:35:02:14:18:4b:71:25:23:5f: a9:72:e6:ee:72:54:7f:fd:bc:7d:61:99:bf:30 Fingerprint (SHA-256): 08:CB:AD:17:E8:5B:1E:A3:1F:DA:68:B1:20:71:55:DD:4E:2D:3F:3A:5C:21:5F:72:C4:63:F6:EC:43:D9:FD:30 Fingerprint (SHA1): 95:36:FC:27:C8:2C:90:0F:E4:77:10:1F:87:34:C6:9E:03:EA:3F:36 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #6440: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182160 (0x1ee2d510) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:31:27 2015 Not After : Mon May 18 22:31:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 15:48:12:a4:e4:fb:d0:fd:68:b9:c5:eb:88:5f:a1:51: 4a:62:6c:6b:42:d7:10:df:d0:cb:60:64:2d:61:2e:16: d2:92:82:99:69:56:26:cb:0c:1c:a6:4d:78:bd:b9:8f: 69:ae:10:33:3d:9e:31:49:19:e3:d5:60:95:0f:09:69: 77:30:35:f6:0e:36:7e:81:12:85:67:26:00:b4:7b:07: be:bb:4f:9e:33:d3:8c:0c:b4:64:fe:14:7c:03:ef:f5: be:66:44:cc:c6:ce:f6:56:de:f9:b7:d7:39:45:c5:08: 82:81:da:df:2f:4b:8a:4e:c5:e4:31:22:d9:b6:d1:c7 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:70:69:43:d8:e4:df:7f:1f:56:69:f1:ff: 0d:f3:3d:4a:20:a8:97:35:02:14:18:4b:71:25:23:5f: a9:72:e6:ee:72:54:7f:fd:bc:7d:61:99:bf:30 Fingerprint (SHA-256): 08:CB:AD:17:E8:5B:1E:A3:1F:DA:68:B1:20:71:55:DD:4E:2D:3F:3A:5C:21:5F:72:C4:63:F6:EC:43:D9:FD:30 Fingerprint (SHA1): 95:36:FC:27:C8:2C:90:0F:E4:77:10:1F:87:34:C6:9E:03:EA:3F:36 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #6441: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6442: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6443: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6444: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #6445: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6446: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6447: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6448: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6449: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6450: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6451: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6452: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #6453: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6454: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6455: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6456: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #6457: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6458: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6459: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6460: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6461: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6462: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6463: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6464: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #6465: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6466: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6467: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6468: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518223225Z nextupdate=20160518223225Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:32:25 2015 Next Update: Wed May 18 22:32:25 2016 CRL Extensions: chains.sh: #6469: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518223225Z nextupdate=20160518223225Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:32:25 2015 Next Update: Wed May 18 22:32:25 2016 CRL Extensions: chains.sh: #6470: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518223226Z nextupdate=20160518223226Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:32:26 2015 Next Update: Wed May 18 22:32:26 2016 CRL Extensions: chains.sh: #6471: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518223227Z nextupdate=20160518223227Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:32:27 2015 Next Update: Wed May 18 22:32:27 2016 CRL Extensions: chains.sh: #6472: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518223228Z addcert 14 20150518223228Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:32:28 2015 Next Update: Wed May 18 22:32:26 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 22:32:28 2015 CRL Extensions: chains.sh: #6473: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518223229Z addcert 15 20150518223229Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:32:29 2015 Next Update: Wed May 18 22:32:25 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 22:32:29 2015 CRL Extensions: chains.sh: #6474: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6475: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6476: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #6477: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #6478: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #6479: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #6480: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #6481: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #6482: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #6483: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:32:02 2015 Not After : Mon May 18 22:32:02 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:05:2a:22:04:93:d5:c1:c2:11:9f:05:10:11:bf:c3: ce:7c:2b:11:98:56:e3:cf:1c:4f:c7:13:09:c4:a7:3b: 44:34:98:5d:32:c5:fc:da:aa:97:78:85:4e:69:70:7b: 4a:ac:4d:58:79:60:ca:10:79:57:ff:2a:6d:d7:71:53: d5:51:49:e0:33:95:15:20:83:5e:e5:56:d2:a0:47:df: 71:b0:57:5b:0e:91:17:48:55:d1:11:2b:1f:6c:56:27: b7:40:05:90:d8:e2:4e:a2:96:65:fd:d9:76:f3:ea:c2: bc:19:b2:24:0e:52:30:f6:63:79:d1:a9:15:5e:dd:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:db:1e:f3:3e:fa:ed:2e:35:0f:76:2f:dc:9f:3c:c5: 2b:4a:f4:86:d7:d7:ad:7c:ac:d4:6c:61:3e:b5:e1:1c: 18:6c:c3:5d:31:73:9b:f1:1d:dc:cf:a9:21:56:fb:77: 09:40:24:49:17:c6:62:56:6c:26:60:12:83:cd:9d:8a: d9:92:d3:9e:5f:75:de:c5:20:7c:02:92:39:cf:65:a8: 8e:98:75:3f:b2:02:2b:26:3f:7c:ec:c5:33:87:df:83: 95:9a:2b:ed:7e:55:35:ed:75:86:c2:37:dc:ab:9c:c6: c3:9f:83:9a:5e:7a:cf:8c:07:7b:25:13:fa:ea:20:69 Fingerprint (SHA-256): 79:D9:A8:2A:8A:E8:52:32:7F:B1:E0:23:BB:31:A0:AD:44:02:A2:15:A7:B2:29:06:83:EE:D0:F1:F6:1B:27:8F Fingerprint (SHA1): 49:1F:5E:3E:F7:88:58:E6:FD:99:1F:77:CA:1F:65:24:06:39:40:C8 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6484: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6485: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:32:02 2015 Not After : Mon May 18 22:32:02 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:05:2a:22:04:93:d5:c1:c2:11:9f:05:10:11:bf:c3: ce:7c:2b:11:98:56:e3:cf:1c:4f:c7:13:09:c4:a7:3b: 44:34:98:5d:32:c5:fc:da:aa:97:78:85:4e:69:70:7b: 4a:ac:4d:58:79:60:ca:10:79:57:ff:2a:6d:d7:71:53: d5:51:49:e0:33:95:15:20:83:5e:e5:56:d2:a0:47:df: 71:b0:57:5b:0e:91:17:48:55:d1:11:2b:1f:6c:56:27: b7:40:05:90:d8:e2:4e:a2:96:65:fd:d9:76:f3:ea:c2: bc:19:b2:24:0e:52:30:f6:63:79:d1:a9:15:5e:dd:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:db:1e:f3:3e:fa:ed:2e:35:0f:76:2f:dc:9f:3c:c5: 2b:4a:f4:86:d7:d7:ad:7c:ac:d4:6c:61:3e:b5:e1:1c: 18:6c:c3:5d:31:73:9b:f1:1d:dc:cf:a9:21:56:fb:77: 09:40:24:49:17:c6:62:56:6c:26:60:12:83:cd:9d:8a: d9:92:d3:9e:5f:75:de:c5:20:7c:02:92:39:cf:65:a8: 8e:98:75:3f:b2:02:2b:26:3f:7c:ec:c5:33:87:df:83: 95:9a:2b:ed:7e:55:35:ed:75:86:c2:37:dc:ab:9c:c6: c3:9f:83:9a:5e:7a:cf:8c:07:7b:25:13:fa:ea:20:69 Fingerprint (SHA-256): 79:D9:A8:2A:8A:E8:52:32:7F:B1:E0:23:BB:31:A0:AD:44:02:A2:15:A7:B2:29:06:83:EE:D0:F1:F6:1B:27:8F Fingerprint (SHA1): 49:1F:5E:3E:F7:88:58:E6:FD:99:1F:77:CA:1F:65:24:06:39:40:C8 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6486: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6487: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6488: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182169 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6489: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6490: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #6491: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6492: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518182170 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6493: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6494: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6495: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182060.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6496: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182045.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6497: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6498: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #6499: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182060.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6500: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518182171 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6501: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6502: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6503: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182060.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6504: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182046.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6505: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6506: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #6507: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6508: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518182172 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6509: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6510: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6511: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182060.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6512: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182047.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6513: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6514: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6515: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182060.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6516: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182048.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6517: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6518: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518223309Z nextupdate=20160518223309Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:33:09 2015 Next Update: Wed May 18 22:33:09 2016 CRL Extensions: chains.sh: #6519: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518223310Z nextupdate=20160518223310Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:33:10 2015 Next Update: Wed May 18 22:33:10 2016 CRL Extensions: chains.sh: #6520: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518223310Z nextupdate=20160518223311Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:33:10 2015 Next Update: Wed May 18 22:33:11 2016 CRL Extensions: chains.sh: #6521: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518223311Z nextupdate=20160518223311Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:33:11 2015 Next Update: Wed May 18 22:33:11 2016 CRL Extensions: chains.sh: #6522: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518223312Z addcert 20 20150518223312Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:33:12 2015 Next Update: Wed May 18 22:33:10 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:33:12 2015 CRL Extensions: chains.sh: #6523: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518223313Z addcert 40 20150518223313Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:33:13 2015 Next Update: Wed May 18 22:33:10 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:33:12 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 22:33:13 2015 CRL Extensions: chains.sh: #6524: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6525: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6526: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #6527: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182169 (0x1ee2d519) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:32:41 2015 Not After : Mon May 18 22:32:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9e:93:9e:cc:5f:d2:80:99:65:47:f7:45:73:a1:f8:7b: 98:5c:8d:db:fe:80:9d:71:2f:e0:47:71:6e:20:c8:d9: 2b:a6:ce:ec:e6:40:a2:e9:48:5b:d0:f1:90:8d:44:48: 17:81:ee:c4:f1:72:83:01:c4:9a:00:1b:8f:70:77:e3: 80:12:e5:3d:14:89:bd:9e:2a:37:b9:ff:94:48:7e:22: 70:bf:1c:18:62:d3:62:89:ef:0c:08:49:83:0a:6f:30: 06:fb:a5:60:38:35:f0:c9:1d:5b:b1:19:1a:1b:50:de: 56:3e:83:5a:ef:50:16:77:6f:07:03:84:3e:0c:09:7f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:82:8c:db:40:1e:41:93:19:df:b6:2c:15:4d:78:5a: de:49:77:c5:79:80:0e:b0:1d:78:9d:b1:46:bb:85:51: 14:d1:44:01:6b:0b:33:3f:c8:c5:5e:04:5d:39:b1:0b: 85:9b:37:37:be:1a:08:c3:df:58:03:b2:6f:21:e3:55: ec:49:7d:71:91:2b:7f:0e:8a:0d:98:5a:29:0c:75:7f: 61:64:ec:4f:c9:84:0f:1d:54:9f:b9:7f:2e:e5:d5:30: a0:af:e6:f5:3e:0a:17:8a:3f:87:d9:46:16:c5:6c:55: 4a:32:89:a0:a0:f3:10:80:4b:ed:d4:bd:3e:3e:94:06 Fingerprint (SHA-256): 3D:C2:FD:BE:F7:7E:5A:AC:A2:1E:F8:12:CC:DB:2F:0B:29:63:5A:7E:B2:7C:8D:E1:D6:A5:D2:26:25:4D:D1:70 Fingerprint (SHA1): 72:21:36:12:FA:38:E7:AF:B2:0E:1E:61:F1:88:BD:57:A3:9E:98:B3 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6528: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6529: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182169 (0x1ee2d519) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:32:41 2015 Not After : Mon May 18 22:32:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9e:93:9e:cc:5f:d2:80:99:65:47:f7:45:73:a1:f8:7b: 98:5c:8d:db:fe:80:9d:71:2f:e0:47:71:6e:20:c8:d9: 2b:a6:ce:ec:e6:40:a2:e9:48:5b:d0:f1:90:8d:44:48: 17:81:ee:c4:f1:72:83:01:c4:9a:00:1b:8f:70:77:e3: 80:12:e5:3d:14:89:bd:9e:2a:37:b9:ff:94:48:7e:22: 70:bf:1c:18:62:d3:62:89:ef:0c:08:49:83:0a:6f:30: 06:fb:a5:60:38:35:f0:c9:1d:5b:b1:19:1a:1b:50:de: 56:3e:83:5a:ef:50:16:77:6f:07:03:84:3e:0c:09:7f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:82:8c:db:40:1e:41:93:19:df:b6:2c:15:4d:78:5a: de:49:77:c5:79:80:0e:b0:1d:78:9d:b1:46:bb:85:51: 14:d1:44:01:6b:0b:33:3f:c8:c5:5e:04:5d:39:b1:0b: 85:9b:37:37:be:1a:08:c3:df:58:03:b2:6f:21:e3:55: ec:49:7d:71:91:2b:7f:0e:8a:0d:98:5a:29:0c:75:7f: 61:64:ec:4f:c9:84:0f:1d:54:9f:b9:7f:2e:e5:d5:30: a0:af:e6:f5:3e:0a:17:8a:3f:87:d9:46:16:c5:6c:55: 4a:32:89:a0:a0:f3:10:80:4b:ed:d4:bd:3e:3e:94:06 Fingerprint (SHA-256): 3D:C2:FD:BE:F7:7E:5A:AC:A2:1E:F8:12:CC:DB:2F:0B:29:63:5A:7E:B2:7C:8D:E1:D6:A5:D2:26:25:4D:D1:70 Fingerprint (SHA1): 72:21:36:12:FA:38:E7:AF:B2:0E:1E:61:F1:88:BD:57:A3:9E:98:B3 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6530: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6531: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6532: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182173 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6533: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6534: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6535: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6536: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182174 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6537: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6538: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6539: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6540: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182175 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6541: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6542: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6543: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6544: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518182176 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6545: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6546: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #6547: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182177 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6548: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #6549: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #6550: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6551: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518182178 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6552: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6553: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6554: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6555: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518182179 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6556: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6557: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #6558: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #6559: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #6560: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182173 (0x1ee2d51d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:33:21 2015 Not After : Mon May 18 22:33:21 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:bd:d8:86:db:14:8d:fc:6b:e9:56:16:9c:a2:80:41: 7b:e2:20:65:57:40:72:e2:e1:5e:b2:9a:34:e1:c0:0c: df:43:f8:60:c0:57:f0:35:7d:a1:ba:bd:03:a5:fa:d4: e5:01:ed:a3:eb:0a:3d:f9:4c:94:dd:0d:a5:e1:09:b5: ee:01:72:8a:f6:5e:04:f1:c0:af:4b:1b:a6:2b:eb:26: 8d:07:09:5f:32:c0:68:28:2e:80:30:c7:74:58:da:5a: a0:5e:8f:27:bd:0b:a1:eb:b0:71:68:b0:ed:ee:c3:89: 6d:72:0e:d7:b7:7c:2f:68:d1:81:9d:6a:c8:f6:58:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:6b:b5:70:04:9a:5f:73:02:5f:1e:03:38:71:42:6d: 17:d1:67:17:df:fa:72:73:a7:10:14:b2:96:57:c8:8a: 52:aa:81:d4:60:ab:19:c0:52:ec:4e:54:60:da:a3:ac: 56:7e:10:65:78:ea:c4:03:8a:d2:b2:7c:9c:c8:05:7e: a3:b5:c6:68:9d:af:4d:7f:30:1a:ff:17:1c:9f:69:c2: 7a:51:33:63:65:0b:41:c1:05:d7:9b:22:79:d9:2a:5f: ea:6e:88:b2:44:6c:35:22:8b:0a:70:e1:c3:58:80:e4: be:38:cb:ab:d4:1b:d7:6d:a3:40:00:f3:ef:35:9c:03 Fingerprint (SHA-256): 66:BB:45:B2:B2:6F:2B:19:BF:DE:06:97:DD:B6:D5:D4:70:AF:21:4E:84:1F:70:90:25:0E:2A:ED:16:86:E5:E8 Fingerprint (SHA1): C5:7F:C0:82:B5:DD:3E:74:2D:94:27:D8:5C:A8:74:82:04:5C:D9:F0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6561: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182175 (0x1ee2d51f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:33:29 2015 Not After : Mon May 18 22:33:29 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:e8:de:74:f3:3d:70:fb:dc:71:16:87:ee:94:f0:a9: 61:fe:03:1a:ac:ea:47:ed:f3:b2:5d:cc:fb:b3:65:a4: 91:8a:26:8b:9d:8d:4a:79:4e:58:ce:36:7a:b4:f4:2d: 55:d1:7c:ac:81:3a:d3:f7:30:79:08:8b:41:2b:a9:cc: 23:7f:5b:78:bd:8a:9a:5c:c8:66:01:b2:b3:1f:9d:43: a9:1d:d9:53:e2:3d:4d:7b:c7:6e:7f:99:65:4c:17:3a: 74:17:87:7c:c6:80:ca:ef:a8:e7:73:57:82:0d:76:57: a4:04:2e:77:28:0f:50:e6:57:5a:4b:d0:4e:e0:36:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 59:4a:4e:a8:0f:2f:85:79:0e:a4:99:8d:45:3e:24:50: 67:8b:54:d3:20:10:bd:d2:84:9b:46:35:70:cf:83:09: 95:72:1e:7a:df:02:bd:ff:cb:5e:72:53:01:f4:2c:5d: f1:d3:4b:bc:a2:34:d8:c0:a3:8f:d3:fa:52:ba:3a:61: 75:ab:76:54:43:c7:83:39:db:58:a0:69:3c:a4:cf:cf: fd:a6:39:d7:e2:11:f1:b5:d9:4e:8c:4a:ca:b2:5a:5a: 98:61:77:e0:d7:04:e5:9c:da:61:01:39:d4:89:f3:34: aa:fb:e2:cc:05:93:db:35:77:4d:b8:da:7c:b5:9a:9b Fingerprint (SHA-256): 60:C0:39:DF:92:88:2B:0D:35:5A:8F:E2:F0:12:DB:D2:C4:75:49:CA:1A:DD:76:88:D1:E6:46:6C:80:3B:17:03 Fingerprint (SHA1): 2B:AE:8C:61:E4:61:A5:9B:5F:4D:7B:E3:80:93:2D:F4:6C:DD:43:59 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #6562: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182173 (0x1ee2d51d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:33:21 2015 Not After : Mon May 18 22:33:21 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:bd:d8:86:db:14:8d:fc:6b:e9:56:16:9c:a2:80:41: 7b:e2:20:65:57:40:72:e2:e1:5e:b2:9a:34:e1:c0:0c: df:43:f8:60:c0:57:f0:35:7d:a1:ba:bd:03:a5:fa:d4: e5:01:ed:a3:eb:0a:3d:f9:4c:94:dd:0d:a5:e1:09:b5: ee:01:72:8a:f6:5e:04:f1:c0:af:4b:1b:a6:2b:eb:26: 8d:07:09:5f:32:c0:68:28:2e:80:30:c7:74:58:da:5a: a0:5e:8f:27:bd:0b:a1:eb:b0:71:68:b0:ed:ee:c3:89: 6d:72:0e:d7:b7:7c:2f:68:d1:81:9d:6a:c8:f6:58:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:6b:b5:70:04:9a:5f:73:02:5f:1e:03:38:71:42:6d: 17:d1:67:17:df:fa:72:73:a7:10:14:b2:96:57:c8:8a: 52:aa:81:d4:60:ab:19:c0:52:ec:4e:54:60:da:a3:ac: 56:7e:10:65:78:ea:c4:03:8a:d2:b2:7c:9c:c8:05:7e: a3:b5:c6:68:9d:af:4d:7f:30:1a:ff:17:1c:9f:69:c2: 7a:51:33:63:65:0b:41:c1:05:d7:9b:22:79:d9:2a:5f: ea:6e:88:b2:44:6c:35:22:8b:0a:70:e1:c3:58:80:e4: be:38:cb:ab:d4:1b:d7:6d:a3:40:00:f3:ef:35:9c:03 Fingerprint (SHA-256): 66:BB:45:B2:B2:6F:2B:19:BF:DE:06:97:DD:B6:D5:D4:70:AF:21:4E:84:1F:70:90:25:0E:2A:ED:16:86:E5:E8 Fingerprint (SHA1): C5:7F:C0:82:B5:DD:3E:74:2D:94:27:D8:5C:A8:74:82:04:5C:D9:F0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6563: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #6564: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182173 (0x1ee2d51d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:33:21 2015 Not After : Mon May 18 22:33:21 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:bd:d8:86:db:14:8d:fc:6b:e9:56:16:9c:a2:80:41: 7b:e2:20:65:57:40:72:e2:e1:5e:b2:9a:34:e1:c0:0c: df:43:f8:60:c0:57:f0:35:7d:a1:ba:bd:03:a5:fa:d4: e5:01:ed:a3:eb:0a:3d:f9:4c:94:dd:0d:a5:e1:09:b5: ee:01:72:8a:f6:5e:04:f1:c0:af:4b:1b:a6:2b:eb:26: 8d:07:09:5f:32:c0:68:28:2e:80:30:c7:74:58:da:5a: a0:5e:8f:27:bd:0b:a1:eb:b0:71:68:b0:ed:ee:c3:89: 6d:72:0e:d7:b7:7c:2f:68:d1:81:9d:6a:c8:f6:58:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:6b:b5:70:04:9a:5f:73:02:5f:1e:03:38:71:42:6d: 17:d1:67:17:df:fa:72:73:a7:10:14:b2:96:57:c8:8a: 52:aa:81:d4:60:ab:19:c0:52:ec:4e:54:60:da:a3:ac: 56:7e:10:65:78:ea:c4:03:8a:d2:b2:7c:9c:c8:05:7e: a3:b5:c6:68:9d:af:4d:7f:30:1a:ff:17:1c:9f:69:c2: 7a:51:33:63:65:0b:41:c1:05:d7:9b:22:79:d9:2a:5f: ea:6e:88:b2:44:6c:35:22:8b:0a:70:e1:c3:58:80:e4: be:38:cb:ab:d4:1b:d7:6d:a3:40:00:f3:ef:35:9c:03 Fingerprint (SHA-256): 66:BB:45:B2:B2:6F:2B:19:BF:DE:06:97:DD:B6:D5:D4:70:AF:21:4E:84:1F:70:90:25:0E:2A:ED:16:86:E5:E8 Fingerprint (SHA1): C5:7F:C0:82:B5:DD:3E:74:2D:94:27:D8:5C:A8:74:82:04:5C:D9:F0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6565: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182175 (0x1ee2d51f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:33:29 2015 Not After : Mon May 18 22:33:29 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:e8:de:74:f3:3d:70:fb:dc:71:16:87:ee:94:f0:a9: 61:fe:03:1a:ac:ea:47:ed:f3:b2:5d:cc:fb:b3:65:a4: 91:8a:26:8b:9d:8d:4a:79:4e:58:ce:36:7a:b4:f4:2d: 55:d1:7c:ac:81:3a:d3:f7:30:79:08:8b:41:2b:a9:cc: 23:7f:5b:78:bd:8a:9a:5c:c8:66:01:b2:b3:1f:9d:43: a9:1d:d9:53:e2:3d:4d:7b:c7:6e:7f:99:65:4c:17:3a: 74:17:87:7c:c6:80:ca:ef:a8:e7:73:57:82:0d:76:57: a4:04:2e:77:28:0f:50:e6:57:5a:4b:d0:4e:e0:36:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 59:4a:4e:a8:0f:2f:85:79:0e:a4:99:8d:45:3e:24:50: 67:8b:54:d3:20:10:bd:d2:84:9b:46:35:70:cf:83:09: 95:72:1e:7a:df:02:bd:ff:cb:5e:72:53:01:f4:2c:5d: f1:d3:4b:bc:a2:34:d8:c0:a3:8f:d3:fa:52:ba:3a:61: 75:ab:76:54:43:c7:83:39:db:58:a0:69:3c:a4:cf:cf: fd:a6:39:d7:e2:11:f1:b5:d9:4e:8c:4a:ca:b2:5a:5a: 98:61:77:e0:d7:04:e5:9c:da:61:01:39:d4:89:f3:34: aa:fb:e2:cc:05:93:db:35:77:4d:b8:da:7c:b5:9a:9b Fingerprint (SHA-256): 60:C0:39:DF:92:88:2B:0D:35:5A:8F:E2:F0:12:DB:D2:C4:75:49:CA:1A:DD:76:88:D1:E6:46:6C:80:3B:17:03 Fingerprint (SHA1): 2B:AE:8C:61:E4:61:A5:9B:5F:4D:7B:E3:80:93:2D:F4:6C:DD:43:59 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #6566: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #6567: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #6568: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #6569: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182173 (0x1ee2d51d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:33:21 2015 Not After : Mon May 18 22:33:21 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:bd:d8:86:db:14:8d:fc:6b:e9:56:16:9c:a2:80:41: 7b:e2:20:65:57:40:72:e2:e1:5e:b2:9a:34:e1:c0:0c: df:43:f8:60:c0:57:f0:35:7d:a1:ba:bd:03:a5:fa:d4: e5:01:ed:a3:eb:0a:3d:f9:4c:94:dd:0d:a5:e1:09:b5: ee:01:72:8a:f6:5e:04:f1:c0:af:4b:1b:a6:2b:eb:26: 8d:07:09:5f:32:c0:68:28:2e:80:30:c7:74:58:da:5a: a0:5e:8f:27:bd:0b:a1:eb:b0:71:68:b0:ed:ee:c3:89: 6d:72:0e:d7:b7:7c:2f:68:d1:81:9d:6a:c8:f6:58:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:6b:b5:70:04:9a:5f:73:02:5f:1e:03:38:71:42:6d: 17:d1:67:17:df:fa:72:73:a7:10:14:b2:96:57:c8:8a: 52:aa:81:d4:60:ab:19:c0:52:ec:4e:54:60:da:a3:ac: 56:7e:10:65:78:ea:c4:03:8a:d2:b2:7c:9c:c8:05:7e: a3:b5:c6:68:9d:af:4d:7f:30:1a:ff:17:1c:9f:69:c2: 7a:51:33:63:65:0b:41:c1:05:d7:9b:22:79:d9:2a:5f: ea:6e:88:b2:44:6c:35:22:8b:0a:70:e1:c3:58:80:e4: be:38:cb:ab:d4:1b:d7:6d:a3:40:00:f3:ef:35:9c:03 Fingerprint (SHA-256): 66:BB:45:B2:B2:6F:2B:19:BF:DE:06:97:DD:B6:D5:D4:70:AF:21:4E:84:1F:70:90:25:0E:2A:ED:16:86:E5:E8 Fingerprint (SHA1): C5:7F:C0:82:B5:DD:3E:74:2D:94:27:D8:5C:A8:74:82:04:5C:D9:F0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6570: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182177 (0x1ee2d521) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:33:35 2015 Not After : Mon May 18 22:33:35 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b4:7f:48:7a:20:d6:d9:6f:7f:45:43:bd:45:bb:8b:20: 6a:a3:fd:98:dc:37:d2:00:81:72:3c:de:2b:4f:86:fc: a1:d0:cd:69:b1:1b:9e:03:44:a5:4d:2f:ac:67:3a:13: da:50:e7:f6:74:fe:75:ac:77:f7:cd:0d:71:a3:f5:46: 30:9e:1e:b3:77:1d:02:48:c6:d8:e4:c7:f8:96:9a:ce: 9f:28:82:74:61:ad:85:3b:6a:3d:17:74:e3:c1:16:57: 8a:cc:8a:d8:b5:8f:2b:6d:55:41:37:b8:52:04:4c:f8: 7f:20:22:8c:8d:f9:96:83:f9:4f:81:23:2c:89:4a:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:8c:a1:9b:4f:6b:4a:db:49:63:ac:1d:d2:f4:f2:e1: 5d:17:2e:62:88:bb:81:f6:08:8e:af:e7:1b:94:75:77: d4:4c:39:24:73:0f:c3:97:8c:6b:07:c1:7d:f9:12:b1: 5e:76:f5:6d:fb:c3:8f:d0:05:af:29:27:88:cb:0e:57: 49:9d:61:20:c8:5c:aa:c9:ec:0f:32:8c:65:16:00:41: b9:ce:38:eb:ee:aa:56:8a:de:f9:29:14:0a:2c:32:21: d8:cb:6c:ba:14:9f:85:3b:c7:42:85:8b:dd:1e:47:40: ae:ef:0a:c0:da:ae:dd:e8:5e:b9:fa:78:99:cf:e5:05 Fingerprint (SHA-256): 6B:FA:D5:EF:3E:63:62:AF:B3:7E:E7:19:D4:D5:65:DE:34:A5:28:FC:A4:4E:A4:4F:11:FB:E2:4B:AF:04:73:87 Fingerprint (SHA1): EE:E0:FA:E8:60:9C:8F:ED:D6:0B:A9:86:87:5E:1E:A5:E7:F5:D3:4B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #6571: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182173 (0x1ee2d51d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:33:21 2015 Not After : Mon May 18 22:33:21 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:bd:d8:86:db:14:8d:fc:6b:e9:56:16:9c:a2:80:41: 7b:e2:20:65:57:40:72:e2:e1:5e:b2:9a:34:e1:c0:0c: df:43:f8:60:c0:57:f0:35:7d:a1:ba:bd:03:a5:fa:d4: e5:01:ed:a3:eb:0a:3d:f9:4c:94:dd:0d:a5:e1:09:b5: ee:01:72:8a:f6:5e:04:f1:c0:af:4b:1b:a6:2b:eb:26: 8d:07:09:5f:32:c0:68:28:2e:80:30:c7:74:58:da:5a: a0:5e:8f:27:bd:0b:a1:eb:b0:71:68:b0:ed:ee:c3:89: 6d:72:0e:d7:b7:7c:2f:68:d1:81:9d:6a:c8:f6:58:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:6b:b5:70:04:9a:5f:73:02:5f:1e:03:38:71:42:6d: 17:d1:67:17:df:fa:72:73:a7:10:14:b2:96:57:c8:8a: 52:aa:81:d4:60:ab:19:c0:52:ec:4e:54:60:da:a3:ac: 56:7e:10:65:78:ea:c4:03:8a:d2:b2:7c:9c:c8:05:7e: a3:b5:c6:68:9d:af:4d:7f:30:1a:ff:17:1c:9f:69:c2: 7a:51:33:63:65:0b:41:c1:05:d7:9b:22:79:d9:2a:5f: ea:6e:88:b2:44:6c:35:22:8b:0a:70:e1:c3:58:80:e4: be:38:cb:ab:d4:1b:d7:6d:a3:40:00:f3:ef:35:9c:03 Fingerprint (SHA-256): 66:BB:45:B2:B2:6F:2B:19:BF:DE:06:97:DD:B6:D5:D4:70:AF:21:4E:84:1F:70:90:25:0E:2A:ED:16:86:E5:E8 Fingerprint (SHA1): C5:7F:C0:82:B5:DD:3E:74:2D:94:27:D8:5C:A8:74:82:04:5C:D9:F0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6572: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #6573: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #6574: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #6575: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #6576: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #6577: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182178 (0x1ee2d522) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:33:39 2015 Not After : Mon May 18 22:33:39 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:7c:ab:1e:c4:4e:d8:f8:19:51:fe:3e:92:54:fa:2c: d4:cf:0c:12:19:e7:24:ec:70:21:68:83:83:eb:f8:e1: 69:10:be:34:6a:6e:b3:f1:6d:81:c8:f3:00:e3:a0:22: 5f:a1:f2:84:62:9c:85:d8:57:57:83:28:66:ba:b7:c7: ec:dd:76:0e:0b:b3:62:56:b2:3d:7d:e6:3b:65:fc:34: 98:20:c1:b5:42:a1:8d:bd:ec:e6:6d:08:5d:a1:25:08: e6:2c:80:11:0b:c5:dd:ce:07:c5:3f:7c:b0:fb:98:15: d2:a8:b4:3c:b9:b4:62:ff:12:e4:57:92:9c:28:5d:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:b6:b5:a7:2d:27:1b:2a:ca:e0:d1:a2:0f:fe:22:81: 20:15:a8:9e:03:ba:27:56:1c:aa:27:10:9b:83:6c:a9: f1:4c:de:cd:08:66:17:c2:62:f2:7f:84:93:24:78:48: 82:95:e4:56:bc:4a:66:b7:6d:c2:e0:e5:a8:49:ad:63: d8:1b:8e:c7:37:0e:3a:5e:d3:0b:e2:ec:0f:90:e9:31: 0f:af:bc:af:2f:8a:0b:8f:7c:05:2d:03:51:08:a3:e4: 7d:f8:14:b2:46:ee:42:d9:40:5b:be:fd:82:6e:63:f3: c7:e5:54:ed:4b:a0:4e:7e:51:6b:8d:da:e4:cc:46:7d Fingerprint (SHA-256): F3:40:33:E6:00:75:3E:3E:DC:DC:FD:93:95:97:D0:03:74:AB:34:6F:8E:F0:37:DD:63:78:E6:D9:9F:FD:03:D9 Fingerprint (SHA1): 3F:49:5E:3D:67:DF:71:B3:7D:87:14:93:FD:C9:55:39:52:FB:37:7A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #6578: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #6579: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #6580: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #6581: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #6582: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6583: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6584: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #6585: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6586: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6587: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #6588: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6589: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6590: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6591: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6592: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6593: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6594: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6595: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6596: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6597: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6598: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #6599: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6600: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #6601: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 21652 at Mon May 18 18:34:16 EDT 2015 kill -USR1 21652 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 21652 killed at Mon May 18 18:34:16 EDT 2015 httpserv starting at Mon May 18 18:34:16 EDT 2015 httpserv -D -p 9683 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.25156 & trying to connect to httpserv at Mon May 18 18:34:16 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Mon May 18 18:34:22 EDT 2015 tstclnt -p 9683 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #6602: Waiting for Server - FAILED kill -0 4911 >/dev/null 2>/dev/null httpserv with PID 4911 found at Mon May 18 18:34:22 EDT 2015 httpserv with PID 4911 started at Mon May 18 18:34:22 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6603: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182180 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6604: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6605: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6606: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182181 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6607: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6608: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6609: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6610: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182182 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6611: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6612: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182183 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6613: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6614: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6615: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6616: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6617: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 518182184 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6618: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6619: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6620: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #6621: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #6622: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182181 (0x1ee2d525) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:34:28 2015 Not After : Mon May 18 22:34:28 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:01:33:d3:cb:98:bf:f0:30:70:e3:ab:f1:cf:c3:0c: 3b:5a:07:73:0a:23:4f:5c:8b:5f:da:1d:c8:6c:99:f1: ca:09:9a:8f:a7:56:54:d0:fc:ca:64:fe:43:b6:cd:8e: c5:fb:5e:b5:d1:e1:8d:30:76:33:7a:0c:c9:1e:bd:f9: 66:c9:81:46:e7:bf:61:e8:ff:c6:52:42:b1:c5:15:c8: b4:39:6a:df:f1:ad:cc:be:7f:38:84:c5:0e:d9:ea:34: c3:ee:f7:76:81:5c:c0:3a:2e:f1:5e:81:94:f7:19:06: dc:27:84:4d:df:b4:4a:93:dd:b3:17:91:72:de:1e:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:87:41:e2:0d:75:0b:e0:44:0f:08:e7:ac:83:84:5c: 7e:3a:b2:60:b0:25:c3:cb:0e:76:50:b4:c3:42:fb:3e: dd:45:d5:cc:2b:cd:36:3b:57:86:a6:7a:79:70:36:1f: 15:89:03:13:7d:51:fe:c0:6a:20:36:e1:b5:51:b2:0c: d4:d4:9a:8d:f6:63:9c:84:d3:58:eb:bc:0c:15:de:0f: d2:63:89:d4:be:75:fe:ae:38:28:10:93:f1:27:5d:ef: a0:51:f7:11:3d:69:1b:de:80:9c:4e:6e:14:43:d0:43: 66:ec:4e:3e:3a:95:fb:d6:b9:a8:30:df:55:f4:09:67 Fingerprint (SHA-256): 06:D2:9B:72:9C:0F:70:95:0C:36:05:4A:A7:C5:38:3F:01:10:99:E7:EF:0E:D2:C2:0C:C5:61:9D:6E:37:94:35 Fingerprint (SHA1): 96:70:A5:2A:94:5B:78:95:FC:9A:29:B7:97:05:0F:ED:6B:71:D7:72 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6623: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182180 (0x1ee2d524) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:34:25 2015 Not After : Mon May 18 22:34:25 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:cd:48:66:ee:86:e0:6e:53:a1:8b:ee:fe:20:4e:48: 6a:53:32:d7:14:9f:ed:e8:0d:b8:d3:34:a5:de:5d:2d: c7:e7:8d:96:6d:b5:38:d4:ad:ae:e0:14:23:a5:5a:84: 37:21:d2:ba:2b:7c:e0:7e:97:f5:d2:06:65:0e:89:9c: 74:88:87:14:6f:54:41:c9:75:9f:33:d7:99:17:f5:58: b0:88:60:21:80:55:f6:c4:be:5e:30:86:b7:1e:e5:e7: fd:db:7c:0c:1a:d8:95:d8:4d:37:29:6a:46:90:f3:c1: 7b:bc:f4:ba:a8:45:6a:78:3e:d3:a0:ba:ab:65:3f:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:0c:5a:4d:b3:3f:5d:54:f0:4f:d8:ae:9f:42:3d:a7: a0:6b:31:d7:18:0d:71:d7:56:74:6e:1e:7f:5f:96:2e: b2:af:e7:c1:75:62:4c:b5:14:40:59:8f:96:28:cb:c6: 5b:8f:08:39:db:91:5d:e6:dd:e5:a5:62:71:34:98:63: da:5e:5a:ac:28:2b:c7:a9:5a:98:bb:1f:70:06:38:77: 6e:54:73:69:c9:85:08:05:a2:94:3c:94:ff:ea:04:75: fa:fb:f6:12:df:79:9e:fc:3e:5a:27:64:b9:db:29:0f: d7:19:6e:12:87:ab:fa:06:e5:b5:0a:c6:17:09:e0:40 Fingerprint (SHA-256): E6:DF:B5:CB:80:B8:C9:F6:ED:E4:4B:DF:C6:9E:45:D2:6E:6E:0A:AA:3A:6A:5B:91:31:C1:27:72:AD:20:4E:01 Fingerprint (SHA1): 44:92:96:27:34:2D:F6:87:AF:3A:52:56:E4:B1:ED:BC:CD:90:B2:44 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6624: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6625: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #6626: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #6627: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182180 (0x1ee2d524) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:34:25 2015 Not After : Mon May 18 22:34:25 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:cd:48:66:ee:86:e0:6e:53:a1:8b:ee:fe:20:4e:48: 6a:53:32:d7:14:9f:ed:e8:0d:b8:d3:34:a5:de:5d:2d: c7:e7:8d:96:6d:b5:38:d4:ad:ae:e0:14:23:a5:5a:84: 37:21:d2:ba:2b:7c:e0:7e:97:f5:d2:06:65:0e:89:9c: 74:88:87:14:6f:54:41:c9:75:9f:33:d7:99:17:f5:58: b0:88:60:21:80:55:f6:c4:be:5e:30:86:b7:1e:e5:e7: fd:db:7c:0c:1a:d8:95:d8:4d:37:29:6a:46:90:f3:c1: 7b:bc:f4:ba:a8:45:6a:78:3e:d3:a0:ba:ab:65:3f:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:0c:5a:4d:b3:3f:5d:54:f0:4f:d8:ae:9f:42:3d:a7: a0:6b:31:d7:18:0d:71:d7:56:74:6e:1e:7f:5f:96:2e: b2:af:e7:c1:75:62:4c:b5:14:40:59:8f:96:28:cb:c6: 5b:8f:08:39:db:91:5d:e6:dd:e5:a5:62:71:34:98:63: da:5e:5a:ac:28:2b:c7:a9:5a:98:bb:1f:70:06:38:77: 6e:54:73:69:c9:85:08:05:a2:94:3c:94:ff:ea:04:75: fa:fb:f6:12:df:79:9e:fc:3e:5a:27:64:b9:db:29:0f: d7:19:6e:12:87:ab:fa:06:e5:b5:0a:c6:17:09:e0:40 Fingerprint (SHA-256): E6:DF:B5:CB:80:B8:C9:F6:ED:E4:4B:DF:C6:9E:45:D2:6E:6E:0A:AA:3A:6A:5B:91:31:C1:27:72:AD:20:4E:01 Fingerprint (SHA1): 44:92:96:27:34:2D:F6:87:AF:3A:52:56:E4:B1:ED:BC:CD:90:B2:44 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6628: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182181 (0x1ee2d525) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:34:28 2015 Not After : Mon May 18 22:34:28 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:01:33:d3:cb:98:bf:f0:30:70:e3:ab:f1:cf:c3:0c: 3b:5a:07:73:0a:23:4f:5c:8b:5f:da:1d:c8:6c:99:f1: ca:09:9a:8f:a7:56:54:d0:fc:ca:64:fe:43:b6:cd:8e: c5:fb:5e:b5:d1:e1:8d:30:76:33:7a:0c:c9:1e:bd:f9: 66:c9:81:46:e7:bf:61:e8:ff:c6:52:42:b1:c5:15:c8: b4:39:6a:df:f1:ad:cc:be:7f:38:84:c5:0e:d9:ea:34: c3:ee:f7:76:81:5c:c0:3a:2e:f1:5e:81:94:f7:19:06: dc:27:84:4d:df:b4:4a:93:dd:b3:17:91:72:de:1e:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:87:41:e2:0d:75:0b:e0:44:0f:08:e7:ac:83:84:5c: 7e:3a:b2:60:b0:25:c3:cb:0e:76:50:b4:c3:42:fb:3e: dd:45:d5:cc:2b:cd:36:3b:57:86:a6:7a:79:70:36:1f: 15:89:03:13:7d:51:fe:c0:6a:20:36:e1:b5:51:b2:0c: d4:d4:9a:8d:f6:63:9c:84:d3:58:eb:bc:0c:15:de:0f: d2:63:89:d4:be:75:fe:ae:38:28:10:93:f1:27:5d:ef: a0:51:f7:11:3d:69:1b:de:80:9c:4e:6e:14:43:d0:43: 66:ec:4e:3e:3a:95:fb:d6:b9:a8:30:df:55:f4:09:67 Fingerprint (SHA-256): 06:D2:9B:72:9C:0F:70:95:0C:36:05:4A:A7:C5:38:3F:01:10:99:E7:EF:0E:D2:C2:0C:C5:61:9D:6E:37:94:35 Fingerprint (SHA1): 96:70:A5:2A:94:5B:78:95:FC:9A:29:B7:97:05:0F:ED:6B:71:D7:72 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6629: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #6630: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #6631: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6632: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6633: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6634: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182181 (0x1ee2d525) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:34:28 2015 Not After : Mon May 18 22:34:28 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:01:33:d3:cb:98:bf:f0:30:70:e3:ab:f1:cf:c3:0c: 3b:5a:07:73:0a:23:4f:5c:8b:5f:da:1d:c8:6c:99:f1: ca:09:9a:8f:a7:56:54:d0:fc:ca:64:fe:43:b6:cd:8e: c5:fb:5e:b5:d1:e1:8d:30:76:33:7a:0c:c9:1e:bd:f9: 66:c9:81:46:e7:bf:61:e8:ff:c6:52:42:b1:c5:15:c8: b4:39:6a:df:f1:ad:cc:be:7f:38:84:c5:0e:d9:ea:34: c3:ee:f7:76:81:5c:c0:3a:2e:f1:5e:81:94:f7:19:06: dc:27:84:4d:df:b4:4a:93:dd:b3:17:91:72:de:1e:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:87:41:e2:0d:75:0b:e0:44:0f:08:e7:ac:83:84:5c: 7e:3a:b2:60:b0:25:c3:cb:0e:76:50:b4:c3:42:fb:3e: dd:45:d5:cc:2b:cd:36:3b:57:86:a6:7a:79:70:36:1f: 15:89:03:13:7d:51:fe:c0:6a:20:36:e1:b5:51:b2:0c: d4:d4:9a:8d:f6:63:9c:84:d3:58:eb:bc:0c:15:de:0f: d2:63:89:d4:be:75:fe:ae:38:28:10:93:f1:27:5d:ef: a0:51:f7:11:3d:69:1b:de:80:9c:4e:6e:14:43:d0:43: 66:ec:4e:3e:3a:95:fb:d6:b9:a8:30:df:55:f4:09:67 Fingerprint (SHA-256): 06:D2:9B:72:9C:0F:70:95:0C:36:05:4A:A7:C5:38:3F:01:10:99:E7:EF:0E:D2:C2:0C:C5:61:9D:6E:37:94:35 Fingerprint (SHA1): 96:70:A5:2A:94:5B:78:95:FC:9A:29:B7:97:05:0F:ED:6B:71:D7:72 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6635: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182181 (0x1ee2d525) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:34:28 2015 Not After : Mon May 18 22:34:28 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:01:33:d3:cb:98:bf:f0:30:70:e3:ab:f1:cf:c3:0c: 3b:5a:07:73:0a:23:4f:5c:8b:5f:da:1d:c8:6c:99:f1: ca:09:9a:8f:a7:56:54:d0:fc:ca:64:fe:43:b6:cd:8e: c5:fb:5e:b5:d1:e1:8d:30:76:33:7a:0c:c9:1e:bd:f9: 66:c9:81:46:e7:bf:61:e8:ff:c6:52:42:b1:c5:15:c8: b4:39:6a:df:f1:ad:cc:be:7f:38:84:c5:0e:d9:ea:34: c3:ee:f7:76:81:5c:c0:3a:2e:f1:5e:81:94:f7:19:06: dc:27:84:4d:df:b4:4a:93:dd:b3:17:91:72:de:1e:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:87:41:e2:0d:75:0b:e0:44:0f:08:e7:ac:83:84:5c: 7e:3a:b2:60:b0:25:c3:cb:0e:76:50:b4:c3:42:fb:3e: dd:45:d5:cc:2b:cd:36:3b:57:86:a6:7a:79:70:36:1f: 15:89:03:13:7d:51:fe:c0:6a:20:36:e1:b5:51:b2:0c: d4:d4:9a:8d:f6:63:9c:84:d3:58:eb:bc:0c:15:de:0f: d2:63:89:d4:be:75:fe:ae:38:28:10:93:f1:27:5d:ef: a0:51:f7:11:3d:69:1b:de:80:9c:4e:6e:14:43:d0:43: 66:ec:4e:3e:3a:95:fb:d6:b9:a8:30:df:55:f4:09:67 Fingerprint (SHA-256): 06:D2:9B:72:9C:0F:70:95:0C:36:05:4A:A7:C5:38:3F:01:10:99:E7:EF:0E:D2:C2:0C:C5:61:9D:6E:37:94:35 Fingerprint (SHA1): 96:70:A5:2A:94:5B:78:95:FC:9A:29:B7:97:05:0F:ED:6B:71:D7:72 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6636: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #6637: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #6638: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6639: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #6640: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #6641: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182180 (0x1ee2d524) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:34:25 2015 Not After : Mon May 18 22:34:25 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:cd:48:66:ee:86:e0:6e:53:a1:8b:ee:fe:20:4e:48: 6a:53:32:d7:14:9f:ed:e8:0d:b8:d3:34:a5:de:5d:2d: c7:e7:8d:96:6d:b5:38:d4:ad:ae:e0:14:23:a5:5a:84: 37:21:d2:ba:2b:7c:e0:7e:97:f5:d2:06:65:0e:89:9c: 74:88:87:14:6f:54:41:c9:75:9f:33:d7:99:17:f5:58: b0:88:60:21:80:55:f6:c4:be:5e:30:86:b7:1e:e5:e7: fd:db:7c:0c:1a:d8:95:d8:4d:37:29:6a:46:90:f3:c1: 7b:bc:f4:ba:a8:45:6a:78:3e:d3:a0:ba:ab:65:3f:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:0c:5a:4d:b3:3f:5d:54:f0:4f:d8:ae:9f:42:3d:a7: a0:6b:31:d7:18:0d:71:d7:56:74:6e:1e:7f:5f:96:2e: b2:af:e7:c1:75:62:4c:b5:14:40:59:8f:96:28:cb:c6: 5b:8f:08:39:db:91:5d:e6:dd:e5:a5:62:71:34:98:63: da:5e:5a:ac:28:2b:c7:a9:5a:98:bb:1f:70:06:38:77: 6e:54:73:69:c9:85:08:05:a2:94:3c:94:ff:ea:04:75: fa:fb:f6:12:df:79:9e:fc:3e:5a:27:64:b9:db:29:0f: d7:19:6e:12:87:ab:fa:06:e5:b5:0a:c6:17:09:e0:40 Fingerprint (SHA-256): E6:DF:B5:CB:80:B8:C9:F6:ED:E4:4B:DF:C6:9E:45:D2:6E:6E:0A:AA:3A:6A:5B:91:31:C1:27:72:AD:20:4E:01 Fingerprint (SHA1): 44:92:96:27:34:2D:F6:87:AF:3A:52:56:E4:B1:ED:BC:CD:90:B2:44 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6642: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182180 (0x1ee2d524) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:34:25 2015 Not After : Mon May 18 22:34:25 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:cd:48:66:ee:86:e0:6e:53:a1:8b:ee:fe:20:4e:48: 6a:53:32:d7:14:9f:ed:e8:0d:b8:d3:34:a5:de:5d:2d: c7:e7:8d:96:6d:b5:38:d4:ad:ae:e0:14:23:a5:5a:84: 37:21:d2:ba:2b:7c:e0:7e:97:f5:d2:06:65:0e:89:9c: 74:88:87:14:6f:54:41:c9:75:9f:33:d7:99:17:f5:58: b0:88:60:21:80:55:f6:c4:be:5e:30:86:b7:1e:e5:e7: fd:db:7c:0c:1a:d8:95:d8:4d:37:29:6a:46:90:f3:c1: 7b:bc:f4:ba:a8:45:6a:78:3e:d3:a0:ba:ab:65:3f:5d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:0c:5a:4d:b3:3f:5d:54:f0:4f:d8:ae:9f:42:3d:a7: a0:6b:31:d7:18:0d:71:d7:56:74:6e:1e:7f:5f:96:2e: b2:af:e7:c1:75:62:4c:b5:14:40:59:8f:96:28:cb:c6: 5b:8f:08:39:db:91:5d:e6:dd:e5:a5:62:71:34:98:63: da:5e:5a:ac:28:2b:c7:a9:5a:98:bb:1f:70:06:38:77: 6e:54:73:69:c9:85:08:05:a2:94:3c:94:ff:ea:04:75: fa:fb:f6:12:df:79:9e:fc:3e:5a:27:64:b9:db:29:0f: d7:19:6e:12:87:ab:fa:06:e5:b5:0a:c6:17:09:e0:40 Fingerprint (SHA-256): E6:DF:B5:CB:80:B8:C9:F6:ED:E4:4B:DF:C6:9E:45:D2:6E:6E:0A:AA:3A:6A:5B:91:31:C1:27:72:AD:20:4E:01 Fingerprint (SHA1): 44:92:96:27:34:2D:F6:87:AF:3A:52:56:E4:B1:ED:BC:CD:90:B2:44 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6643: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #6644: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182185 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6645: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #6646: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #6647: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182186 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6648: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #6649: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #6650: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182187 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6651: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #6652: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #6653: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182188 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6654: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #6655: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #6656: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182189 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6657: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #6658: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #6659: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182190 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6660: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #6661: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #6662: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182191 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6663: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #6664: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #6665: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182192 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6666: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #6667: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #6668: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182193 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6669: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #6670: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #6671: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6672: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 518182194 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6673: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6674: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 518182195 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6675: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6676: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 518182196 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6677: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6678: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #6679: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #6680: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6681: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 518182197 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6682: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6683: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 518182198 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6684: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6685: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 518182199 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6686: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6687: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #6688: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #6689: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6690: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 518182200 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6691: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6692: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 518182201 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6693: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6694: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 518182202 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6695: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6696: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #6697: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #6698: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6699: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 518182203 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6700: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6701: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 518182204 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6702: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6703: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 518182205 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6704: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6705: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #6706: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6707: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6708: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 518182206 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6709: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6710: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6711: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6712: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182207 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6713: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6714: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182185 (0x1ee2d529) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Mon May 18 22:34:57 2015 Not After : Mon May 18 22:34:57 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:23:3c:b9:dc:6c:5c:7b:25:91:6e:05:9e:9e:41:28: fb:28:d2:fa:dd:cf:61:66:eb:a2:83:9f:d8:1d:50:04: 80:65:bb:a3:c2:ac:96:c3:2f:f3:9e:60:a1:15:a4:3d: ca:20:aa:e7:d0:bb:2a:84:0c:f2:6f:cb:c1:ed:81:a6: 59:d0:e2:eb:d7:d6:09:5b:37:56:e9:b3:0e:c6:f2:da: 77:e2:86:4c:43:3b:e8:0c:31:33:3e:53:95:2f:5c:1d: 5b:a6:70:21:3b:46:c0:47:76:b9:5f:d6:2a:92:69:30: 14:f7:84:12:d2:bf:47:dd:10:34:36:86:e8:3b:80:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:a5:3d:80:51:86:c3:43:54:1b:86:46:ee:c5:e5:53: 5c:b9:56:b2:2b:5f:d4:60:48:20:55:87:42:ac:63:0a: 0c:83:88:60:b5:e1:c0:eb:01:4d:1e:3a:6a:39:ec:01: f5:8e:35:05:79:da:6b:7f:fe:18:71:24:78:74:bc:aa: 59:16:05:fb:f5:93:60:c9:73:4c:25:77:69:64:23:71: 3e:13:e7:04:40:13:aa:d9:34:d8:a8:3e:e3:96:c8:20: 1c:75:2a:27:69:9c:d1:30:06:80:6f:ee:02:b1:bd:86: 16:98:c9:87:ee:d9:b5:8c:64:7a:88:53:ba:3f:26:37 Fingerprint (SHA-256): 92:CA:93:61:E0:52:EA:03:10:7D:EE:6A:1E:FC:CA:E0:1A:3F:23:29:AA:2C:5F:B1:C3:68:7B:B7:A7:F2:9E:24 Fingerprint (SHA1): E8:80:4A:45:55:FE:7C:AE:CC:1A:BB:21:34:1E:4D:A6:B5:DE:D5:2F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6715: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182186 (0x1ee2d52a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Mon May 18 22:35:00 2015 Not After : Mon May 18 22:35:00 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0b:4a:68:2c:b7:66:e0:77:ef:17:29:9a:cc:31:a6: 8f:37:b6:bc:08:f3:7b:b2:e4:0e:d2:e2:bb:a7:ee:6d: 26:9c:ae:ec:69:2e:ae:97:13:be:3c:4b:7f:5d:83:ce: d4:3d:c0:31:81:d0:0b:ac:9a:f1:1a:00:0a:09:ff:71: fb:15:bd:55:fb:ca:23:a2:56:06:ee:1a:63:6a:48:63: aa:23:d5:c0:19:1a:b5:5f:1f:dc:c1:7a:13:fd:e3:08: a2:4e:0b:3a:92:29:d5:fe:62:60:5c:0e:7c:17:b2:2e: 72:3c:08:91:59:6d:3f:3d:02:01:b1:b8:7d:f4:47:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6b:4f:2f:f8:72:81:81:86:29:52:d7:01:df:ab:3e:d0: d5:8f:84:7e:74:9d:e5:3e:f5:f7:ad:df:54:3e:ca:0d: 98:43:1a:8b:d3:98:d7:45:65:40:6a:44:4b:c9:33:f4: 16:30:4d:5c:09:f4:42:27:6e:e3:1d:a6:d7:94:9c:84: 9a:35:ad:dd:42:8b:88:bd:d7:8b:60:8d:0c:6c:1e:fb: 03:95:bb:86:01:b7:45:63:3e:3d:00:f5:49:10:ba:3e: 40:c7:94:39:5c:3b:2b:3b:81:90:ed:16:af:f3:ac:43: 07:e4:32:5b:7e:20:c3:0b:40:e3:6f:d9:b3:0a:80:67 Fingerprint (SHA-256): B9:B5:8B:3F:D1:C1:CD:C6:70:E9:A1:A7:F8:D1:C8:59:69:F9:AB:43:29:C5:75:E5:AC:BC:28:34:7B:77:5A:5F Fingerprint (SHA1): FA:8D:3C:EE:D9:6C:C6:5B:94:33:63:66:85:B1:F3:E8:07:D1:5D:2C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6716: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182187 (0x1ee2d52b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Mon May 18 22:35:03 2015 Not After : Mon May 18 22:35:03 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:df:e6:68:62:f3:43:95:5d:5a:a7:11:08:cb:ed:c8: a1:c7:64:d9:e9:02:37:b1:5f:ca:9c:47:e2:a7:63:0f: 83:6f:32:8a:01:a4:f8:b1:68:e1:49:53:65:f5:6a:f6: cc:fa:2a:54:5e:19:94:64:bf:1d:63:e6:6b:19:82:09: c4:99:ad:05:ae:71:3c:56:fe:f1:f8:a3:8e:d2:b3:47: a7:17:d9:20:ee:1b:39:eb:6f:15:fe:18:30:b7:b4:c7: fb:70:5c:fd:54:64:9a:61:b9:d6:1c:7d:81:58:2a:b8: 3f:05:94:a9:8f:de:b1:65:f4:60:81:bb:ba:e5:c4:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:16:f1:5c:00:15:ba:49:cc:73:1b:1f:41:10:38:da: 47:e4:6f:a9:06:3d:c2:3d:d7:be:1f:a8:9e:d3:57:bb: 96:f5:33:73:44:3c:69:9d:23:c1:8e:d5:8b:df:de:5b: 2e:1a:44:61:04:74:39:2d:17:93:50:c0:91:53:f6:df: 52:cf:0b:6f:10:da:4c:04:61:12:46:1b:dd:f5:a8:8a: e0:9a:24:63:bc:27:39:16:46:3d:f3:5b:09:90:46:c1: 5b:40:8c:d3:72:10:df:7e:b4:ea:58:a9:50:6b:a3:d2: 7c:7b:66:9b:98:b9:95:28:34:48:e4:01:ec:c2:11:c7 Fingerprint (SHA-256): D7:A6:FA:84:75:0D:9C:5B:69:58:33:8F:A0:81:A8:6D:45:5D:BB:21:0F:AA:C1:0C:F5:BF:1D:DF:D9:43:A7:CD Fingerprint (SHA1): DD:DE:33:21:91:9E:C2:53:E2:72:BA:6C:FE:47:35:5B:8B:36:55:4A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6717: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182188 (0x1ee2d52c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Mon May 18 22:35:07 2015 Not After : Mon May 18 22:35:07 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:19:fc:51:d7:83:1a:6a:98:1f:83:6e:e9:e7:60:32: e9:cf:5e:5c:22:67:68:1e:28:c5:72:e0:10:b2:4c:03: ac:17:aa:6c:8a:8e:a8:91:bb:94:aa:6a:df:6a:cb:81: 6a:c3:d3:a7:7d:0b:df:84:cc:94:3f:35:be:e2:05:ca: ff:1a:f4:c3:4d:d4:6e:1b:6e:5c:41:bb:27:35:79:64: c0:90:19:7a:df:14:5f:c8:da:d0:20:25:db:97:06:1e: 7a:61:f5:fb:24:a5:ef:c4:dd:00:c5:11:78:11:ae:75: 98:f3:0f:b8:8b:e1:24:e0:42:31:36:f9:9d:32:16:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:04:2b:b7:1e:44:bc:08:2e:31:b0:8d:c4:b0:3a:cb: 84:1d:4a:d2:5f:16:db:2b:9e:7f:be:02:39:da:07:bf: de:eb:89:c9:5f:71:9f:1b:64:fe:41:9b:3e:ff:af:3f: 3c:05:3a:9c:33:d9:8c:0a:6a:9e:53:8d:f4:2d:ab:62: c0:3c:e8:ca:e3:90:e1:3c:6f:ad:d8:e7:a0:2e:87:51: 20:5e:4f:6e:8f:1f:d7:dd:6f:e3:92:1c:c6:f0:fd:22: 17:ce:6b:33:e2:38:f8:73:f8:54:fa:59:4d:99:d8:b8: 2f:de:6f:1b:b2:d8:05:3c:75:2c:ae:89:f7:00:1f:fa Fingerprint (SHA-256): 92:A9:A0:82:60:F0:21:5F:14:E5:6F:CD:16:1D:5C:6D:AB:B6:EF:AA:6A:6F:09:C1:62:E3:B0:BE:EA:2C:33:81 Fingerprint (SHA1): 32:34:68:E6:6B:8E:2B:9B:60:FC:15:05:C1:CF:FC:AA:DD:5E:38:2B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6718: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182189 (0x1ee2d52d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Mon May 18 22:35:10 2015 Not After : Mon May 18 22:35:10 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ed:92:a8:76:fd:17:73:a5:bf:42:15:c6:b2:de:4d:ec: 30:d5:d0:da:69:53:ca:36:0a:4b:e0:d9:95:67:cd:a7: 44:4d:7e:2c:9f:4a:cb:a3:06:9d:c5:3d:6c:d7:90:49: 50:ed:07:3e:12:d7:61:20:52:83:ad:56:de:b1:f5:3f: 2f:20:b3:3c:c6:80:55:b1:65:b7:a0:0b:0d:6c:1b:00: 4f:9e:2c:e6:2e:2c:ce:3d:7f:c0:7b:ba:b8:f0:dd:62: 4b:c6:7f:8f:29:24:97:6d:4c:38:49:00:3c:41:97:13: 3e:09:d7:79:49:0c:fc:d4:df:34:28:bf:ce:ce:78:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:b6:38:51:d2:2e:50:6f:e4:4a:00:53:c0:1c:4a:9e: fd:35:b6:05:de:41:51:01:7a:bf:3f:8e:6d:e6:2a:61: 87:fc:a3:03:bf:ff:e9:79:09:4b:2f:d5:c0:3d:6a:73: e5:10:8d:f6:e9:66:d3:3b:71:c8:5c:44:46:7f:ac:08: f0:90:03:9e:cd:4c:25:0a:11:75:33:47:8c:ac:53:3e: d6:72:56:55:57:69:a7:4e:06:17:d5:85:bc:cb:58:d6: 43:55:f1:72:45:c8:6e:b2:fd:30:81:fb:d0:58:05:7e: dd:bd:f8:13:04:8c:d8:39:4a:27:19:4e:e2:54:54:05 Fingerprint (SHA-256): C9:8E:8A:DB:E1:AC:99:B9:E8:03:17:B1:E9:5E:3C:28:DC:A4:9D:CC:08:72:59:A9:5D:7E:81:EE:A9:80:C4:2E Fingerprint (SHA1): C9:FB:3D:02:29:36:DE:68:05:22:FB:37:E9:26:67:5A:4D:3E:69:A1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6719: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182190 (0x1ee2d52e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Mon May 18 22:35:13 2015 Not After : Mon May 18 22:35:13 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:d5:dd:9d:7e:a0:48:23:61:0d:f8:92:59:b0:38:36: f8:d8:24:2b:0b:1d:6a:27:7e:f2:d0:43:24:20:9a:94: dc:37:c2:15:91:fa:69:f8:80:f0:18:0b:86:bd:84:0f: ff:11:f8:ce:10:56:c2:9f:58:3d:8f:6b:5b:af:f7:80: 14:22:22:86:45:f1:22:c4:19:76:40:f4:15:20:76:dd: e0:c6:9d:02:92:85:5d:75:27:77:31:2e:97:40:b4:48: 1f:b9:8f:a6:5d:d1:71:ce:1a:62:59:9f:70:b0:c1:38: 40:68:b0:2b:13:8e:f5:9a:14:fe:5d:8c:95:3b:97:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6b:98:fc:8d:61:a4:9e:c6:a8:03:14:cc:30:70:1d:e4: ff:07:02:82:f6:48:96:3b:a8:98:93:d1:d4:05:ca:87: c8:e1:49:bd:d5:37:c1:2f:f1:f8:40:ff:ab:3a:11:a5: 87:a8:80:89:3b:d5:42:1d:33:2e:0c:c9:a3:96:6e:af: 7e:3b:fd:b9:28:e8:36:f1:6d:fd:1c:98:af:c4:7b:d9: 27:b7:5a:6f:da:f2:a6:ef:dc:36:8c:31:61:f8:6c:b5: ce:77:9b:f2:b8:7e:20:76:0d:0c:b3:34:4a:a6:2a:67: 4f:16:46:cb:2d:65:ef:81:17:b9:ea:d6:3a:bc:d3:75 Fingerprint (SHA-256): 47:E3:88:22:BE:12:57:F7:4E:94:20:BC:53:57:F6:F4:AD:0B:C2:94:44:14:39:12:09:3B:D7:54:DC:B5:DC:02 Fingerprint (SHA1): 6B:CC:BA:0A:AE:FC:C8:40:B5:27:2B:8A:6B:6F:36:8C:CB:9E:07:08 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6720: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182191 (0x1ee2d52f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Mon May 18 22:35:16 2015 Not After : Mon May 18 22:35:16 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:11:d4:93:bf:b0:43:e0:f4:d8:41:95:a9:62:2b:ec: ab:de:7d:72:99:4c:4f:4e:0d:2e:a4:d7:e9:07:31:b0: ee:1d:ce:96:30:1e:fc:25:73:bd:7d:f2:75:62:89:34: 4a:44:8f:6b:1e:3b:42:aa:90:f2:9f:5d:06:71:72:1f: 1a:08:40:45:2f:04:be:e3:b7:e4:68:f9:1d:67:e8:8b: 60:99:d5:00:3b:6f:22:85:94:83:91:b3:dc:37:20:5f: d4:ce:0a:c4:42:d2:e2:25:b4:ea:5a:a8:f0:1f:27:0d: 81:ea:3d:43:67:73:fd:25:81:6b:ec:d2:a4:04:6b:e5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:78:64:ac:63:c2:2b:0c:9b:e3:d1:97:8b:f6:3e:ea: 56:90:fa:7c:f4:02:1a:e2:33:fa:26:0d:0e:9f:93:28: f8:e1:14:6e:57:be:41:e5:1f:a0:37:8d:c3:cd:c6:48: 57:83:24:b4:94:a5:31:7f:01:0f:be:58:30:2e:e4:f8: d4:19:2b:e2:d4:3c:71:41:06:4e:a6:b6:9f:1e:97:2c: d5:b1:9e:42:ea:bf:92:1d:fd:5f:26:03:d2:fb:aa:a9: 58:7b:40:26:f4:24:ec:bb:a2:c4:3d:ce:2a:2a:41:08: cb:5e:1b:36:8d:02:a3:13:3a:97:51:bf:81:dd:3d:39 Fingerprint (SHA-256): CE:3E:F7:94:75:E9:5B:AD:06:7B:2D:25:39:82:98:8E:02:04:4F:C7:E4:3F:39:41:4E:22:23:A0:4E:2E:D6:84 Fingerprint (SHA1): 71:79:AA:64:31:25:90:48:16:41:4A:8D:49:51:BE:A1:B1:A2:0B:D1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6721: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182192 (0x1ee2d530) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Mon May 18 22:35:18 2015 Not After : Mon May 18 22:35:18 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:32:97:be:23:6a:f8:a9:5d:b9:94:54:ed:dd:ae:6b: 5a:1b:11:0b:8c:bc:58:8f:e6:1c:eb:ff:77:72:6e:14: 60:fc:a0:33:e0:ff:f9:f0:d7:36:cd:5e:46:1d:aa:c1: d6:2c:e1:6b:cb:73:6d:1c:be:69:47:88:17:2d:e1:8c: 5f:b3:f4:f0:54:e4:9c:35:74:73:27:b4:c4:09:c8:fb: 96:66:cd:b3:cb:36:d9:21:c1:b3:57:2f:c2:f0:77:9c: fb:ef:48:f1:52:e4:f5:5a:22:8b:ab:0c:b2:02:7d:12: 21:5d:23:47:0a:c5:4a:53:15:ac:ee:87:72:ea:88:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:68:d0:94:c9:6f:53:48:0d:0b:ec:ac:48:c7:5b:5f: 6c:1d:fc:ce:fe:c6:32:ec:ab:7b:cb:2c:a8:a4:7b:c4: ca:15:a9:0e:68:17:5c:a2:1f:cc:a1:6b:a3:dd:91:a7: 68:f3:cc:cd:49:e6:19:b9:f5:fd:49:77:37:f3:9c:32: 96:ca:13:34:8b:ae:0e:b4:7a:a0:c7:0c:2e:d7:4a:fc: 0d:a5:f0:9b:ce:f8:e2:c5:9a:2a:82:70:0a:30:fe:8e: 53:5b:50:1c:b1:66:06:4e:f5:ee:d4:57:29:4b:61:77: af:72:9a:61:43:92:ed:7b:b5:98:00:4b:12:dc:a6:67 Fingerprint (SHA-256): 7A:A4:EB:5E:BE:76:58:F9:8B:2D:93:8B:AC:5D:2C:07:CF:0A:1F:99:5E:64:55:5D:81:BA:1F:D5:0E:B3:91:46 Fingerprint (SHA1): 4E:83:41:DD:53:F8:F9:E3:ED:FA:5E:43:7F:B9:EC:66:4C:0E:9E:C4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6722: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182193 (0x1ee2d531) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Mon May 18 22:35:21 2015 Not After : Mon May 18 22:35:21 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:71:39:32:f5:dc:55:5c:fd:96:53:b4:10:58:0b:0c: bc:fd:6e:45:b2:b1:92:0d:87:64:ca:ac:07:61:47:1a: 39:73:05:65:99:bc:37:0e:f8:96:c3:0d:0e:90:a6:40: f0:62:76:34:eb:53:f8:ca:f8:72:92:68:81:60:ba:20: cc:93:aa:76:e9:e9:11:66:ac:46:ae:7c:13:6b:14:ca: 24:e0:f7:f5:01:ab:cb:09:14:b9:d2:d2:1b:82:bf:0f: 13:64:92:0d:58:de:49:cc:d5:63:92:6d:2b:e6:13:63: 46:56:91:5a:7a:1d:71:97:54:45:5c:53:67:1a:b9:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:88:c0:99:da:10:4d:62:83:17:a5:8c:29:ce:22:8d: 5b:d5:66:72:be:45:82:c5:01:84:af:29:5e:c4:4c:10: 24:9c:f1:b9:87:07:14:c7:d7:28:a2:74:1f:a8:a3:99: 0c:cc:77:84:20:96:c6:d5:3e:23:0a:1d:9f:05:f6:a9: 44:99:be:58:5b:14:fa:d9:93:b5:49:2c:c1:f4:ca:f4: 7d:99:c5:95:d8:74:04:e9:b4:b8:46:e8:aa:5e:ef:1b: ea:9f:04:0f:3e:a6:3c:58:88:10:31:36:d9:7d:32:c3: fb:45:4e:c4:cd:24:40:fe:5e:76:37:23:32:5c:cb:7e Fingerprint (SHA-256): B5:53:BA:F7:61:4F:67:F5:76:80:97:A8:45:53:E0:B6:9E:5A:A7:B4:07:32:FD:79:F9:46:3D:A1:46:57:F9:2F Fingerprint (SHA1): 9B:BE:14:5B:4F:5D:C8:B9:6E:24:DD:06:CC:26:B0:3C:48:66:A3:5F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6723: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6724: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182208 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6725: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6726: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6727: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6728: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182209 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6729: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6730: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6731: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6732: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182210 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6733: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6734: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6735: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6736: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182211 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6737: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6738: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6739: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182208 (0x1ee2d540) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:07 2015 Not After : Mon May 18 22:36:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:69:43:2a:8f:01:90:41:63:60:44:ed:cc:5d:31:33: 5e:e6:3b:1e:c5:37:bd:b6:55:37:5f:27:40:56:93:e5: a6:bd:a8:41:34:66:8c:10:6d:da:74:c4:9c:73:cd:81: bb:b9:e1:39:11:67:a3:59:1c:a2:b5:81:a5:b3:9e:c4: 96:d0:43:8a:d4:52:96:cc:bd:56:38:94:00:e5:31:c8: 02:2e:ee:42:b7:21:1f:ac:30:7e:08:be:da:18:af:eb: 40:ed:9d:8f:8f:98:50:d2:8b:a6:06:3a:94:5d:9a:9b: 3e:b7:08:2e:19:75:13:9a:a8:e7:aa:bd:88:db:59:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:05:dd:c7:ab:bc:fc:00:d9:0e:d0:a6:42:b3:35:15: 8e:57:6e:3a:62:b4:f7:30:33:58:38:80:98:16:31:e5: 7b:29:ee:bc:5d:d5:7d:9b:45:15:64:b4:75:38:ad:3b: ba:98:2e:cd:60:e4:a1:a9:91:cf:77:9b:4d:e3:ab:1f: 7a:11:ee:5a:02:af:3a:b6:97:83:6c:f5:e5:2e:e5:1f: 7a:98:56:a8:9a:44:21:6f:cc:39:37:ee:75:cf:88:b1: 7d:99:b6:ca:41:03:03:b6:9b:17:76:4e:2a:90:56:42: 20:01:9d:fc:ae:64:24:0f:1e:cf:65:c2:b0:15:6b:32 Fingerprint (SHA-256): A5:08:18:49:85:C5:4F:B5:1B:E6:77:68:12:75:CF:21:F5:69:6D:D8:31:A1:3E:A1:8E:6A:DA:AD:05:94:52:50 Fingerprint (SHA1): 11:F1:C3:B4:C5:A1:68:68:5D:39:50:AD:63:3C:54:8D:58:34:4A:29 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6740: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6741: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182209 (0x1ee2d541) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:11 2015 Not After : Mon May 18 22:36:11 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:66:c5:f3:b2:50:08:2f:c6:3a:c2:20:e6:62:11:a1: 84:2f:09:7d:03:73:b7:2b:45:55:8d:99:6f:61:54:ec: 6c:23:6b:6c:78:29:fe:86:0b:e1:44:92:48:d3:f5:dc: 02:9a:db:60:ae:c9:5f:34:20:a6:38:cd:13:81:b6:28: 14:66:db:f2:0b:35:7e:06:7d:09:7a:da:43:8a:b6:11: d1:d1:a0:8d:5e:f3:16:3e:04:d3:24:ee:1f:7a:f2:ac: 89:95:f0:50:e5:16:2f:85:05:93:1b:fa:cd:41:17:42: 1c:20:54:fa:c0:af:ff:fd:58:3c:22:5a:73:da:08:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:63:c6:6c:8e:13:57:5b:dd:40:0d:5a:c1:76:e1:3a: 7c:46:1b:5d:91:48:dc:b3:07:ce:01:38:75:f2:d1:37: 27:22:61:ba:47:ce:a4:fe:5a:ac:ef:e0:04:34:2e:36: 62:1d:21:6f:17:6b:0c:95:37:e2:5f:fd:43:89:96:48: b6:3e:c2:c6:f7:2c:4e:0a:30:bf:2d:47:46:64:18:0d: 39:b7:14:ac:dc:43:4a:23:f2:29:a2:75:b5:d9:c5:18: 90:36:89:ce:98:e6:9d:d6:ff:71:2d:0f:fa:a1:7a:bb: 8f:81:00:c6:ee:40:e2:65:7f:64:e8:09:37:9e:ca:db Fingerprint (SHA-256): 5F:7A:A2:94:B4:47:F7:BA:D3:AE:68:B9:BA:DD:02:11:DD:BD:05:F6:25:C0:AD:2E:48:C7:E6:6B:CE:A1:D1:9D Fingerprint (SHA1): 7A:0D:6A:21:DA:7A:4B:09:BF:E6:56:FF:F1:A4:E0:82:6C:7D:0A:21 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6742: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6743: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182210 (0x1ee2d542) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:15 2015 Not After : Mon May 18 22:36:15 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:2c:03:fb:13:95:2f:df:ee:cf:8a:15:87:7d:78:19: b3:85:3d:0c:56:36:76:a6:50:99:6c:88:9d:51:dc:62: 7b:40:ac:ae:9c:0c:80:95:0f:8d:ed:4e:d7:6e:5d:7d: a2:8d:fd:46:31:fe:a1:a4:3e:89:e8:70:ba:07:9c:34: 65:1f:d2:c5:52:44:dc:5c:be:92:15:1c:a9:cb:9f:b4: ac:a0:e6:89:f2:52:7f:22:14:a3:fa:22:e3:c2:5e:e4: da:04:5e:30:a7:41:e3:01:c6:fc:ad:7c:d4:74:bc:42: f0:0a:90:65:30:60:a5:6e:55:d6:cf:5d:ac:af:1a:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ae:0f:d7:c3:19:74:19:10:4a:2c:1e:d2:c6:dc:b5:5b: 36:b8:30:93:4f:52:ba:15:2b:6d:fa:b6:2b:1c:ef:00: 95:98:b8:a0:dd:0f:1d:a1:41:77:be:2e:c0:ce:de:d8: d4:c5:bd:7b:48:a3:6f:57:bc:e7:a3:86:1f:e4:05:ed: 57:00:e8:bb:7b:c4:cd:c2:e5:e9:e7:9c:f9:0f:fc:74: c1:f0:fa:62:57:60:7e:1a:a0:14:ac:bd:12:9f:58:d3: d6:44:8d:e2:53:c7:d3:81:15:95:56:e9:96:13:ef:42: d3:88:10:6b:b7:66:6a:25:7d:4e:ba:fb:5e:ba:fb:56 Fingerprint (SHA-256): 03:5E:57:11:E8:FF:B4:FE:E8:AF:53:6A:12:11:81:E0:B6:17:13:4A:2B:E0:61:00:89:4C:8B:A8:AC:3A:8E:42 Fingerprint (SHA1): A2:C5:97:23:BA:69:DC:DC:DD:18:4E:7B:B5:9F:80:AB:87:48:0C:79 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6744: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6745: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6746: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6747: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6748: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182208 (0x1ee2d540) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:07 2015 Not After : Mon May 18 22:36:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:69:43:2a:8f:01:90:41:63:60:44:ed:cc:5d:31:33: 5e:e6:3b:1e:c5:37:bd:b6:55:37:5f:27:40:56:93:e5: a6:bd:a8:41:34:66:8c:10:6d:da:74:c4:9c:73:cd:81: bb:b9:e1:39:11:67:a3:59:1c:a2:b5:81:a5:b3:9e:c4: 96:d0:43:8a:d4:52:96:cc:bd:56:38:94:00:e5:31:c8: 02:2e:ee:42:b7:21:1f:ac:30:7e:08:be:da:18:af:eb: 40:ed:9d:8f:8f:98:50:d2:8b:a6:06:3a:94:5d:9a:9b: 3e:b7:08:2e:19:75:13:9a:a8:e7:aa:bd:88:db:59:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:05:dd:c7:ab:bc:fc:00:d9:0e:d0:a6:42:b3:35:15: 8e:57:6e:3a:62:b4:f7:30:33:58:38:80:98:16:31:e5: 7b:29:ee:bc:5d:d5:7d:9b:45:15:64:b4:75:38:ad:3b: ba:98:2e:cd:60:e4:a1:a9:91:cf:77:9b:4d:e3:ab:1f: 7a:11:ee:5a:02:af:3a:b6:97:83:6c:f5:e5:2e:e5:1f: 7a:98:56:a8:9a:44:21:6f:cc:39:37:ee:75:cf:88:b1: 7d:99:b6:ca:41:03:03:b6:9b:17:76:4e:2a:90:56:42: 20:01:9d:fc:ae:64:24:0f:1e:cf:65:c2:b0:15:6b:32 Fingerprint (SHA-256): A5:08:18:49:85:C5:4F:B5:1B:E6:77:68:12:75:CF:21:F5:69:6D:D8:31:A1:3E:A1:8E:6A:DA:AD:05:94:52:50 Fingerprint (SHA1): 11:F1:C3:B4:C5:A1:68:68:5D:39:50:AD:63:3C:54:8D:58:34:4A:29 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6749: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6750: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182209 (0x1ee2d541) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:11 2015 Not After : Mon May 18 22:36:11 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:66:c5:f3:b2:50:08:2f:c6:3a:c2:20:e6:62:11:a1: 84:2f:09:7d:03:73:b7:2b:45:55:8d:99:6f:61:54:ec: 6c:23:6b:6c:78:29:fe:86:0b:e1:44:92:48:d3:f5:dc: 02:9a:db:60:ae:c9:5f:34:20:a6:38:cd:13:81:b6:28: 14:66:db:f2:0b:35:7e:06:7d:09:7a:da:43:8a:b6:11: d1:d1:a0:8d:5e:f3:16:3e:04:d3:24:ee:1f:7a:f2:ac: 89:95:f0:50:e5:16:2f:85:05:93:1b:fa:cd:41:17:42: 1c:20:54:fa:c0:af:ff:fd:58:3c:22:5a:73:da:08:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:63:c6:6c:8e:13:57:5b:dd:40:0d:5a:c1:76:e1:3a: 7c:46:1b:5d:91:48:dc:b3:07:ce:01:38:75:f2:d1:37: 27:22:61:ba:47:ce:a4:fe:5a:ac:ef:e0:04:34:2e:36: 62:1d:21:6f:17:6b:0c:95:37:e2:5f:fd:43:89:96:48: b6:3e:c2:c6:f7:2c:4e:0a:30:bf:2d:47:46:64:18:0d: 39:b7:14:ac:dc:43:4a:23:f2:29:a2:75:b5:d9:c5:18: 90:36:89:ce:98:e6:9d:d6:ff:71:2d:0f:fa:a1:7a:bb: 8f:81:00:c6:ee:40:e2:65:7f:64:e8:09:37:9e:ca:db Fingerprint (SHA-256): 5F:7A:A2:94:B4:47:F7:BA:D3:AE:68:B9:BA:DD:02:11:DD:BD:05:F6:25:C0:AD:2E:48:C7:E6:6B:CE:A1:D1:9D Fingerprint (SHA1): 7A:0D:6A:21:DA:7A:4B:09:BF:E6:56:FF:F1:A4:E0:82:6C:7D:0A:21 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6751: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6752: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182210 (0x1ee2d542) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:15 2015 Not After : Mon May 18 22:36:15 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:2c:03:fb:13:95:2f:df:ee:cf:8a:15:87:7d:78:19: b3:85:3d:0c:56:36:76:a6:50:99:6c:88:9d:51:dc:62: 7b:40:ac:ae:9c:0c:80:95:0f:8d:ed:4e:d7:6e:5d:7d: a2:8d:fd:46:31:fe:a1:a4:3e:89:e8:70:ba:07:9c:34: 65:1f:d2:c5:52:44:dc:5c:be:92:15:1c:a9:cb:9f:b4: ac:a0:e6:89:f2:52:7f:22:14:a3:fa:22:e3:c2:5e:e4: da:04:5e:30:a7:41:e3:01:c6:fc:ad:7c:d4:74:bc:42: f0:0a:90:65:30:60:a5:6e:55:d6:cf:5d:ac:af:1a:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ae:0f:d7:c3:19:74:19:10:4a:2c:1e:d2:c6:dc:b5:5b: 36:b8:30:93:4f:52:ba:15:2b:6d:fa:b6:2b:1c:ef:00: 95:98:b8:a0:dd:0f:1d:a1:41:77:be:2e:c0:ce:de:d8: d4:c5:bd:7b:48:a3:6f:57:bc:e7:a3:86:1f:e4:05:ed: 57:00:e8:bb:7b:c4:cd:c2:e5:e9:e7:9c:f9:0f:fc:74: c1:f0:fa:62:57:60:7e:1a:a0:14:ac:bd:12:9f:58:d3: d6:44:8d:e2:53:c7:d3:81:15:95:56:e9:96:13:ef:42: d3:88:10:6b:b7:66:6a:25:7d:4e:ba:fb:5e:ba:fb:56 Fingerprint (SHA-256): 03:5E:57:11:E8:FF:B4:FE:E8:AF:53:6A:12:11:81:E0:B6:17:13:4A:2B:E0:61:00:89:4C:8B:A8:AC:3A:8E:42 Fingerprint (SHA1): A2:C5:97:23:BA:69:DC:DC:DD:18:4E:7B:B5:9F:80:AB:87:48:0C:79 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6753: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6754: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6755: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182212 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6756: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6757: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6758: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6759: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182213 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6760: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6761: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6762: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6763: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182214 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6764: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6765: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6766: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6767: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518182215 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6768: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6769: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6770: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6771: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518182216 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6772: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6773: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6774: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182212 (0x1ee2d544) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:33 2015 Not After : Mon May 18 22:36:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:ee:bb:8d:7a:7f:4d:fa:74:7f:21:1e:fb:38:a1:76: 0c:fb:0d:c5:ef:73:fc:15:24:6d:03:b0:81:36:02:6b: db:86:a7:a7:ec:4a:64:2b:a9:76:4f:53:08:46:27:80: d9:38:91:8e:25:b9:d7:5a:b2:f9:e3:8a:a4:84:46:e8: 3c:51:93:6b:10:20:4f:d1:c5:51:0e:3c:88:a1:79:b3: 17:bd:97:05:c2:ff:ac:5d:45:f4:ba:35:0a:b7:99:5c: 31:a0:d2:7d:6a:5e:d4:97:f0:d0:63:ed:23:ce:38:88: ed:2a:80:0a:0f:e7:40:a7:c2:56:d1:00:f0:b7:4d:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:dd:2a:7e:ae:50:c4:46:7e:9e:eb:e3:4e:59:b2:de: 4a:f2:11:b0:87:87:b2:a3:cf:cf:db:2f:b5:55:e9:03: 12:ae:04:29:c7:96:78:b0:6d:30:8f:89:53:f2:69:dc: 42:9c:82:ec:44:64:7b:7c:0b:32:de:b3:3d:be:a5:ec: e2:e7:20:78:09:49:ce:93:04:15:46:ee:0e:69:84:55: 0b:b6:61:95:f6:78:eb:62:0e:bf:3d:35:5a:b0:42:87: 44:a1:12:10:1d:df:93:11:4c:b2:d2:0b:54:68:cb:92: 97:d4:d2:ef:b1:61:8c:70:1a:35:91:55:61:df:d3:6f Fingerprint (SHA-256): 75:DD:D2:8D:0E:E4:70:E3:A9:25:AB:8C:1A:47:57:29:EB:5F:AD:0D:B5:ED:76:D1:EC:57:27:5C:E3:84:6D:6B Fingerprint (SHA1): F6:BC:47:83:C5:06:25:6E:F2:8F:AA:E7:A5:DA:EA:6A:87:AA:B6:31 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6775: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6776: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182213 (0x1ee2d545) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:37 2015 Not After : Mon May 18 22:36:37 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:eb:38:26:ec:78:0c:ee:4b:a7:e3:f5:11:41:b9:0c: 92:4a:0f:2e:80:45:21:7d:5c:57:5c:2d:c2:07:1b:91: de:a4:6e:c1:a6:45:2c:6a:79:cd:bc:51:3b:79:03:cf: b5:e9:0f:4c:4f:e4:ea:e4:e3:6a:68:f7:46:a3:5c:f5: d5:f9:ac:fb:66:3a:9a:73:68:e3:a7:6d:be:bb:2f:4e: 23:56:f7:fb:0d:9e:96:10:06:8a:bf:c2:c5:39:a1:f5: c3:04:7f:9f:be:8d:29:22:d0:ef:b2:1e:5c:bf:c9:51: 81:02:23:35:85:b3:ad:92:01:f1:43:ce:ad:0c:48:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:96:80:0a:ba:3a:7d:d4:ff:02:2e:75:70:ff:56:7c: 87:24:e1:7b:40:1e:40:e5:36:f7:d4:dc:ea:83:b8:0f: 6d:57:12:43:d4:83:a5:23:55:2c:32:ea:74:d6:d1:11: 4a:a3:97:b2:e0:7a:a3:75:17:24:60:43:ba:d5:2b:da: db:0b:6e:94:8f:0b:c6:ca:5f:ee:50:42:ef:c9:73:07: a8:12:dc:0b:0a:a8:0c:05:01:2a:4e:f1:d3:04:5a:40: d5:e5:9b:87:62:a5:6d:67:e5:72:9a:6a:c4:76:32:3a: ac:d9:8d:c9:b4:79:a4:f3:13:5e:3b:70:9b:bb:bc:36 Fingerprint (SHA-256): 2B:84:38:CC:16:26:2D:97:5C:A2:1C:AA:1E:05:60:67:AB:58:70:4D:FB:BC:66:2A:06:9E:FC:E3:D8:FD:9A:F4 Fingerprint (SHA1): EA:C6:0D:49:BC:A3:6C:FB:87:6B:9E:0B:F3:87:4E:4B:98:39:A4:B7 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6777: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6778: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182214 (0x1ee2d546) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:41 2015 Not After : Mon May 18 22:36:41 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:48:7a:cd:a1:30:47:96:b5:01:48:6d:bb:66:f3:d1: bd:bf:87:e6:cd:0e:84:96:7f:ef:2f:59:08:d8:96:5d: 31:a1:d7:fd:52:3c:74:d8:b7:db:49:bd:8b:3c:48:bc: fd:f3:d2:ba:18:37:a6:b9:f9:68:f2:75:9f:ee:e5:d9: 82:bb:09:32:ee:45:b4:2c:ac:7c:3c:be:e0:be:50:a2: 40:ef:f4:c9:82:37:9a:62:2c:04:df:81:3f:ff:19:4d: 8a:72:bc:74:f1:db:6c:63:a9:06:86:3d:92:a2:39:b2: 4c:f7:2a:f3:a3:11:b8:50:90:32:0c:96:ee:58:dd:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:7d:c8:3f:ed:6a:9f:0d:a0:f7:70:a6:ed:7e:9c:b4: 46:32:8f:c7:83:e0:e8:bd:2e:70:a6:7c:c6:b8:fc:bf: c8:3b:16:af:cd:8c:20:e7:2d:72:87:ca:10:25:f7:ba: 7e:5e:99:66:19:bd:12:d5:f8:90:c9:5d:16:bf:4b:4a: 4f:62:ed:76:48:b9:ab:e5:f6:33:89:45:16:90:84:42: af:54:27:9c:31:97:c4:38:9a:7c:a2:e2:64:2a:0a:d6: c7:ae:ba:80:dc:46:36:78:c3:6d:29:54:93:8a:c5:3d: e8:e9:c6:a1:5d:63:6e:d1:77:cc:61:e9:73:90:67:48 Fingerprint (SHA-256): C0:E3:6F:CD:A0:EC:CA:7F:6C:A3:F5:56:8D:F7:33:37:79:A0:C2:10:BD:6D:1E:7F:40:1A:56:52:EB:D7:68:15 Fingerprint (SHA1): FF:61:0A:E7:59:CE:79:EF:FB:34:C6:87:BD:4E:F5:60:25:C6:0E:83 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #6779: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6780: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6781: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6782: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6783: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182212 (0x1ee2d544) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:33 2015 Not After : Mon May 18 22:36:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:ee:bb:8d:7a:7f:4d:fa:74:7f:21:1e:fb:38:a1:76: 0c:fb:0d:c5:ef:73:fc:15:24:6d:03:b0:81:36:02:6b: db:86:a7:a7:ec:4a:64:2b:a9:76:4f:53:08:46:27:80: d9:38:91:8e:25:b9:d7:5a:b2:f9:e3:8a:a4:84:46:e8: 3c:51:93:6b:10:20:4f:d1:c5:51:0e:3c:88:a1:79:b3: 17:bd:97:05:c2:ff:ac:5d:45:f4:ba:35:0a:b7:99:5c: 31:a0:d2:7d:6a:5e:d4:97:f0:d0:63:ed:23:ce:38:88: ed:2a:80:0a:0f:e7:40:a7:c2:56:d1:00:f0:b7:4d:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:dd:2a:7e:ae:50:c4:46:7e:9e:eb:e3:4e:59:b2:de: 4a:f2:11:b0:87:87:b2:a3:cf:cf:db:2f:b5:55:e9:03: 12:ae:04:29:c7:96:78:b0:6d:30:8f:89:53:f2:69:dc: 42:9c:82:ec:44:64:7b:7c:0b:32:de:b3:3d:be:a5:ec: e2:e7:20:78:09:49:ce:93:04:15:46:ee:0e:69:84:55: 0b:b6:61:95:f6:78:eb:62:0e:bf:3d:35:5a:b0:42:87: 44:a1:12:10:1d:df:93:11:4c:b2:d2:0b:54:68:cb:92: 97:d4:d2:ef:b1:61:8c:70:1a:35:91:55:61:df:d3:6f Fingerprint (SHA-256): 75:DD:D2:8D:0E:E4:70:E3:A9:25:AB:8C:1A:47:57:29:EB:5F:AD:0D:B5:ED:76:D1:EC:57:27:5C:E3:84:6D:6B Fingerprint (SHA1): F6:BC:47:83:C5:06:25:6E:F2:8F:AA:E7:A5:DA:EA:6A:87:AA:B6:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6784: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6785: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182213 (0x1ee2d545) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:37 2015 Not After : Mon May 18 22:36:37 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:eb:38:26:ec:78:0c:ee:4b:a7:e3:f5:11:41:b9:0c: 92:4a:0f:2e:80:45:21:7d:5c:57:5c:2d:c2:07:1b:91: de:a4:6e:c1:a6:45:2c:6a:79:cd:bc:51:3b:79:03:cf: b5:e9:0f:4c:4f:e4:ea:e4:e3:6a:68:f7:46:a3:5c:f5: d5:f9:ac:fb:66:3a:9a:73:68:e3:a7:6d:be:bb:2f:4e: 23:56:f7:fb:0d:9e:96:10:06:8a:bf:c2:c5:39:a1:f5: c3:04:7f:9f:be:8d:29:22:d0:ef:b2:1e:5c:bf:c9:51: 81:02:23:35:85:b3:ad:92:01:f1:43:ce:ad:0c:48:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:96:80:0a:ba:3a:7d:d4:ff:02:2e:75:70:ff:56:7c: 87:24:e1:7b:40:1e:40:e5:36:f7:d4:dc:ea:83:b8:0f: 6d:57:12:43:d4:83:a5:23:55:2c:32:ea:74:d6:d1:11: 4a:a3:97:b2:e0:7a:a3:75:17:24:60:43:ba:d5:2b:da: db:0b:6e:94:8f:0b:c6:ca:5f:ee:50:42:ef:c9:73:07: a8:12:dc:0b:0a:a8:0c:05:01:2a:4e:f1:d3:04:5a:40: d5:e5:9b:87:62:a5:6d:67:e5:72:9a:6a:c4:76:32:3a: ac:d9:8d:c9:b4:79:a4:f3:13:5e:3b:70:9b:bb:bc:36 Fingerprint (SHA-256): 2B:84:38:CC:16:26:2D:97:5C:A2:1C:AA:1E:05:60:67:AB:58:70:4D:FB:BC:66:2A:06:9E:FC:E3:D8:FD:9A:F4 Fingerprint (SHA1): EA:C6:0D:49:BC:A3:6C:FB:87:6B:9E:0B:F3:87:4E:4B:98:39:A4:B7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6786: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6787: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182214 (0x1ee2d546) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:41 2015 Not After : Mon May 18 22:36:41 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:48:7a:cd:a1:30:47:96:b5:01:48:6d:bb:66:f3:d1: bd:bf:87:e6:cd:0e:84:96:7f:ef:2f:59:08:d8:96:5d: 31:a1:d7:fd:52:3c:74:d8:b7:db:49:bd:8b:3c:48:bc: fd:f3:d2:ba:18:37:a6:b9:f9:68:f2:75:9f:ee:e5:d9: 82:bb:09:32:ee:45:b4:2c:ac:7c:3c:be:e0:be:50:a2: 40:ef:f4:c9:82:37:9a:62:2c:04:df:81:3f:ff:19:4d: 8a:72:bc:74:f1:db:6c:63:a9:06:86:3d:92:a2:39:b2: 4c:f7:2a:f3:a3:11:b8:50:90:32:0c:96:ee:58:dd:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:7d:c8:3f:ed:6a:9f:0d:a0:f7:70:a6:ed:7e:9c:b4: 46:32:8f:c7:83:e0:e8:bd:2e:70:a6:7c:c6:b8:fc:bf: c8:3b:16:af:cd:8c:20:e7:2d:72:87:ca:10:25:f7:ba: 7e:5e:99:66:19:bd:12:d5:f8:90:c9:5d:16:bf:4b:4a: 4f:62:ed:76:48:b9:ab:e5:f6:33:89:45:16:90:84:42: af:54:27:9c:31:97:c4:38:9a:7c:a2:e2:64:2a:0a:d6: c7:ae:ba:80:dc:46:36:78:c3:6d:29:54:93:8a:c5:3d: e8:e9:c6:a1:5d:63:6e:d1:77:cc:61:e9:73:90:67:48 Fingerprint (SHA-256): C0:E3:6F:CD:A0:EC:CA:7F:6C:A3:F5:56:8D:F7:33:37:79:A0:C2:10:BD:6D:1E:7F:40:1A:56:52:EB:D7:68:15 Fingerprint (SHA1): FF:61:0A:E7:59:CE:79:EF:FB:34:C6:87:BD:4E:F5:60:25:C6:0E:83 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #6788: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6789: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182212 (0x1ee2d544) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:33 2015 Not After : Mon May 18 22:36:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:ee:bb:8d:7a:7f:4d:fa:74:7f:21:1e:fb:38:a1:76: 0c:fb:0d:c5:ef:73:fc:15:24:6d:03:b0:81:36:02:6b: db:86:a7:a7:ec:4a:64:2b:a9:76:4f:53:08:46:27:80: d9:38:91:8e:25:b9:d7:5a:b2:f9:e3:8a:a4:84:46:e8: 3c:51:93:6b:10:20:4f:d1:c5:51:0e:3c:88:a1:79:b3: 17:bd:97:05:c2:ff:ac:5d:45:f4:ba:35:0a:b7:99:5c: 31:a0:d2:7d:6a:5e:d4:97:f0:d0:63:ed:23:ce:38:88: ed:2a:80:0a:0f:e7:40:a7:c2:56:d1:00:f0:b7:4d:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:dd:2a:7e:ae:50:c4:46:7e:9e:eb:e3:4e:59:b2:de: 4a:f2:11:b0:87:87:b2:a3:cf:cf:db:2f:b5:55:e9:03: 12:ae:04:29:c7:96:78:b0:6d:30:8f:89:53:f2:69:dc: 42:9c:82:ec:44:64:7b:7c:0b:32:de:b3:3d:be:a5:ec: e2:e7:20:78:09:49:ce:93:04:15:46:ee:0e:69:84:55: 0b:b6:61:95:f6:78:eb:62:0e:bf:3d:35:5a:b0:42:87: 44:a1:12:10:1d:df:93:11:4c:b2:d2:0b:54:68:cb:92: 97:d4:d2:ef:b1:61:8c:70:1a:35:91:55:61:df:d3:6f Fingerprint (SHA-256): 75:DD:D2:8D:0E:E4:70:E3:A9:25:AB:8C:1A:47:57:29:EB:5F:AD:0D:B5:ED:76:D1:EC:57:27:5C:E3:84:6D:6B Fingerprint (SHA1): F6:BC:47:83:C5:06:25:6E:F2:8F:AA:E7:A5:DA:EA:6A:87:AA:B6:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6790: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182212 (0x1ee2d544) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:33 2015 Not After : Mon May 18 22:36:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:ee:bb:8d:7a:7f:4d:fa:74:7f:21:1e:fb:38:a1:76: 0c:fb:0d:c5:ef:73:fc:15:24:6d:03:b0:81:36:02:6b: db:86:a7:a7:ec:4a:64:2b:a9:76:4f:53:08:46:27:80: d9:38:91:8e:25:b9:d7:5a:b2:f9:e3:8a:a4:84:46:e8: 3c:51:93:6b:10:20:4f:d1:c5:51:0e:3c:88:a1:79:b3: 17:bd:97:05:c2:ff:ac:5d:45:f4:ba:35:0a:b7:99:5c: 31:a0:d2:7d:6a:5e:d4:97:f0:d0:63:ed:23:ce:38:88: ed:2a:80:0a:0f:e7:40:a7:c2:56:d1:00:f0:b7:4d:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 04:dd:2a:7e:ae:50:c4:46:7e:9e:eb:e3:4e:59:b2:de: 4a:f2:11:b0:87:87:b2:a3:cf:cf:db:2f:b5:55:e9:03: 12:ae:04:29:c7:96:78:b0:6d:30:8f:89:53:f2:69:dc: 42:9c:82:ec:44:64:7b:7c:0b:32:de:b3:3d:be:a5:ec: e2:e7:20:78:09:49:ce:93:04:15:46:ee:0e:69:84:55: 0b:b6:61:95:f6:78:eb:62:0e:bf:3d:35:5a:b0:42:87: 44:a1:12:10:1d:df:93:11:4c:b2:d2:0b:54:68:cb:92: 97:d4:d2:ef:b1:61:8c:70:1a:35:91:55:61:df:d3:6f Fingerprint (SHA-256): 75:DD:D2:8D:0E:E4:70:E3:A9:25:AB:8C:1A:47:57:29:EB:5F:AD:0D:B5:ED:76:D1:EC:57:27:5C:E3:84:6D:6B Fingerprint (SHA1): F6:BC:47:83:C5:06:25:6E:F2:8F:AA:E7:A5:DA:EA:6A:87:AA:B6:31 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6791: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182213 (0x1ee2d545) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:37 2015 Not After : Mon May 18 22:36:37 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:eb:38:26:ec:78:0c:ee:4b:a7:e3:f5:11:41:b9:0c: 92:4a:0f:2e:80:45:21:7d:5c:57:5c:2d:c2:07:1b:91: de:a4:6e:c1:a6:45:2c:6a:79:cd:bc:51:3b:79:03:cf: b5:e9:0f:4c:4f:e4:ea:e4:e3:6a:68:f7:46:a3:5c:f5: d5:f9:ac:fb:66:3a:9a:73:68:e3:a7:6d:be:bb:2f:4e: 23:56:f7:fb:0d:9e:96:10:06:8a:bf:c2:c5:39:a1:f5: c3:04:7f:9f:be:8d:29:22:d0:ef:b2:1e:5c:bf:c9:51: 81:02:23:35:85:b3:ad:92:01:f1:43:ce:ad:0c:48:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:96:80:0a:ba:3a:7d:d4:ff:02:2e:75:70:ff:56:7c: 87:24:e1:7b:40:1e:40:e5:36:f7:d4:dc:ea:83:b8:0f: 6d:57:12:43:d4:83:a5:23:55:2c:32:ea:74:d6:d1:11: 4a:a3:97:b2:e0:7a:a3:75:17:24:60:43:ba:d5:2b:da: db:0b:6e:94:8f:0b:c6:ca:5f:ee:50:42:ef:c9:73:07: a8:12:dc:0b:0a:a8:0c:05:01:2a:4e:f1:d3:04:5a:40: d5:e5:9b:87:62:a5:6d:67:e5:72:9a:6a:c4:76:32:3a: ac:d9:8d:c9:b4:79:a4:f3:13:5e:3b:70:9b:bb:bc:36 Fingerprint (SHA-256): 2B:84:38:CC:16:26:2D:97:5C:A2:1C:AA:1E:05:60:67:AB:58:70:4D:FB:BC:66:2A:06:9E:FC:E3:D8:FD:9A:F4 Fingerprint (SHA1): EA:C6:0D:49:BC:A3:6C:FB:87:6B:9E:0B:F3:87:4E:4B:98:39:A4:B7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6792: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182213 (0x1ee2d545) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:36:37 2015 Not After : Mon May 18 22:36:37 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:eb:38:26:ec:78:0c:ee:4b:a7:e3:f5:11:41:b9:0c: 92:4a:0f:2e:80:45:21:7d:5c:57:5c:2d:c2:07:1b:91: de:a4:6e:c1:a6:45:2c:6a:79:cd:bc:51:3b:79:03:cf: b5:e9:0f:4c:4f:e4:ea:e4:e3:6a:68:f7:46:a3:5c:f5: d5:f9:ac:fb:66:3a:9a:73:68:e3:a7:6d:be:bb:2f:4e: 23:56:f7:fb:0d:9e:96:10:06:8a:bf:c2:c5:39:a1:f5: c3:04:7f:9f:be:8d:29:22:d0:ef:b2:1e:5c:bf:c9:51: 81:02:23:35:85:b3:ad:92:01:f1:43:ce:ad:0c:48:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:96:80:0a:ba:3a:7d:d4:ff:02:2e:75:70:ff:56:7c: 87:24:e1:7b:40:1e:40:e5:36:f7:d4:dc:ea:83:b8:0f: 6d:57:12:43:d4:83:a5:23:55:2c:32:ea:74:d6:d1:11: 4a:a3:97:b2:e0:7a:a3:75:17:24:60:43:ba:d5:2b:da: db:0b:6e:94:8f:0b:c6:ca:5f:ee:50:42:ef:c9:73:07: a8:12:dc:0b:0a:a8:0c:05:01:2a:4e:f1:d3:04:5a:40: d5:e5:9b:87:62:a5:6d:67:e5:72:9a:6a:c4:76:32:3a: ac:d9:8d:c9:b4:79:a4:f3:13:5e:3b:70:9b:bb:bc:36 Fingerprint (SHA-256): 2B:84:38:CC:16:26:2D:97:5C:A2:1C:AA:1E:05:60:67:AB:58:70:4D:FB:BC:66:2A:06:9E:FC:E3:D8:FD:9A:F4 Fingerprint (SHA1): EA:C6:0D:49:BC:A3:6C:FB:87:6B:9E:0B:F3:87:4E:4B:98:39:A4:B7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6793: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182214 (0x1ee2d546) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:41 2015 Not After : Mon May 18 22:36:41 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:48:7a:cd:a1:30:47:96:b5:01:48:6d:bb:66:f3:d1: bd:bf:87:e6:cd:0e:84:96:7f:ef:2f:59:08:d8:96:5d: 31:a1:d7:fd:52:3c:74:d8:b7:db:49:bd:8b:3c:48:bc: fd:f3:d2:ba:18:37:a6:b9:f9:68:f2:75:9f:ee:e5:d9: 82:bb:09:32:ee:45:b4:2c:ac:7c:3c:be:e0:be:50:a2: 40:ef:f4:c9:82:37:9a:62:2c:04:df:81:3f:ff:19:4d: 8a:72:bc:74:f1:db:6c:63:a9:06:86:3d:92:a2:39:b2: 4c:f7:2a:f3:a3:11:b8:50:90:32:0c:96:ee:58:dd:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:7d:c8:3f:ed:6a:9f:0d:a0:f7:70:a6:ed:7e:9c:b4: 46:32:8f:c7:83:e0:e8:bd:2e:70:a6:7c:c6:b8:fc:bf: c8:3b:16:af:cd:8c:20:e7:2d:72:87:ca:10:25:f7:ba: 7e:5e:99:66:19:bd:12:d5:f8:90:c9:5d:16:bf:4b:4a: 4f:62:ed:76:48:b9:ab:e5:f6:33:89:45:16:90:84:42: af:54:27:9c:31:97:c4:38:9a:7c:a2:e2:64:2a:0a:d6: c7:ae:ba:80:dc:46:36:78:c3:6d:29:54:93:8a:c5:3d: e8:e9:c6:a1:5d:63:6e:d1:77:cc:61:e9:73:90:67:48 Fingerprint (SHA-256): C0:E3:6F:CD:A0:EC:CA:7F:6C:A3:F5:56:8D:F7:33:37:79:A0:C2:10:BD:6D:1E:7F:40:1A:56:52:EB:D7:68:15 Fingerprint (SHA1): FF:61:0A:E7:59:CE:79:EF:FB:34:C6:87:BD:4E:F5:60:25:C6:0E:83 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #6794: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182214 (0x1ee2d546) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:36:41 2015 Not After : Mon May 18 22:36:41 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:48:7a:cd:a1:30:47:96:b5:01:48:6d:bb:66:f3:d1: bd:bf:87:e6:cd:0e:84:96:7f:ef:2f:59:08:d8:96:5d: 31:a1:d7:fd:52:3c:74:d8:b7:db:49:bd:8b:3c:48:bc: fd:f3:d2:ba:18:37:a6:b9:f9:68:f2:75:9f:ee:e5:d9: 82:bb:09:32:ee:45:b4:2c:ac:7c:3c:be:e0:be:50:a2: 40:ef:f4:c9:82:37:9a:62:2c:04:df:81:3f:ff:19:4d: 8a:72:bc:74:f1:db:6c:63:a9:06:86:3d:92:a2:39:b2: 4c:f7:2a:f3:a3:11:b8:50:90:32:0c:96:ee:58:dd:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:7d:c8:3f:ed:6a:9f:0d:a0:f7:70:a6:ed:7e:9c:b4: 46:32:8f:c7:83:e0:e8:bd:2e:70:a6:7c:c6:b8:fc:bf: c8:3b:16:af:cd:8c:20:e7:2d:72:87:ca:10:25:f7:ba: 7e:5e:99:66:19:bd:12:d5:f8:90:c9:5d:16:bf:4b:4a: 4f:62:ed:76:48:b9:ab:e5:f6:33:89:45:16:90:84:42: af:54:27:9c:31:97:c4:38:9a:7c:a2:e2:64:2a:0a:d6: c7:ae:ba:80:dc:46:36:78:c3:6d:29:54:93:8a:c5:3d: e8:e9:c6:a1:5d:63:6e:d1:77:cc:61:e9:73:90:67:48 Fingerprint (SHA-256): C0:E3:6F:CD:A0:EC:CA:7F:6C:A3:F5:56:8D:F7:33:37:79:A0:C2:10:BD:6D:1E:7F:40:1A:56:52:EB:D7:68:15 Fingerprint (SHA1): FF:61:0A:E7:59:CE:79:EF:FB:34:C6:87:BD:4E:F5:60:25:C6:0E:83 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #6795: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6796: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182217 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6797: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6798: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6799: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6800: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182218 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6801: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6802: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6803: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6804: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182219 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6805: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6806: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6807: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6808: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 518182220 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6809: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6810: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6811: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6812: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 518182221 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6813: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6814: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6815: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6816: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 518182222 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6817: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6818: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #6819: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6820: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 518182223 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6821: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6822: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6823: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #6824: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #6825: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6826: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #6827: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182217 (0x1ee2d549) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:07 2015 Not After : Mon May 18 22:37:07 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:40:7d:7b:40:5a:f3:43:6e:bb:48:fd:cd:b7:84:d9: 10:6a:20:4e:c8:81:6d:0c:1e:3a:9a:57:90:6c:6a:45: f4:f0:3a:ad:e4:f3:73:fa:0d:61:8f:9a:57:72:06:3f: cf:41:52:11:4d:78:02:7f:92:11:ce:1d:e6:f0:ad:45: 18:c1:2e:81:37:41:20:c7:b9:5e:11:2d:db:8c:cd:64: 66:9a:6c:ae:67:02:d8:cb:1a:a0:70:1f:33:71:0e:27: 84:b2:a3:54:ba:08:f2:af:a3:66:cd:dc:8b:18:cd:47: 00:49:41:53:c1:67:a5:32:bc:7b:6a:d9:17:5c:8c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 77:10:40:6b:32:67:1c:6d:77:07:d8:d1:39:17:17:ee: 41:91:e3:c9:8d:07:92:8a:92:f9:27:1e:5e:dc:f9:32: 62:3e:e8:7a:b2:f3:51:cb:0a:9f:b7:7a:b9:b0:35:66: 55:fa:7c:33:59:9b:29:38:5a:77:27:ed:0d:ee:b2:cd: 65:45:84:31:b6:a0:35:f6:25:85:77:5e:31:7f:16:92: 2a:d8:e7:51:a9:9e:2a:1c:c5:cd:03:ff:03:86:78:d3: 81:1d:c3:37:a8:d5:be:9b:2f:ef:c5:b7:96:c7:84:a7: e0:97:b9:1c:59:30:d0:b1:ec:01:ac:92:a7:43:12:eb Fingerprint (SHA-256): 75:54:7D:B2:49:DF:4A:BA:6B:7F:DB:5E:17:38:4A:B0:AD:CE:4C:EB:AB:64:94:1B:11:8A:1D:14:B5:55:CF:F6 Fingerprint (SHA1): 95:AA:3F:59:B5:AE:EF:08:CB:7F:CC:13:7E:5F:60:8A:C4:F8:E4:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6828: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6829: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6830: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6831: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182217 (0x1ee2d549) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:07 2015 Not After : Mon May 18 22:37:07 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:40:7d:7b:40:5a:f3:43:6e:bb:48:fd:cd:b7:84:d9: 10:6a:20:4e:c8:81:6d:0c:1e:3a:9a:57:90:6c:6a:45: f4:f0:3a:ad:e4:f3:73:fa:0d:61:8f:9a:57:72:06:3f: cf:41:52:11:4d:78:02:7f:92:11:ce:1d:e6:f0:ad:45: 18:c1:2e:81:37:41:20:c7:b9:5e:11:2d:db:8c:cd:64: 66:9a:6c:ae:67:02:d8:cb:1a:a0:70:1f:33:71:0e:27: 84:b2:a3:54:ba:08:f2:af:a3:66:cd:dc:8b:18:cd:47: 00:49:41:53:c1:67:a5:32:bc:7b:6a:d9:17:5c:8c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 77:10:40:6b:32:67:1c:6d:77:07:d8:d1:39:17:17:ee: 41:91:e3:c9:8d:07:92:8a:92:f9:27:1e:5e:dc:f9:32: 62:3e:e8:7a:b2:f3:51:cb:0a:9f:b7:7a:b9:b0:35:66: 55:fa:7c:33:59:9b:29:38:5a:77:27:ed:0d:ee:b2:cd: 65:45:84:31:b6:a0:35:f6:25:85:77:5e:31:7f:16:92: 2a:d8:e7:51:a9:9e:2a:1c:c5:cd:03:ff:03:86:78:d3: 81:1d:c3:37:a8:d5:be:9b:2f:ef:c5:b7:96:c7:84:a7: e0:97:b9:1c:59:30:d0:b1:ec:01:ac:92:a7:43:12:eb Fingerprint (SHA-256): 75:54:7D:B2:49:DF:4A:BA:6B:7F:DB:5E:17:38:4A:B0:AD:CE:4C:EB:AB:64:94:1B:11:8A:1D:14:B5:55:CF:F6 Fingerprint (SHA1): 95:AA:3F:59:B5:AE:EF:08:CB:7F:CC:13:7E:5F:60:8A:C4:F8:E4:46 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6832: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6833: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6834: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182224 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6835: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6836: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6837: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6838: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182225 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6839: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6840: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #6841: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6842: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 518182226 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6843: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6844: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #6845: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6846: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 518182227 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6847: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6848: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6849: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6850: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 518182228 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6851: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6852: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #6853: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6854: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 518182229 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6855: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6856: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #6857: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6858: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 518182230 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6859: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6860: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6861: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6862: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 518182231 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6863: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6864: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #6865: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6866: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 518182232 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6867: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6868: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #6869: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6870: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 518182233 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6871: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6872: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6873: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6874: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 518182234 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6875: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6876: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #6877: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6878: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 518182235 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6879: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6880: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #6881: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6882: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 518182236 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6883: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6884: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6885: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6886: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 518182237 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6887: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6888: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #6889: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6890: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 518182238 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6891: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6892: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #6893: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6894: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 518182239 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6895: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6896: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #6897: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6898: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 518182240 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6899: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6900: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #6901: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6902: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 518182241 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6903: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6904: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #6905: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6906: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 518182242 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6907: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6908: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #6909: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6910: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 518182243 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6911: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6912: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #6913: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6914: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 518182244 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6915: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6916: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #6917: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6918: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 518182245 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6919: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6920: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #6921: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6922: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 518182246 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6923: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6924: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #6925: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6926: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 518182247 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6927: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6928: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #6929: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6930: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 518182248 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6931: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6932: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #6933: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6934: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 518182249 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6935: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6936: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #6937: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6938: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 518182250 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6939: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6940: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #6941: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6942: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 518182251 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6943: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6944: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #6945: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6946: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 518182252 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6947: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6948: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #6949: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6950: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 518182253 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6951: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6952: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6953: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6954: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6955: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6956: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6957: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6958: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6959: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6960: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6961: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6962: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6963: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6964: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6965: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6966: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6967: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6968: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6969: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6970: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6971: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6972: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6973: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6974: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6975: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182224 (0x1ee2d550) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:37:40 2015 Not After : Mon May 18 22:37:40 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e7:18:f9:15:ae:82:74:22:02:5c:c9:cb:1b:91:54: 7e:86:a5:97:5a:00:8a:75:89:e3:07:26:2b:38:90:b8: b7:7b:60:a7:d4:ea:2e:81:1e:5c:f1:e2:d1:9a:ce:89: a6:97:66:f2:c5:c2:c3:95:83:59:40:cf:2b:93:9a:71: 65:b8:74:91:b4:38:55:9c:05:47:71:28:f0:16:a5:4b: ef:58:33:60:4a:2a:56:55:3a:3d:91:cd:8e:f3:ee:5f: ca:44:31:7d:19:1d:7c:51:0c:d3:a0:ea:34:ef:73:23: 6f:c7:95:60:33:59:12:6e:65:d1:04:16:b3:83:99:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:e7:19:16:80:f3:42:86:10:87:10:1a:f7:9a:c0:05: 7e:16:9c:3d:57:77:4d:32:f7:04:d4:1f:dc:d8:6e:46: 4d:b7:38:04:51:f7:1a:d2:0b:be:e6:a1:32:ab:f6:c5: e8:a7:86:c7:68:68:eb:ad:de:80:46:b7:ff:df:97:40: a3:a8:31:52:13:c0:bc:13:8a:f0:54:10:2d:9a:6d:8f: 32:ab:3b:8d:94:65:96:75:c8:4c:14:42:1b:f0:bc:38: 97:b2:5b:6b:e8:0a:7c:cb:23:02:57:a7:01:8e:26:b4: 9e:65:4b:16:e9:29:1f:3e:ad:1b:09:58:2c:55:8e:44 Fingerprint (SHA-256): 52:F4:CD:ED:1C:1E:EE:42:CC:EE:5E:55:95:35:DC:97:A8:3A:57:97:49:0F:27:F5:C1:E6:14:F8:45:19:9D:82 Fingerprint (SHA1): 2D:74:72:B5:82:18:65:EC:8D:25:B9:A9:AB:98:DC:84:B9:E3:92:3B Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6976: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6977: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6978: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182254 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6979: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6980: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #6981: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6982: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 518182255 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6983: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6984: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #6985: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6986: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 518182256 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6987: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6988: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #6989: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6990: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 518182257 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6991: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6992: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #6993: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6994: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 518182258 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6995: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6996: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #6997: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6998: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 518182259 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6999: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7000: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #7001: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7002: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 518182260 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7003: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7004: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7005: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182254 (0x1ee2d56e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:39:59 2015 Not After : Mon May 18 22:39:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:a3:a6:4d:40:a0:c6:46:b0:67:9b:10:4a:53:61:b6: c0:13:e5:f8:31:16:cb:2b:64:ba:18:2c:d7:1b:6b:7f: 45:d8:5c:3b:70:ca:b9:38:37:dd:a5:cd:e3:91:d0:16: 5d:5f:e5:4d:1a:e1:c4:e6:02:b3:cb:30:89:9a:52:e9: 23:99:d8:cb:bc:ef:60:0a:25:da:2e:60:b3:97:e2:dc: 7b:fe:54:16:c9:43:43:a2:e2:49:86:72:06:68:70:ef: 9e:eb:d7:97:78:41:bd:67:b5:c3:87:d4:f7:b0:04:c0: 18:af:7d:c4:0c:03:43:20:fc:56:cc:33:77:43:9c:39 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:0c:90:d1:27:4c:c4:e9:e8:67:c7:f8:e9:06:30:20: 20:30:a6:18:80:ce:55:b6:ed:d0:9f:cc:75:b0:19:b7: c2:e3:f7:84:77:27:fc:24:9c:92:2a:70:41:76:5d:25: 11:30:ac:00:62:9d:27:f6:f5:70:d5:0c:31:28:8a:23: b8:98:75:14:12:f6:b0:32:35:fe:2d:c5:54:58:f0:49: cf:ae:65:52:24:9d:17:f4:d3:75:76:8b:48:77:fe:0b: 81:51:90:2d:02:91:64:99:70:24:48:f0:17:8e:cd:46: 7d:d8:47:82:14:c8:d5:e0:5b:cc:79:9f:0a:3d:38:d3 Fingerprint (SHA-256): C6:8A:75:4F:19:8C:05:FF:6E:26:25:F8:DE:83:B0:56:EF:9B:38:15:E0:05:BF:B3:BE:7D:1D:B3:6E:DB:83:D2 Fingerprint (SHA1): 93:6E:20:FF:F4:B1:21:C5:A2:D1:D0:6C:F9:45:7B:F8:83:02:C8:14 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #7006: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7007: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7008: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7009: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182254 (0x1ee2d56e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:39:59 2015 Not After : Mon May 18 22:39:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:a3:a6:4d:40:a0:c6:46:b0:67:9b:10:4a:53:61:b6: c0:13:e5:f8:31:16:cb:2b:64:ba:18:2c:d7:1b:6b:7f: 45:d8:5c:3b:70:ca:b9:38:37:dd:a5:cd:e3:91:d0:16: 5d:5f:e5:4d:1a:e1:c4:e6:02:b3:cb:30:89:9a:52:e9: 23:99:d8:cb:bc:ef:60:0a:25:da:2e:60:b3:97:e2:dc: 7b:fe:54:16:c9:43:43:a2:e2:49:86:72:06:68:70:ef: 9e:eb:d7:97:78:41:bd:67:b5:c3:87:d4:f7:b0:04:c0: 18:af:7d:c4:0c:03:43:20:fc:56:cc:33:77:43:9c:39 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:0c:90:d1:27:4c:c4:e9:e8:67:c7:f8:e9:06:30:20: 20:30:a6:18:80:ce:55:b6:ed:d0:9f:cc:75:b0:19:b7: c2:e3:f7:84:77:27:fc:24:9c:92:2a:70:41:76:5d:25: 11:30:ac:00:62:9d:27:f6:f5:70:d5:0c:31:28:8a:23: b8:98:75:14:12:f6:b0:32:35:fe:2d:c5:54:58:f0:49: cf:ae:65:52:24:9d:17:f4:d3:75:76:8b:48:77:fe:0b: 81:51:90:2d:02:91:64:99:70:24:48:f0:17:8e:cd:46: 7d:d8:47:82:14:c8:d5:e0:5b:cc:79:9f:0a:3d:38:d3 Fingerprint (SHA-256): C6:8A:75:4F:19:8C:05:FF:6E:26:25:F8:DE:83:B0:56:EF:9B:38:15:E0:05:BF:B3:BE:7D:1D:B3:6E:DB:83:D2 Fingerprint (SHA1): 93:6E:20:FF:F4:B1:21:C5:A2:D1:D0:6C:F9:45:7B:F8:83:02:C8:14 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #7010: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7011: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7012: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7013: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182261 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7014: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7015: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7016: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7017: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182262 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7018: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7019: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7020: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7021: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182263 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7022: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7023: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7024: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7025: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182264 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7026: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7027: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7028: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7029: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #7030: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #7031: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182261 (0x1ee2d575) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:40:29 2015 Not After : Mon May 18 22:40:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:0d:94:ab:d0:3e:bf:c0:b8:61:97:13:bd:cb:81:de: 6d:ba:ec:11:89:3d:37:aa:3a:3c:b6:46:a0:c0:95:92: 3a:a2:c3:4b:4f:c4:f3:f4:9b:b0:fc:8c:dd:79:c3:96: 5d:f4:4f:fd:8e:1e:49:6d:d0:1d:ac:af:3f:30:f9:d1: 5c:03:d6:e6:de:6d:04:a3:8c:5f:af:37:4b:15:95:eb: 2b:92:57:1d:f3:27:72:00:81:a0:a7:51:0b:26:6c:13: 36:ab:22:fb:39:4b:fc:81:dc:5f:34:44:e0:fb:fa:f0: 98:c0:db:5f:34:57:7e:5b:5b:23:ec:9a:53:eb:da:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:2e:59:53:11:6c:ed:64:6e:90:0c:7d:78:22:f0:c5: f2:8c:61:27:88:23:c8:3b:cd:aa:68:ba:49:2f:6c:27: 9d:ed:2b:c4:d0:32:fa:fb:68:38:ab:9f:16:6d:3d:ed: 6a:7a:09:78:bc:51:20:6b:8a:84:29:46:19:b1:61:a7: 45:b7:b2:17:16:a5:5e:cb:e9:d8:b4:4c:ff:75:0f:fe: 9b:36:b2:bb:65:06:fa:84:1a:a5:f1:e1:69:30:dd:da: 85:07:cd:d3:06:c8:79:ff:28:31:81:1b:6a:9b:e0:60: 32:ac:55:f3:2c:ae:82:ca:a2:99:cc:04:56:42:5a:19 Fingerprint (SHA-256): 85:F6:E1:41:DE:6C:33:22:F7:15:C6:60:5F:0B:4C:69:CF:07:2A:77:3D:F2:8F:D4:8F:99:D1:39:32:56:09:F2 Fingerprint (SHA1): 8D:C4:89:B3:43:11:12:30:55:BB:F5:49:97:5C:33:0B:86:9C:38:A8 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7032: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7033: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7034: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182262 (0x1ee2d576) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:40:33 2015 Not After : Mon May 18 22:40:33 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:61:c3:eb:77:ca:ef:6e:bd:f3:32:d5:cf:c9:6d:8e: 17:43:eb:57:59:32:b2:e2:ee:bd:34:cd:98:98:e2:2d: 65:74:0e:6b:2e:57:04:65:52:d2:f8:cd:45:05:f1:9b: cb:4d:5a:67:4a:d4:8d:e1:bf:49:ff:d2:e7:a3:91:74: a3:c5:1b:8c:36:8c:77:4a:e9:81:11:88:28:f7:a3:1b: 41:aa:82:7c:3d:be:5a:d6:aa:f4:04:12:16:2b:75:6a: 0d:7f:40:4c:8a:5f:47:95:97:aa:e3:4a:d6:e6:26:77: 67:a0:a0:3b:4a:fc:50:45:19:6a:e3:a5:15:39:52:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 12:a1:b2:42:da:9c:6f:cf:40:dd:36:98:f7:80:5d:bb: 07:68:fc:3c:91:06:7e:dc:85:cf:2f:7a:5c:72:49:1b: 27:ba:00:55:2b:d6:dc:b8:00:e6:09:82:5a:fd:30:f9: 06:6f:ef:15:64:b6:b7:a5:bb:7b:ed:b0:e9:3d:db:f9: 3b:ad:e1:9f:99:6f:d0:47:3b:a5:e3:de:ff:92:87:ac: 75:aa:d3:5d:28:d0:b5:a6:59:50:9f:4f:ef:22:5e:fa: be:81:b7:cf:f2:d1:a4:8f:c3:c1:8a:7a:dc:a5:2d:c2: fa:73:39:b4:d0:44:83:be:02:22:25:e6:51:5e:7c:d3 Fingerprint (SHA-256): BE:61:43:B8:E3:35:FC:05:28:48:C1:AC:E1:F6:0C:23:19:CC:36:1D:2E:1E:9A:D8:15:46:73:FE:60:BE:F8:94 Fingerprint (SHA1): CE:18:9F:59:71:90:CE:37:DF:42:F1:5E:1C:15:CE:57:6D:1A:88:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7035: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7036: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182263 (0x1ee2d577) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:40:36 2015 Not After : Mon May 18 22:40:36 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:42:f1:37:d7:c9:c1:9a:2b:f6:58:e1:7d:5a:9a:7b: 41:f1:33:77:ae:8b:28:39:5d:19:c5:d2:19:15:69:e1: 0c:97:36:28:79:f8:72:8c:81:e7:bc:39:88:17:2e:84: d6:e5:59:68:0f:c3:ae:8a:70:42:26:9a:5b:92:ee:b7: f9:29:a1:33:56:2d:60:8f:a3:73:08:da:03:84:d7:e5: 9b:80:77:62:0c:f0:54:bd:0a:ee:39:81:b0:4c:9e:ce: d6:f6:9e:25:3d:25:7e:e2:d7:b9:d8:8b:fa:33:ca:25: cf:6c:fb:bb:e8:1e:a0:bc:cf:76:d6:e8:37:85:fe:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 70:ee:b3:0c:3e:d2:86:e4:17:ad:e3:33:55:0d:5a:f6: 40:e9:9e:56:a9:b3:b6:d3:fa:d5:0e:d9:d0:7e:b6:88: 91:d4:85:e4:61:ed:75:76:60:33:6c:64:f3:4e:16:84: 3e:5e:3f:cb:db:09:33:f5:a3:79:f3:b9:40:7d:31:41: 94:33:75:d0:3c:d1:fa:de:72:07:93:3c:01:18:c6:ae: e4:86:61:f1:69:57:30:cb:f6:8a:f0:2a:33:bc:95:ee: 1c:f5:4d:d8:30:07:3d:61:75:a0:26:45:de:66:02:97: 63:65:35:17:15:9a:bd:34:2d:03:ec:36:d7:80:7f:bd Fingerprint (SHA-256): 49:AE:F7:B9:A4:C0:F5:62:A2:19:42:D6:32:EA:BA:E1:DE:E3:28:14:F9:DC:F4:1A:DB:C7:A1:72:9D:85:48:87 Fingerprint (SHA1): BA:E8:7F:6E:8A:34:FD:7B:BF:E2:4C:79:9B:01:47:A6:0D:D2:E7:44 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #7037: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7038: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182265 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7039: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7040: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7041: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7042: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182266 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7043: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7044: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7045: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7046: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182267 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7047: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7048: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #7049: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7050: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 518182268 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7051: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7052: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7053: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7054: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 518182269 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7055: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7056: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7057: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7058: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #7059: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #7060: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #7061: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182265 (0x1ee2d579) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:40:50 2015 Not After : Mon May 18 22:40:50 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:1b:85:fd:f5:08:73:7b:ec:f9:92:a0:10:f1:bb:9a: 93:a0:6e:c6:f4:9c:61:32:b5:59:63:6e:66:fb:3f:ac: ee:0e:a7:4d:96:a0:f0:c3:cf:78:53:c1:8d:8d:3a:14: 9b:18:c5:37:b0:cb:af:a2:de:c5:10:cb:0e:a4:a5:bc: 6a:7f:85:c0:a0:aa:1c:2c:0c:d9:79:2e:aa:8c:c1:c8: 6a:7a:f8:3d:43:f2:12:70:2f:6d:b9:3f:ff:f1:3f:80: 11:00:72:35:78:59:c2:3d:fe:76:fb:06:8c:df:bc:36: fb:88:d2:7e:c2:08:9f:bc:c3:88:47:29:7d:16:03:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 27:e2:ca:4e:97:60:f6:2e:96:f5:7a:e2:45:ac:0b:af: 4d:54:12:77:06:c4:06:73:0e:09:85:3d:cd:7a:f3:97: f8:a7:4b:35:87:d3:d6:02:6b:0c:f9:64:a6:04:c1:55: 35:e2:fa:ba:fb:4a:ab:17:5f:da:48:67:5e:d4:37:46: f4:5f:69:49:03:a8:e7:02:29:65:95:d9:c0:39:54:cd: 31:9e:67:20:40:37:f9:49:2c:d6:38:a3:f2:31:fa:c6: 1c:22:6d:bf:95:65:44:ea:00:ea:16:0c:02:97:51:ee: c0:ef:44:80:bc:80:f0:7c:67:b8:17:59:9d:d5:ca:86 Fingerprint (SHA-256): 95:BE:C8:9F:EE:DD:66:10:B9:1A:43:FA:D6:C8:25:F2:8B:BB:24:BF:E8:CB:16:C5:2F:C8:9C:5C:9C:72:F4:35 Fingerprint (SHA1): 17:48:C1:DD:B1:87:E2:66:89:B3:A2:E6:4E:F0:59:34:16:9D:DA:8F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7062: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7063: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182266 (0x1ee2d57a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:40:53 2015 Not After : Mon May 18 22:40:53 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:d9:b2:fe:3b:a8:60:8f:b7:91:6f:ce:12:0e:da:23: 94:e9:a9:41:5b:9d:ae:58:3d:b8:eb:a2:a6:1a:2d:cd: 20:1d:da:a8:d5:bd:d5:6f:52:8c:5e:cb:45:06:d0:1c: 6b:a1:25:2f:e3:2e:61:4e:8a:d5:f9:9e:30:08:47:97: c5:24:7f:c4:0a:e7:04:2b:1e:5f:38:f4:c5:6c:f6:81: d7:fb:88:bf:01:76:1d:04:14:bd:77:eb:0c:c0:41:93: 2d:4c:dd:54:1c:15:76:4c:00:58:48:94:72:d6:0c:6a: 05:eb:28:7d:7d:e9:84:0a:5b:0b:06:cd:f9:3c:aa:55 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a4:42:69:48:09:e9:84:ae:2d:f9:6b:98:61:7f:fa:f2: 55:fd:43:a3:e3:ac:d9:d1:b1:20:6b:5f:82:20:23:b7: 22:bd:62:90:0d:e7:e5:dc:6b:df:04:cf:16:e6:01:5e: da:9e:81:69:c3:8d:1d:88:55:a4:98:40:48:a3:23:47: ea:c4:90:e3:63:97:95:37:18:74:0a:6d:b0:d0:c6:05: 1c:3f:2d:62:9e:f9:ba:cb:be:1a:10:2a:a4:e8:f1:b3: 48:ed:97:06:8a:a8:25:83:f9:90:16:7c:2f:1f:96:68: 31:0b:4b:e4:60:7d:bb:34:b6:a3:62:d6:82:dd:e0:70 Fingerprint (SHA-256): 57:01:45:3B:8A:67:E2:DD:6F:F6:27:E9:04:D7:8C:8D:9F:5F:F6:42:B4:99:DA:A8:8F:1D:B9:74:C5:1B:E7:A5 Fingerprint (SHA1): 4D:52:F2:E0:64:4C:0E:E0:1A:31:F9:C8:FC:F0:C4:3F:62:03:74:2A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7064: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7065: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7066: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182267 (0x1ee2d57b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:40:58 2015 Not After : Mon May 18 22:40:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:d2:fc:50:1b:14:98:1d:11:92:bc:dd:5d:66:02:df: f2:e8:1d:89:92:e5:16:89:be:15:f0:48:f3:4d:95:d1: e8:cf:3d:32:21:ca:df:33:95:2d:9c:e5:7d:2c:fe:57: fa:94:58:f5:ab:10:bb:36:63:1d:45:c2:e9:b6:b8:26: f1:bb:d9:91:f2:0f:e6:e5:f6:ae:e9:79:bf:28:ea:c4: aa:d5:b1:8a:96:b4:5e:3f:48:d1:9a:a4:ef:c2:ea:02: 6f:fe:2e:e8:bf:7d:d7:f2:b7:72:7c:80:21:d5:8f:78: 4a:01:a5:16:6e:54:60:df:89:db:1d:65:e7:41:90:1d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:7e:15:c3:9e:c4:98:59:94:b9:44:da:9a:63:af:6a: dd:b6:51:46:8c:ce:7c:d2:41:80:ac:73:0f:74:91:d1: ee:ab:8e:92:70:ee:0e:17:f4:d0:dc:77:a7:41:d7:5f: 35:cd:a9:52:01:29:d4:ff:6f:35:f8:81:97:e6:90:ee: e6:b9:3a:7d:35:97:3c:8f:25:57:07:ab:1c:ab:bb:fb: 3a:c5:86:0e:92:ab:f0:7d:14:1b:66:42:84:07:40:90: 88:70:62:13:91:35:69:e6:0e:0f:7a:a6:a5:22:20:0b: 7c:e4:6f:7f:74:33:67:c3:09:59:5b:fa:6d:f1:40:30 Fingerprint (SHA-256): 26:7E:FA:C3:71:03:00:5A:D4:05:AE:FD:14:1F:6A:78:20:CF:5C:C2:2E:BC:82:37:B9:9B:31:56:94:07:D9:9D Fingerprint (SHA1): 87:35:6D:86:A1:F4:95:A8:BA:F1:B2:7F:DA:93:C0:62:56:99:84:B5 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #7067: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7068: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182270 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7069: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7070: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7071: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7072: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182271 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7073: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7074: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7075: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7076: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182272 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA1Root-518182049.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7077: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7078: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7079: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7080: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 518182273 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7081: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7082: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #7083: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182270 (0x1ee2d57e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:41:16 2015 Not After : Mon May 18 22:41:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:c8:8a:0c:18:e5:b1:e7:c1:fe:f8:75:ad:c2:a1:b6: 25:df:4b:93:6c:e5:89:33:62:ca:de:56:92:69:17:34: fe:84:a8:33:b4:12:ae:de:ed:fe:81:52:43:ee:61:fa: e7:a4:c3:23:24:a6:c6:15:62:0b:d7:d3:b8:bb:61:d7: 6d:16:c7:c9:e4:ba:16:0c:dc:8e:a8:59:9c:9d:c8:6d: 85:a6:4b:3e:a0:3d:a3:e2:0c:bb:04:60:1a:6f:ea:57: 8e:59:4c:ab:d9:03:87:ed:94:1a:d1:42:3c:8f:c4:ac: 80:db:96:55:a9:bc:37:a5:cc:ef:5a:65:2c:62:8c:af Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:c1:7c:cd:4f:3b:23:be:cc:9a:7e:05:9c:98:d2:78: 81:22:90:31:2e:2b:eb:2d:74:77:ee:28:76:b8:e7:d3: 2f:f3:99:e7:10:9a:20:7c:7b:f8:21:cd:9d:78:29:fd: e7:48:c2:25:27:54:cf:e0:75:a5:9a:66:6f:41:f7:a2: 1e:13:b3:8c:61:48:35:83:9f:db:75:2b:3b:8a:71:c7: a2:9e:76:d3:76:85:2f:2b:98:24:fc:0e:aa:96:f7:ea: 3d:18:b5:fe:8c:3a:9d:34:04:4f:73:ec:16:c2:d5:c1: 63:7f:bf:b4:84:f7:c7:e6:d2:58:c3:c6:b0:fa:77:97 Fingerprint (SHA-256): CC:33:91:A7:EA:DC:2B:90:DD:B9:CC:AE:16:58:08:78:91:63:B3:FE:94:FE:19:D2:D4:A4:52:0C:FB:40:F4:87 Fingerprint (SHA1): A4:1A:3B:A6:02:CE:23:01:19:23:F6:70:2A:89:C3:FF:03:EB:14:FE Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7084: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7085: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182274 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7086: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7087: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7088: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182275 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7089: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7090: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7091: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7092: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182276 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7093: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7094: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182277 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7095: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7096: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #7097: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7098: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7099: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182278 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518182050.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7100: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7101: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7102: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7103: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182279 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7104: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7105: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #7106: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182274 (0x1ee2d582) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:41:32 2015 Not After : Mon May 18 22:41:32 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:f8:b1:88:04:6d:dd:11:45:30:6c:fe:2b:47:ce:45: ba:c7:00:8d:89:29:53:31:80:5d:24:99:9d:12:40:3b: 19:c8:49:45:51:68:87:10:02:00:3e:95:24:f2:b6:23: 79:ee:82:b6:8d:38:c1:ca:67:1a:d2:a9:bb:5a:0d:1a: 94:ff:2f:be:21:0b:84:36:41:a0:21:ae:78:2b:36:52: 12:3b:88:1a:24:0d:c8:d7:67:2e:81:15:c8:69:c2:cd: 61:9a:82:e2:71:dc:f8:77:f3:b8:2b:f7:7e:3b:ef:de: f2:0a:19:d6:28:71:ba:c1:52:eb:6f:07:0e:ef:8c:07 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 82:da:4f:9c:c3:19:3e:0d:30:af:b5:51:a4:fd:60:71: c3:17:50:e6:9c:96:97:bd:b9:c0:17:39:e1:86:d2:2f: 80:48:ca:50:6d:9c:0e:23:59:61:31:d9:62:55:3f:20: e8:59:0f:51:23:cb:85:77:90:72:3b:09:5e:b8:bc:7f: bc:34:c9:62:19:e8:db:0a:87:62:88:d8:2e:a3:3c:a0: b1:ca:a4:67:1c:e6:15:a9:56:aa:c7:5e:d8:1c:45:cb: 84:4b:0e:20:6e:ac:46:df:6b:ee:fc:a1:a3:88:a9:b7: e3:f4:9b:de:85:ac:5c:7c:55:40:08:10:f6:df:dc:2b Fingerprint (SHA-256): B8:36:A7:DB:47:E0:98:08:10:89:CB:8E:1A:B6:D1:AC:4B:06:2A:A6:FC:5A:38:8D:C0:30:44:3E:B4:C3:7C:04 Fingerprint (SHA1): 86:14:57:74:63:3F:D2:02:6D:B5:F3:53:02:51:D0:6B:11:63:5A:7F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7107: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182275 (0x1ee2d583) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:41:36 2015 Not After : Mon May 18 22:41:36 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:b9:19:5c:c0:f5:65:ba:62:50:6e:87:49:50:75:99: b1:14:19:00:07:66:35:8b:93:58:c7:f7:33:c1:2c:4c: 2f:98:ca:d2:ce:c3:3c:72:c7:06:70:17:93:74:b2:72: 20:fb:26:1c:a7:56:3c:a9:c9:cf:c1:86:b3:6c:02:2e: b4:f6:b3:6e:4b:74:3c:70:d7:89:f6:5e:ac:6d:83:7d: 43:da:ee:fc:d5:1d:0a:1a:78:89:4b:16:7f:27:bf:f6: 08:0d:21:aa:65:dc:0f:80:5f:79:d7:1a:66:f1:75:15: 46:26:11:c5:80:4a:5e:73:07:ba:30:92:27:de:f8:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:89:45:dc:b7:56:72:f8:b9:2c:6f:63:de:62:e4:de: a1:a5:02:6e:3c:7c:c6:76:33:15:63:cb:15:b8:0e:1a: 9f:88:ef:dc:c9:7a:84:b6:63:fc:4b:9c:8d:89:a2:3c: b1:b6:ea:e9:c4:35:21:07:17:20:3e:79:2b:57:8d:3a: 5d:99:eb:92:38:e5:82:98:ea:1a:29:21:6e:96:9b:5c: e6:00:40:e4:0c:33:4d:58:e0:ba:56:70:71:c7:c2:54: 08:df:06:d8:d0:37:1a:52:78:d9:28:e2:ad:93:6b:ca: ce:dc:ba:db:52:f7:ec:74:1c:e7:91:a7:ae:cd:a5:6f Fingerprint (SHA-256): C9:71:BE:F3:94:6B:31:3F:85:A6:2F:A4:02:A2:1D:06:34:21:E8:FF:01:AA:94:82:D0:07:80:2F:B7:B4:86:EB Fingerprint (SHA1): 36:E8:7A:97:48:3F:E0:74:0B:26:69:8D:EB:83:B6:69:6A:E2:00:E4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7108: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182275 (0x1ee2d583) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:41:36 2015 Not After : Mon May 18 22:41:36 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:b9:19:5c:c0:f5:65:ba:62:50:6e:87:49:50:75:99: b1:14:19:00:07:66:35:8b:93:58:c7:f7:33:c1:2c:4c: 2f:98:ca:d2:ce:c3:3c:72:c7:06:70:17:93:74:b2:72: 20:fb:26:1c:a7:56:3c:a9:c9:cf:c1:86:b3:6c:02:2e: b4:f6:b3:6e:4b:74:3c:70:d7:89:f6:5e:ac:6d:83:7d: 43:da:ee:fc:d5:1d:0a:1a:78:89:4b:16:7f:27:bf:f6: 08:0d:21:aa:65:dc:0f:80:5f:79:d7:1a:66:f1:75:15: 46:26:11:c5:80:4a:5e:73:07:ba:30:92:27:de:f8:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:89:45:dc:b7:56:72:f8:b9:2c:6f:63:de:62:e4:de: a1:a5:02:6e:3c:7c:c6:76:33:15:63:cb:15:b8:0e:1a: 9f:88:ef:dc:c9:7a:84:b6:63:fc:4b:9c:8d:89:a2:3c: b1:b6:ea:e9:c4:35:21:07:17:20:3e:79:2b:57:8d:3a: 5d:99:eb:92:38:e5:82:98:ea:1a:29:21:6e:96:9b:5c: e6:00:40:e4:0c:33:4d:58:e0:ba:56:70:71:c7:c2:54: 08:df:06:d8:d0:37:1a:52:78:d9:28:e2:ad:93:6b:ca: ce:dc:ba:db:52:f7:ec:74:1c:e7:91:a7:ae:cd:a5:6f Fingerprint (SHA-256): C9:71:BE:F3:94:6B:31:3F:85:A6:2F:A4:02:A2:1D:06:34:21:E8:FF:01:AA:94:82:D0:07:80:2F:B7:B4:86:EB Fingerprint (SHA1): 36:E8:7A:97:48:3F:E0:74:0B:26:69:8D:EB:83:B6:69:6A:E2:00:E4 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7109: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7110: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182280 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7111: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7112: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7113: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182281 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7114: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7115: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7116: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7117: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 518182282 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7118: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7119: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 518182283 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7120: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7121: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #7122: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7123: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7124: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182284 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-Bridge-518182051.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7125: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7126: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7127: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7128: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182285 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7129: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7130: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7131: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7132: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518182286 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-BridgeNavy-518182052.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7133: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7134: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7135: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7136: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182287 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7137: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7138: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #7139: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182280 (0x1ee2d588) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:41:57 2015 Not After : Mon May 18 22:41:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:99:16:24:8d:9d:2b:f2:e5:c6:18:8d:2d:d5:13:8a: db:53:7a:84:1c:4c:ef:02:7a:49:32:f1:ac:68:4e:1c: 9f:b1:84:09:78:cd:d0:0f:b1:01:f2:c6:9d:17:87:a4: a6:29:e5:b2:bd:8a:71:ca:65:9f:90:3d:5b:69:ae:72: 7c:ba:d2:77:64:da:79:3e:fb:2e:ac:dd:cf:c7:1a:04: cc:50:56:85:6b:a4:df:4d:fd:f5:29:f5:8c:9e:fb:d7: 70:48:b1:ce:8a:bd:13:d1:5a:6f:ba:c9:21:b0:4f:5d: c2:7a:89:c9:48:40:c6:d1:77:2d:3c:0e:16:7e:1a:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:5a:21:2b:31:a7:82:6b:f0:5b:aa:33:5b:2b:21:77: 66:aa:4d:60:5e:6a:af:64:48:b7:7b:0a:f0:d8:12:b0: 16:dd:3f:79:b8:2b:61:d5:4e:bd:5b:94:f1:44:5e:1c: 3e:17:f2:ae:fb:cb:b7:19:49:23:ea:90:e0:43:96:a3: 06:05:2e:94:4c:77:20:4d:f8:93:56:f3:c8:40:1b:1d: fc:cf:bf:aa:be:54:bf:aa:4c:e0:32:1c:a4:0d:29:40: da:a8:df:e9:f9:de:69:1d:28:50:6a:d8:23:5f:de:4a: 14:b8:48:f0:ac:5b:26:10:c3:a0:f5:b0:3a:4c:b7:2b Fingerprint (SHA-256): 69:F2:6B:2E:CE:F4:39:04:DB:C5:C7:06:6A:27:ED:F9:FB:B4:64:D1:5C:71:06:A2:DE:BF:86:78:CD:32:F0:87 Fingerprint (SHA1): 0F:15:77:BA:F2:0B:43:4F:E4:C1:20:5E:8D:9C:F8:B7:7A:C7:90:C2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7140: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182281 (0x1ee2d589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:42:01 2015 Not After : Mon May 18 22:42:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b0:bd:8a:fd:86:31:25:ef:cb:b1:1b:fe:69:85:dd: 76:71:b0:a1:a0:88:65:e8:ac:23:ca:c8:ba:84:98:44: 27:f0:79:a9:9b:bc:6e:17:90:36:17:46:1e:c0:8c:a8: 67:63:16:39:03:a0:a5:28:df:48:b1:80:14:eb:61:6c: 09:9d:89:2b:af:1d:76:08:3e:c5:11:26:d7:b5:00:c2: 00:ba:b4:89:f8:f0:65:c6:ee:d3:27:25:c1:a2:d6:5a: 13:d9:0c:9d:2c:6a:b7:fb:86:45:82:dc:e4:fc:8a:63: eb:85:08:24:16:48:ef:69:89:aa:ce:bd:13:ab:a8:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ec:d1:a1:2a:4b:e9:e9:b9:3d:a4:2b:f6:96:c5:ac:20: 43:d1:1a:b2:3f:f2:9c:50:e4:f7:4a:46:11:c2:f6:2d: c5:9e:a3:19:56:0d:7f:20:8e:e3:89:b9:c6:cf:9b:a0: 52:0b:cd:b2:c9:bc:3e:e6:70:e0:64:be:54:a7:f7:5c: 31:fa:76:32:20:6c:5f:c4:94:70:c7:4c:0d:3e:72:db: b0:3f:e8:a7:e8:df:fb:f4:5a:84:dd:f8:83:3f:59:f0: 26:08:97:7a:c2:44:9f:2e:a6:14:00:23:1e:31:85:15: 43:45:6a:2f:62:36:5d:ab:6f:14:c7:af:8f:d6:1b:93 Fingerprint (SHA-256): 2B:B6:9C:2E:AF:CC:3E:D8:2A:A5:11:C2:B1:39:8A:B9:41:BA:F5:2E:6F:4D:6E:29:72:A9:E6:00:24:85:E5:D2 Fingerprint (SHA1): C9:8D:B9:4F:06:B9:E1:8D:A7:B3:A3:47:BF:A8:C5:C9:71:82:5D:61 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7141: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182281 (0x1ee2d589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:42:01 2015 Not After : Mon May 18 22:42:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b0:bd:8a:fd:86:31:25:ef:cb:b1:1b:fe:69:85:dd: 76:71:b0:a1:a0:88:65:e8:ac:23:ca:c8:ba:84:98:44: 27:f0:79:a9:9b:bc:6e:17:90:36:17:46:1e:c0:8c:a8: 67:63:16:39:03:a0:a5:28:df:48:b1:80:14:eb:61:6c: 09:9d:89:2b:af:1d:76:08:3e:c5:11:26:d7:b5:00:c2: 00:ba:b4:89:f8:f0:65:c6:ee:d3:27:25:c1:a2:d6:5a: 13:d9:0c:9d:2c:6a:b7:fb:86:45:82:dc:e4:fc:8a:63: eb:85:08:24:16:48:ef:69:89:aa:ce:bd:13:ab:a8:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ec:d1:a1:2a:4b:e9:e9:b9:3d:a4:2b:f6:96:c5:ac:20: 43:d1:1a:b2:3f:f2:9c:50:e4:f7:4a:46:11:c2:f6:2d: c5:9e:a3:19:56:0d:7f:20:8e:e3:89:b9:c6:cf:9b:a0: 52:0b:cd:b2:c9:bc:3e:e6:70:e0:64:be:54:a7:f7:5c: 31:fa:76:32:20:6c:5f:c4:94:70:c7:4c:0d:3e:72:db: b0:3f:e8:a7:e8:df:fb:f4:5a:84:dd:f8:83:3f:59:f0: 26:08:97:7a:c2:44:9f:2e:a6:14:00:23:1e:31:85:15: 43:45:6a:2f:62:36:5d:ab:6f:14:c7:af:8f:d6:1b:93 Fingerprint (SHA-256): 2B:B6:9C:2E:AF:CC:3E:D8:2A:A5:11:C2:B1:39:8A:B9:41:BA:F5:2E:6F:4D:6E:29:72:A9:E6:00:24:85:E5:D2 Fingerprint (SHA1): C9:8D:B9:4F:06:B9:E1:8D:A7:B3:A3:47:BF:A8:C5:C9:71:82:5D:61 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7142: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #7143: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182280 (0x1ee2d588) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:41:57 2015 Not After : Mon May 18 22:41:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:99:16:24:8d:9d:2b:f2:e5:c6:18:8d:2d:d5:13:8a: db:53:7a:84:1c:4c:ef:02:7a:49:32:f1:ac:68:4e:1c: 9f:b1:84:09:78:cd:d0:0f:b1:01:f2:c6:9d:17:87:a4: a6:29:e5:b2:bd:8a:71:ca:65:9f:90:3d:5b:69:ae:72: 7c:ba:d2:77:64:da:79:3e:fb:2e:ac:dd:cf:c7:1a:04: cc:50:56:85:6b:a4:df:4d:fd:f5:29:f5:8c:9e:fb:d7: 70:48:b1:ce:8a:bd:13:d1:5a:6f:ba:c9:21:b0:4f:5d: c2:7a:89:c9:48:40:c6:d1:77:2d:3c:0e:16:7e:1a:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:5a:21:2b:31:a7:82:6b:f0:5b:aa:33:5b:2b:21:77: 66:aa:4d:60:5e:6a:af:64:48:b7:7b:0a:f0:d8:12:b0: 16:dd:3f:79:b8:2b:61:d5:4e:bd:5b:94:f1:44:5e:1c: 3e:17:f2:ae:fb:cb:b7:19:49:23:ea:90:e0:43:96:a3: 06:05:2e:94:4c:77:20:4d:f8:93:56:f3:c8:40:1b:1d: fc:cf:bf:aa:be:54:bf:aa:4c:e0:32:1c:a4:0d:29:40: da:a8:df:e9:f9:de:69:1d:28:50:6a:d8:23:5f:de:4a: 14:b8:48:f0:ac:5b:26:10:c3:a0:f5:b0:3a:4c:b7:2b Fingerprint (SHA-256): 69:F2:6B:2E:CE:F4:39:04:DB:C5:C7:06:6A:27:ED:F9:FB:B4:64:D1:5C:71:06:A2:DE:BF:86:78:CD:32:F0:87 Fingerprint (SHA1): 0F:15:77:BA:F2:0B:43:4F:E4:C1:20:5E:8D:9C:F8:B7:7A:C7:90:C2 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7144: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182281 (0x1ee2d589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:42:01 2015 Not After : Mon May 18 22:42:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b0:bd:8a:fd:86:31:25:ef:cb:b1:1b:fe:69:85:dd: 76:71:b0:a1:a0:88:65:e8:ac:23:ca:c8:ba:84:98:44: 27:f0:79:a9:9b:bc:6e:17:90:36:17:46:1e:c0:8c:a8: 67:63:16:39:03:a0:a5:28:df:48:b1:80:14:eb:61:6c: 09:9d:89:2b:af:1d:76:08:3e:c5:11:26:d7:b5:00:c2: 00:ba:b4:89:f8:f0:65:c6:ee:d3:27:25:c1:a2:d6:5a: 13:d9:0c:9d:2c:6a:b7:fb:86:45:82:dc:e4:fc:8a:63: eb:85:08:24:16:48:ef:69:89:aa:ce:bd:13:ab:a8:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ec:d1:a1:2a:4b:e9:e9:b9:3d:a4:2b:f6:96:c5:ac:20: 43:d1:1a:b2:3f:f2:9c:50:e4:f7:4a:46:11:c2:f6:2d: c5:9e:a3:19:56:0d:7f:20:8e:e3:89:b9:c6:cf:9b:a0: 52:0b:cd:b2:c9:bc:3e:e6:70:e0:64:be:54:a7:f7:5c: 31:fa:76:32:20:6c:5f:c4:94:70:c7:4c:0d:3e:72:db: b0:3f:e8:a7:e8:df:fb:f4:5a:84:dd:f8:83:3f:59:f0: 26:08:97:7a:c2:44:9f:2e:a6:14:00:23:1e:31:85:15: 43:45:6a:2f:62:36:5d:ab:6f:14:c7:af:8f:d6:1b:93 Fingerprint (SHA-256): 2B:B6:9C:2E:AF:CC:3E:D8:2A:A5:11:C2:B1:39:8A:B9:41:BA:F5:2E:6F:4D:6E:29:72:A9:E6:00:24:85:E5:D2 Fingerprint (SHA1): C9:8D:B9:4F:06:B9:E1:8D:A7:B3:A3:47:BF:A8:C5:C9:71:82:5D:61 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7145: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182281 (0x1ee2d589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:42:01 2015 Not After : Mon May 18 22:42:01 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b0:bd:8a:fd:86:31:25:ef:cb:b1:1b:fe:69:85:dd: 76:71:b0:a1:a0:88:65:e8:ac:23:ca:c8:ba:84:98:44: 27:f0:79:a9:9b:bc:6e:17:90:36:17:46:1e:c0:8c:a8: 67:63:16:39:03:a0:a5:28:df:48:b1:80:14:eb:61:6c: 09:9d:89:2b:af:1d:76:08:3e:c5:11:26:d7:b5:00:c2: 00:ba:b4:89:f8:f0:65:c6:ee:d3:27:25:c1:a2:d6:5a: 13:d9:0c:9d:2c:6a:b7:fb:86:45:82:dc:e4:fc:8a:63: eb:85:08:24:16:48:ef:69:89:aa:ce:bd:13:ab:a8:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ec:d1:a1:2a:4b:e9:e9:b9:3d:a4:2b:f6:96:c5:ac:20: 43:d1:1a:b2:3f:f2:9c:50:e4:f7:4a:46:11:c2:f6:2d: c5:9e:a3:19:56:0d:7f:20:8e:e3:89:b9:c6:cf:9b:a0: 52:0b:cd:b2:c9:bc:3e:e6:70:e0:64:be:54:a7:f7:5c: 31:fa:76:32:20:6c:5f:c4:94:70:c7:4c:0d:3e:72:db: b0:3f:e8:a7:e8:df:fb:f4:5a:84:dd:f8:83:3f:59:f0: 26:08:97:7a:c2:44:9f:2e:a6:14:00:23:1e:31:85:15: 43:45:6a:2f:62:36:5d:ab:6f:14:c7:af:8f:d6:1b:93 Fingerprint (SHA-256): 2B:B6:9C:2E:AF:CC:3E:D8:2A:A5:11:C2:B1:39:8A:B9:41:BA:F5:2E:6F:4D:6E:29:72:A9:E6:00:24:85:E5:D2 Fingerprint (SHA1): C9:8D:B9:4F:06:B9:E1:8D:A7:B3:A3:47:BF:A8:C5:C9:71:82:5D:61 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7146: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7147: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182288 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7148: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7149: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7150: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182289 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7151: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7152: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #7153: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7154: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 518182290 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7155: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7156: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #7157: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7158: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 518182291 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7159: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7160: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7161: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7162: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 518182292 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7163: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7164: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 518182293 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7165: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7166: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #7167: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7168: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7169: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 518182294 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7170: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7171: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7172: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7173: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 518182295 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7174: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7175: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7176: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7177: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182296 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7178: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7179: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7180: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7181: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182297 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7182: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7183: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7184: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182288 (0x1ee2d590) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Mon May 18 22:42:33 2015 Not After : Mon May 18 22:42:33 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:90:5d:db:b7:f2:19:d9:a2:c4:e1:df:c5:df:81:d3: 61:73:36:db:3e:48:1a:7d:fd:81:d1:80:5b:9e:59:b0: aa:8e:ab:b7:05:3f:5f:0f:a5:63:37:2d:e8:67:fb:a3: 5d:1a:38:a3:fb:6e:bd:25:12:ff:f0:2c:d7:56:97:36: 6e:29:2c:c4:a1:85:c7:d0:95:f9:76:2b:f3:2d:cf:5e: 49:39:38:2b:f7:44:3d:41:da:73:fd:f9:e6:0f:0e:ca: 0c:ff:64:97:82:92:9b:96:75:4c:32:05:29:10:c5:0d: ce:f8:31:d7:13:7f:f5:2a:97:40:3f:0f:dc:87:d0:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:ef:9b:65:d8:16:09:9e:d4:40:ab:56:cf:45:fe:03: 00:ca:d9:30:09:b9:35:9a:ba:52:f3:f9:4b:f2:04:29: 9d:60:22:40:36:b8:f8:3b:66:11:be:a2:05:b2:7a:e9: 3f:d7:1c:10:bc:c5:12:e8:5f:7a:4f:d6:52:0b:75:fd: d6:60:c8:82:be:07:9e:52:a0:8f:e8:d0:8b:5e:1d:ac: cd:cb:52:ef:2d:3a:1d:1b:ab:05:bb:e0:f1:bb:99:8c: 27:9f:a1:44:3f:69:3c:52:ac:e8:62:e8:d1:d0:e1:65: 5c:d9:e7:28:7d:b0:fe:b5:9f:99:b0:b8:57:f2:10:3e Fingerprint (SHA-256): 90:CF:98:1E:06:29:2C:F3:C0:73:C2:07:AF:40:F1:C2:FB:03:29:F0:0D:7F:1C:13:08:96:03:7B:1A:98:97:BD Fingerprint (SHA1): 79:5C:E2:F8:A0:95:E9:B9:F0:99:DD:8D:D7:EF:C5:EC:13:41:3D:8C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #7185: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7186: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7187: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7188: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7189: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7190: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7191: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7192: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7193: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182289 (0x1ee2d591) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Mon May 18 22:42:37 2015 Not After : Mon May 18 22:42:37 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:74:ca:f3:0a:5d:d3:d5:06:b6:a8:44:1b:11:30:bb: 64:e7:e4:d3:b2:97:f9:c4:62:93:ed:a4:8c:f2:0a:d3: e7:ad:cf:0d:48:40:d9:02:cd:1f:94:aa:d3:8d:c8:d2: 3b:0c:bd:31:3b:28:06:e2:f1:5c:c6:03:39:83:e3:85: 6b:b2:c6:a2:68:4c:31:eb:60:ab:72:eb:bc:f0:59:f9: 73:1a:b4:8a:f1:63:7c:7f:8f:ae:c5:9e:db:d4:0b:83: 8a:81:8b:29:9b:e9:f3:30:b4:5e:bb:26:fc:21:7a:24: b5:b1:66:95:b6:19:0b:6b:41:ac:16:27:fc:af:31:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c5:c3:67:68:6b:5e:f6:ed:4a:4e:34:12:42:ff:bd:95: 88:d3:42:97:43:93:11:d4:d6:e1:2c:cf:d5:31:dc:b6: 13:40:71:af:12:61:6c:ef:83:a3:b1:0c:2d:e0:a3:97: af:e3:fd:44:42:79:d2:f3:4f:ad:07:49:c1:02:5e:08: 18:73:4f:bf:f7:ae:bc:e2:32:f0:e7:91:17:c6:3f:e2: a8:8f:9d:b6:d0:f5:48:13:d3:04:00:a0:29:1c:6a:f4: b8:72:ab:4d:39:86:c3:0a:11:24:c9:ef:c8:91:4a:b9: 89:42:67:9f:6f:96:9d:4b:76:85:72:4c:de:79:e8:f2 Fingerprint (SHA-256): 32:7D:45:D1:8C:4A:D4:19:45:92:12:99:E3:BA:2D:35:6C:F1:EC:A4:DD:B6:C9:39:4C:58:E6:DC:40:51:FB:61 Fingerprint (SHA1): 1A:04:3F:87:D3:24:A2:11:A6:DF:67:21:DE:3D:D8:D2:83:14:35:7B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #7194: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7195: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7196: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7197: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7198: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7199: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7200: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #7201: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #7202: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #7203: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #7204: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #7205: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #7206: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #7207: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #7208: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #7209: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #7210: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #7211: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7212: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182298 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7213: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7214: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7215: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7216: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 518182299 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7217: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7218: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7219: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7220: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 518182300 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7221: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7222: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7223: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7224: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 518182301 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7225: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7226: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7227: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7228: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 518182302 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7229: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7230: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #7231: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7232: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 518182303 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7233: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7234: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #7235: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7236: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 518182304 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7237: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7238: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #7239: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7240: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 518182305 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7241: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7242: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #7243: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7244: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 518182306 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7245: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7246: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7247: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182298 (0x1ee2d59a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:24 2015 Not After : Mon May 18 22:43:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 2a:4d:3f:29:9c:e7:c6:60:f0:10:13:8b:4d:1d:a8:a8: e9:6c:57:b2:5b:2d:44:0c:25:d5:27:00:ac:98:95:07: 0b:ec:e1:a3:49:2a:ae:38:02:ce:a8:08:d9:2b:7e:f3: d8:61:d0:36:5d:92:83:01:69:b4:e4:7f:8a:41:98:df: 28:80:cb:6b:6e:0e:7a:17:b6:52:f2:3f:ea:9f:f6:95: 59:e6:b9:8a:8f:0a:30:52:a6:cd:77:e8:f3:2a:57:b3: 91:51:8d:a6:eb:c1:90:98:ea:7d:aa:cd:0b:87:07:41: 08:06:0b:98:ea:60:44:b9:84:3a:4b:e4:8a:63:1e:d1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:ac:ac:b9:3e:c6:d5:2d:6c:c4:b1:06: 6a:ac:8c:b4:50:d1:f1:04:bf:02:14:1c:30:b3:63:7a: 56:12:5e:9d:b0:21:ad:0d:05:a5:f5:df:24:8d:7a Fingerprint (SHA-256): 70:A1:88:51:CC:D5:91:61:A7:BE:2A:CE:F8:80:FE:6E:B8:E7:E3:D4:CD:0D:71:6C:10:88:35:47:EB:27:71:59 Fingerprint (SHA1): CC:5E:9F:BE:F3:9D:16:98:BE:35:DD:9A:BD:1E:42:AE:B9:26:57:0A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7248: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182298 (0x1ee2d59a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:24 2015 Not After : Mon May 18 22:43:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 2a:4d:3f:29:9c:e7:c6:60:f0:10:13:8b:4d:1d:a8:a8: e9:6c:57:b2:5b:2d:44:0c:25:d5:27:00:ac:98:95:07: 0b:ec:e1:a3:49:2a:ae:38:02:ce:a8:08:d9:2b:7e:f3: d8:61:d0:36:5d:92:83:01:69:b4:e4:7f:8a:41:98:df: 28:80:cb:6b:6e:0e:7a:17:b6:52:f2:3f:ea:9f:f6:95: 59:e6:b9:8a:8f:0a:30:52:a6:cd:77:e8:f3:2a:57:b3: 91:51:8d:a6:eb:c1:90:98:ea:7d:aa:cd:0b:87:07:41: 08:06:0b:98:ea:60:44:b9:84:3a:4b:e4:8a:63:1e:d1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:ac:ac:b9:3e:c6:d5:2d:6c:c4:b1:06: 6a:ac:8c:b4:50:d1:f1:04:bf:02:14:1c:30:b3:63:7a: 56:12:5e:9d:b0:21:ad:0d:05:a5:f5:df:24:8d:7a Fingerprint (SHA-256): 70:A1:88:51:CC:D5:91:61:A7:BE:2A:CE:F8:80:FE:6E:B8:E7:E3:D4:CD:0D:71:6C:10:88:35:47:EB:27:71:59 Fingerprint (SHA1): CC:5E:9F:BE:F3:9D:16:98:BE:35:DD:9A:BD:1E:42:AE:B9:26:57:0A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7249: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182298 (0x1ee2d59a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:24 2015 Not After : Mon May 18 22:43:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 2a:4d:3f:29:9c:e7:c6:60:f0:10:13:8b:4d:1d:a8:a8: e9:6c:57:b2:5b:2d:44:0c:25:d5:27:00:ac:98:95:07: 0b:ec:e1:a3:49:2a:ae:38:02:ce:a8:08:d9:2b:7e:f3: d8:61:d0:36:5d:92:83:01:69:b4:e4:7f:8a:41:98:df: 28:80:cb:6b:6e:0e:7a:17:b6:52:f2:3f:ea:9f:f6:95: 59:e6:b9:8a:8f:0a:30:52:a6:cd:77:e8:f3:2a:57:b3: 91:51:8d:a6:eb:c1:90:98:ea:7d:aa:cd:0b:87:07:41: 08:06:0b:98:ea:60:44:b9:84:3a:4b:e4:8a:63:1e:d1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:ac:ac:b9:3e:c6:d5:2d:6c:c4:b1:06: 6a:ac:8c:b4:50:d1:f1:04:bf:02:14:1c:30:b3:63:7a: 56:12:5e:9d:b0:21:ad:0d:05:a5:f5:df:24:8d:7a Fingerprint (SHA-256): 70:A1:88:51:CC:D5:91:61:A7:BE:2A:CE:F8:80:FE:6E:B8:E7:E3:D4:CD:0D:71:6C:10:88:35:47:EB:27:71:59 Fingerprint (SHA1): CC:5E:9F:BE:F3:9D:16:98:BE:35:DD:9A:BD:1E:42:AE:B9:26:57:0A Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #7250: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182298 (0x1ee2d59a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:24 2015 Not After : Mon May 18 22:43:24 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 2a:4d:3f:29:9c:e7:c6:60:f0:10:13:8b:4d:1d:a8:a8: e9:6c:57:b2:5b:2d:44:0c:25:d5:27:00:ac:98:95:07: 0b:ec:e1:a3:49:2a:ae:38:02:ce:a8:08:d9:2b:7e:f3: d8:61:d0:36:5d:92:83:01:69:b4:e4:7f:8a:41:98:df: 28:80:cb:6b:6e:0e:7a:17:b6:52:f2:3f:ea:9f:f6:95: 59:e6:b9:8a:8f:0a:30:52:a6:cd:77:e8:f3:2a:57:b3: 91:51:8d:a6:eb:c1:90:98:ea:7d:aa:cd:0b:87:07:41: 08:06:0b:98:ea:60:44:b9:84:3a:4b:e4:8a:63:1e:d1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:15:00:ac:ac:b9:3e:c6:d5:2d:6c:c4:b1:06: 6a:ac:8c:b4:50:d1:f1:04:bf:02:14:1c:30:b3:63:7a: 56:12:5e:9d:b0:21:ad:0d:05:a5:f5:df:24:8d:7a Fingerprint (SHA-256): 70:A1:88:51:CC:D5:91:61:A7:BE:2A:CE:F8:80:FE:6E:B8:E7:E3:D4:CD:0D:71:6C:10:88:35:47:EB:27:71:59 Fingerprint (SHA1): CC:5E:9F:BE:F3:9D:16:98:BE:35:DD:9A:BD:1E:42:AE:B9:26:57:0A Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #7251: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7252: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7253: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7254: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #7255: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7256: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7257: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7258: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7259: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7260: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7261: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7262: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #7263: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7264: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7265: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7266: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #7267: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7268: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7269: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7270: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7271: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7272: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7273: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7274: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #7275: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7276: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7277: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7278: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518224422Z nextupdate=20160518224422Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:44:22 2015 Next Update: Wed May 18 22:44:22 2016 CRL Extensions: chains.sh: #7279: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518224423Z nextupdate=20160518224423Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:44:23 2015 Next Update: Wed May 18 22:44:23 2016 CRL Extensions: chains.sh: #7280: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518224424Z nextupdate=20160518224424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:44:24 2015 Next Update: Wed May 18 22:44:24 2016 CRL Extensions: chains.sh: #7281: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518224424Z nextupdate=20160518224424Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:44:24 2015 Next Update: Wed May 18 22:44:24 2016 CRL Extensions: chains.sh: #7282: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518224425Z addcert 14 20150518224425Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:44:25 2015 Next Update: Wed May 18 22:44:24 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Mon May 18 22:44:25 2015 CRL Extensions: chains.sh: #7283: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518224426Z addcert 15 20150518224426Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:44:26 2015 Next Update: Wed May 18 22:44:23 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Mon May 18 22:44:26 2015 CRL Extensions: chains.sh: #7284: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7285: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7286: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #7287: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #7288: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #7289: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #7290: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #7291: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #7292: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #7293: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:58 2015 Not After : Mon May 18 22:43:58 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:b2:52:43:26:95:e3:37:f2:46:a6:29:27:cb:e6:82: e0:37:81:43:09:c7:b0:44:78:49:8d:5e:d6:17:c1:f6: 5c:75:bb:6a:26:0d:1e:ba:0e:21:6d:eb:2b:ec:53:71: e0:af:69:ec:08:4b:8c:f3:29:d1:ed:e7:1e:d5:7c:e0: fe:c9:2a:ce:0b:cd:76:8d:fa:6d:3f:c9:52:01:98:da: 43:56:4e:da:ae:28:2e:fa:0c:6e:84:89:06:df:bf:9d: 1d:ad:d3:ac:31:7c:6a:5f:87:89:e2:91:3a:dc:55:c7: 73:82:10:83:0c:5d:37:81:cf:97:3e:54:74:f0:a7:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:c0:51:a8:6b:80:e2:e7:5f:d2:ee:fc:3f:ef:7e:9b: 7d:8e:62:6f:42:02:85:d7:cb:2f:6d:d4:bb:b8:18:ed: a0:92:f1:8d:65:e2:79:9e:b5:85:12:ef:5c:49:fd:72: b7:32:d4:18:74:31:f1:e5:a8:8a:5d:1e:10:38:b4:bc: 47:62:16:09:85:bf:c3:74:54:cc:00:ab:a1:7e:d9:b0: 75:eb:6e:68:90:8c:c2:ab:25:27:f1:98:16:e1:e4:14: 3b:fd:00:19:4c:e8:87:93:c2:b3:aa:e5:8c:1f:af:21: 7d:48:6c:7c:ee:13:c5:e8:f5:48:f9:28:d1:d0:88:38 Fingerprint (SHA-256): 94:01:9A:2E:7A:9D:68:9A:2E:BA:4D:7F:75:C7:D8:43:65:A6:75:59:EA:3C:99:01:3C:8C:62:B9:75:A2:0F:7A Fingerprint (SHA1): 70:FC:50:43:42:38:50:CE:12:BB:A6:5E:A2:9A:0A:DA:F1:76:9C:B8 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7294: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7295: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:43:58 2015 Not After : Mon May 18 22:43:58 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:b2:52:43:26:95:e3:37:f2:46:a6:29:27:cb:e6:82: e0:37:81:43:09:c7:b0:44:78:49:8d:5e:d6:17:c1:f6: 5c:75:bb:6a:26:0d:1e:ba:0e:21:6d:eb:2b:ec:53:71: e0:af:69:ec:08:4b:8c:f3:29:d1:ed:e7:1e:d5:7c:e0: fe:c9:2a:ce:0b:cd:76:8d:fa:6d:3f:c9:52:01:98:da: 43:56:4e:da:ae:28:2e:fa:0c:6e:84:89:06:df:bf:9d: 1d:ad:d3:ac:31:7c:6a:5f:87:89:e2:91:3a:dc:55:c7: 73:82:10:83:0c:5d:37:81:cf:97:3e:54:74:f0:a7:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 00:c0:51:a8:6b:80:e2:e7:5f:d2:ee:fc:3f:ef:7e:9b: 7d:8e:62:6f:42:02:85:d7:cb:2f:6d:d4:bb:b8:18:ed: a0:92:f1:8d:65:e2:79:9e:b5:85:12:ef:5c:49:fd:72: b7:32:d4:18:74:31:f1:e5:a8:8a:5d:1e:10:38:b4:bc: 47:62:16:09:85:bf:c3:74:54:cc:00:ab:a1:7e:d9:b0: 75:eb:6e:68:90:8c:c2:ab:25:27:f1:98:16:e1:e4:14: 3b:fd:00:19:4c:e8:87:93:c2:b3:aa:e5:8c:1f:af:21: 7d:48:6c:7c:ee:13:c5:e8:f5:48:f9:28:d1:d0:88:38 Fingerprint (SHA-256): 94:01:9A:2E:7A:9D:68:9A:2E:BA:4D:7F:75:C7:D8:43:65:A6:75:59:EA:3C:99:01:3C:8C:62:B9:75:A2:0F:7A Fingerprint (SHA1): 70:FC:50:43:42:38:50:CE:12:BB:A6:5E:A2:9A:0A:DA:F1:76:9C:B8 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7296: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7297: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7298: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182307 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7299: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7300: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #7301: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7302: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 518182308 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7303: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7304: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7305: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182079.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7306: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182053.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7307: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7308: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #7309: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182079.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7310: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 518182309 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7311: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7312: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7313: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182079.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7314: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182054.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7315: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7316: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #7317: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7318: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 518182310 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7319: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7320: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7321: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182079.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7322: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182055.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7323: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7324: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7325: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0-518182079.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7326: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9683/localhost-25156-CA0Root-518182056.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7327: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7328: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150518224507Z nextupdate=20160518224507Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Mon May 18 22:45:07 2015 Next Update: Wed May 18 22:45:07 2016 CRL Extensions: chains.sh: #7329: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518224508Z nextupdate=20160518224508Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:45:08 2015 Next Update: Wed May 18 22:45:08 2016 CRL Extensions: chains.sh: #7330: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150518224508Z nextupdate=20160518224508Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Mon May 18 22:45:08 2015 Next Update: Wed May 18 22:45:08 2016 CRL Extensions: chains.sh: #7331: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150518224509Z nextupdate=20160518224509Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Mon May 18 22:45:09 2015 Next Update: Wed May 18 22:45:09 2016 CRL Extensions: chains.sh: #7332: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518224510Z addcert 20 20150518224510Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:45:10 2015 Next Update: Wed May 18 22:45:08 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:45:10 2015 CRL Extensions: chains.sh: #7333: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150518224511Z addcert 40 20150518224511Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Mon May 18 22:45:11 2015 Next Update: Wed May 18 22:45:08 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Mon May 18 22:45:10 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Mon May 18 22:45:11 2015 CRL Extensions: chains.sh: #7334: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7335: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7336: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #7337: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182307 (0x1ee2d5a3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:44:38 2015 Not After : Mon May 18 22:44:38 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:0d:75:83:93:6b:a4:3d:af:c4:90:f3:c0:b7:d5:0b: 32:73:98:bc:89:a1:fa:2a:26:0e:96:da:51:ca:f4:e0: c5:6c:75:d5:d6:0c:45:3e:dd:c8:1e:0d:68:49:75:e0: 04:d6:72:51:ee:52:f5:3f:89:97:43:89:64:84:a8:be: f2:55:48:0a:c9:46:87:99:13:7b:6b:c4:b8:38:34:37: c1:56:26:30:c0:e3:4e:c1:3f:f2:23:b3:f0:c7:b6:e8: de:1d:ec:46:0e:7f:df:09:c3:92:ea:9f:5e:02:ff:4c: 97:19:82:2b:76:2d:13:51:e0:96:55:d4:4f:d9:02:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 07:06:87:40:f7:ff:35:39:d1:3b:61:6a:81:97:12:72: f1:f3:31:e5:a4:e2:16:6f:eb:2b:17:b5:40:af:84:6a: eb:b8:3b:5b:de:de:62:bf:5b:3c:19:26:b2:75:19:d8: d0:d5:0a:76:96:97:b5:52:47:27:cd:41:02:5d:bf:c4: 15:78:f4:f9:55:9a:10:19:23:45:08:8a:43:b2:95:12: 9c:4e:97:97:76:73:73:74:57:c2:ba:cf:ed:cf:43:0c: 75:ca:c8:a9:71:90:f0:50:f5:89:18:88:5d:1e:1a:d3: ab:39:ef:f4:25:e3:8c:8c:50:63:be:3e:18:dd:69:f1 Fingerprint (SHA-256): CB:97:E5:E2:1A:67:0E:71:6D:5F:F8:E3:79:D1:26:75:E1:F6:B3:50:CB:AC:4F:FC:94:03:51:B9:A5:50:30:2B Fingerprint (SHA1): F8:1E:F3:73:EE:E1:1B:97:C0:67:D9:47:9F:82:D7:39:23:C9:65:36 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7338: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7339: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182307 (0x1ee2d5a3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Mon May 18 22:44:38 2015 Not After : Mon May 18 22:44:38 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:0d:75:83:93:6b:a4:3d:af:c4:90:f3:c0:b7:d5:0b: 32:73:98:bc:89:a1:fa:2a:26:0e:96:da:51:ca:f4:e0: c5:6c:75:d5:d6:0c:45:3e:dd:c8:1e:0d:68:49:75:e0: 04:d6:72:51:ee:52:f5:3f:89:97:43:89:64:84:a8:be: f2:55:48:0a:c9:46:87:99:13:7b:6b:c4:b8:38:34:37: c1:56:26:30:c0:e3:4e:c1:3f:f2:23:b3:f0:c7:b6:e8: de:1d:ec:46:0e:7f:df:09:c3:92:ea:9f:5e:02:ff:4c: 97:19:82:2b:76:2d:13:51:e0:96:55:d4:4f:d9:02:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 07:06:87:40:f7:ff:35:39:d1:3b:61:6a:81:97:12:72: f1:f3:31:e5:a4:e2:16:6f:eb:2b:17:b5:40:af:84:6a: eb:b8:3b:5b:de:de:62:bf:5b:3c:19:26:b2:75:19:d8: d0:d5:0a:76:96:97:b5:52:47:27:cd:41:02:5d:bf:c4: 15:78:f4:f9:55:9a:10:19:23:45:08:8a:43:b2:95:12: 9c:4e:97:97:76:73:73:74:57:c2:ba:cf:ed:cf:43:0c: 75:ca:c8:a9:71:90:f0:50:f5:89:18:88:5d:1e:1a:d3: ab:39:ef:f4:25:e3:8c:8c:50:63:be:3e:18:dd:69:f1 Fingerprint (SHA-256): CB:97:E5:E2:1A:67:0E:71:6D:5F:F8:E3:79:D1:26:75:E1:F6:B3:50:CB:AC:4F:FC:94:03:51:B9:A5:50:30:2B Fingerprint (SHA1): F8:1E:F3:73:EE:E1:1B:97:C0:67:D9:47:9F:82:D7:39:23:C9:65:36 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7340: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7341: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #7342: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182311 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7343: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #7344: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7345: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7346: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 518182312 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7347: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7348: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7349: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7350: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 518182313 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7351: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7352: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7353: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7354: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 518182314 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7355: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7356: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #7357: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 518182315 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7358: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #7359: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #7360: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7361: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 518182316 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7362: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7363: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7364: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7365: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 518182317 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7366: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7367: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #7368: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #7369: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #7370: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182311 (0x1ee2d5a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:45:20 2015 Not After : Mon May 18 22:45:20 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:58:9e:a2:54:32:7c:f8:b2:71:76:9a:b9:85:e2:cd: 91:d6:f2:f3:a4:23:e4:b8:a5:d2:f7:aa:e6:09:4c:f8: ac:3c:31:fd:99:74:05:10:f0:5b:b3:38:47:0e:08:27: 7f:cd:7b:af:54:ac:60:fc:7f:30:f6:f3:88:a3:c3:19: 65:c2:25:93:d6:b2:64:a6:06:b2:dd:bf:37:02:be:42: 8b:7c:2c:7a:7e:69:49:35:d1:9c:79:24:73:82:4d:ba: 24:83:cf:a0:76:25:1f:a3:cd:e0:82:95:5a:cb:d0:9e: 4c:3d:80:db:45:cd:83:b0:7d:5a:fd:38:49:4a:fe:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:20:2d:46:47:27:18:77:e5:1a:bd:6a:e3:62:d2:79: 77:bf:0b:ba:cf:8f:11:2b:56:3c:86:e5:cf:79:5a:b9: 0e:da:40:eb:9a:41:ae:0f:18:9e:8e:a6:7b:25:81:4a: 4c:8d:61:f1:d4:54:af:48:9d:ac:fd:69:42:6c:81:20: b4:03:20:b4:ff:74:bc:9d:5c:2b:e3:ed:fc:c3:7b:11: 64:f5:18:09:6e:1a:81:53:77:92:e0:23:59:53:64:90: 50:cf:4e:78:da:30:bf:70:70:40:c5:6c:50:4f:f6:3c: 8c:ac:14:d7:28:46:fc:b5:54:d4:0c:63:90:ff:6e:ba Fingerprint (SHA-256): C4:38:0C:D5:58:C7:2F:E7:19:F0:C2:DE:6B:B6:37:CD:8C:47:CF:C6:50:A3:32:43:A8:37:70:49:D8:D0:55:FA Fingerprint (SHA1): 60:02:8F:61:9B:6C:7F:59:E7:39:E1:7A:30:37:58:7E:C5:7F:42:6C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7371: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182313 (0x1ee2d5a9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:45:29 2015 Not After : Mon May 18 22:45:29 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:22:b5:cd:46:22:a0:dc:bd:c5:86:ef:74:73:23:f9: 67:86:65:f9:4c:08:a0:ae:74:49:4e:4d:7c:df:9b:6a: fe:04:be:54:93:ad:61:07:3f:bc:d6:f1:62:d9:58:b7: 1e:44:62:a7:8e:9f:37:c3:f3:0c:ff:21:cc:bd:cc:ac: 3c:6e:8d:2b:8c:a9:50:c4:1c:e3:dd:8a:85:31:bc:2d: a2:87:56:08:d8:1e:ca:65:75:f7:69:98:04:28:f2:90: 73:86:55:ff:c5:cd:42:b9:0d:9d:72:e7:d3:d8:f7:c1: f3:91:32:47:83:de:0e:c0:c8:43:0d:41:a6:fa:13:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:45:3d:8c:40:5d:1d:dc:e3:da:9f:00:ef:d8:ba:01: 63:2b:91:99:a2:2a:71:5b:c8:cd:54:bb:f3:34:c0:51: 50:41:fb:37:64:00:87:ca:73:ae:88:a1:8c:6f:a1:86: 20:d7:d5:9a:6e:0d:a3:1b:92:56:f0:1f:2d:7e:72:7d: 44:32:7b:f8:f3:2f:00:8a:85:8e:a7:cb:6c:9f:0f:0d: 2b:73:6a:04:7c:96:b3:24:98:f0:58:f8:70:cc:7a:b6: e9:ab:57:4e:a3:bb:80:f4:9d:c2:af:de:d7:34:25:48: a6:e0:3d:4c:a1:83:ce:6e:4a:2e:86:0d:5f:d8:82:37 Fingerprint (SHA-256): 77:C2:1D:4C:A3:52:51:05:C9:02:56:E4:4F:B2:D4:A5:11:7B:9E:38:86:6D:73:9F:B6:E2:7A:45:0A:BD:47:05 Fingerprint (SHA1): B3:4E:C4:37:15:D6:C8:E9:7C:DB:DE:6C:15:8C:CF:98:7B:8E:3B:E8 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #7372: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182311 (0x1ee2d5a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:45:20 2015 Not After : Mon May 18 22:45:20 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:58:9e:a2:54:32:7c:f8:b2:71:76:9a:b9:85:e2:cd: 91:d6:f2:f3:a4:23:e4:b8:a5:d2:f7:aa:e6:09:4c:f8: ac:3c:31:fd:99:74:05:10:f0:5b:b3:38:47:0e:08:27: 7f:cd:7b:af:54:ac:60:fc:7f:30:f6:f3:88:a3:c3:19: 65:c2:25:93:d6:b2:64:a6:06:b2:dd:bf:37:02:be:42: 8b:7c:2c:7a:7e:69:49:35:d1:9c:79:24:73:82:4d:ba: 24:83:cf:a0:76:25:1f:a3:cd:e0:82:95:5a:cb:d0:9e: 4c:3d:80:db:45:cd:83:b0:7d:5a:fd:38:49:4a:fe:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:20:2d:46:47:27:18:77:e5:1a:bd:6a:e3:62:d2:79: 77:bf:0b:ba:cf:8f:11:2b:56:3c:86:e5:cf:79:5a:b9: 0e:da:40:eb:9a:41:ae:0f:18:9e:8e:a6:7b:25:81:4a: 4c:8d:61:f1:d4:54:af:48:9d:ac:fd:69:42:6c:81:20: b4:03:20:b4:ff:74:bc:9d:5c:2b:e3:ed:fc:c3:7b:11: 64:f5:18:09:6e:1a:81:53:77:92:e0:23:59:53:64:90: 50:cf:4e:78:da:30:bf:70:70:40:c5:6c:50:4f:f6:3c: 8c:ac:14:d7:28:46:fc:b5:54:d4:0c:63:90:ff:6e:ba Fingerprint (SHA-256): C4:38:0C:D5:58:C7:2F:E7:19:F0:C2:DE:6B:B6:37:CD:8C:47:CF:C6:50:A3:32:43:A8:37:70:49:D8:D0:55:FA Fingerprint (SHA1): 60:02:8F:61:9B:6C:7F:59:E7:39:E1:7A:30:37:58:7E:C5:7F:42:6C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7373: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #7374: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182311 (0x1ee2d5a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:45:20 2015 Not After : Mon May 18 22:45:20 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:58:9e:a2:54:32:7c:f8:b2:71:76:9a:b9:85:e2:cd: 91:d6:f2:f3:a4:23:e4:b8:a5:d2:f7:aa:e6:09:4c:f8: ac:3c:31:fd:99:74:05:10:f0:5b:b3:38:47:0e:08:27: 7f:cd:7b:af:54:ac:60:fc:7f:30:f6:f3:88:a3:c3:19: 65:c2:25:93:d6:b2:64:a6:06:b2:dd:bf:37:02:be:42: 8b:7c:2c:7a:7e:69:49:35:d1:9c:79:24:73:82:4d:ba: 24:83:cf:a0:76:25:1f:a3:cd:e0:82:95:5a:cb:d0:9e: 4c:3d:80:db:45:cd:83:b0:7d:5a:fd:38:49:4a:fe:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:20:2d:46:47:27:18:77:e5:1a:bd:6a:e3:62:d2:79: 77:bf:0b:ba:cf:8f:11:2b:56:3c:86:e5:cf:79:5a:b9: 0e:da:40:eb:9a:41:ae:0f:18:9e:8e:a6:7b:25:81:4a: 4c:8d:61:f1:d4:54:af:48:9d:ac:fd:69:42:6c:81:20: b4:03:20:b4:ff:74:bc:9d:5c:2b:e3:ed:fc:c3:7b:11: 64:f5:18:09:6e:1a:81:53:77:92:e0:23:59:53:64:90: 50:cf:4e:78:da:30:bf:70:70:40:c5:6c:50:4f:f6:3c: 8c:ac:14:d7:28:46:fc:b5:54:d4:0c:63:90:ff:6e:ba Fingerprint (SHA-256): C4:38:0C:D5:58:C7:2F:E7:19:F0:C2:DE:6B:B6:37:CD:8C:47:CF:C6:50:A3:32:43:A8:37:70:49:D8:D0:55:FA Fingerprint (SHA1): 60:02:8F:61:9B:6C:7F:59:E7:39:E1:7A:30:37:58:7E:C5:7F:42:6C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7375: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182313 (0x1ee2d5a9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Mon May 18 22:45:29 2015 Not After : Mon May 18 22:45:29 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:22:b5:cd:46:22:a0:dc:bd:c5:86:ef:74:73:23:f9: 67:86:65:f9:4c:08:a0:ae:74:49:4e:4d:7c:df:9b:6a: fe:04:be:54:93:ad:61:07:3f:bc:d6:f1:62:d9:58:b7: 1e:44:62:a7:8e:9f:37:c3:f3:0c:ff:21:cc:bd:cc:ac: 3c:6e:8d:2b:8c:a9:50:c4:1c:e3:dd:8a:85:31:bc:2d: a2:87:56:08:d8:1e:ca:65:75:f7:69:98:04:28:f2:90: 73:86:55:ff:c5:cd:42:b9:0d:9d:72:e7:d3:d8:f7:c1: f3:91:32:47:83:de:0e:c0:c8:43:0d:41:a6:fa:13:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:45:3d:8c:40:5d:1d:dc:e3:da:9f:00:ef:d8:ba:01: 63:2b:91:99:a2:2a:71:5b:c8:cd:54:bb:f3:34:c0:51: 50:41:fb:37:64:00:87:ca:73:ae:88:a1:8c:6f:a1:86: 20:d7:d5:9a:6e:0d:a3:1b:92:56:f0:1f:2d:7e:72:7d: 44:32:7b:f8:f3:2f:00:8a:85:8e:a7:cb:6c:9f:0f:0d: 2b:73:6a:04:7c:96:b3:24:98:f0:58:f8:70:cc:7a:b6: e9:ab:57:4e:a3:bb:80:f4:9d:c2:af:de:d7:34:25:48: a6:e0:3d:4c:a1:83:ce:6e:4a:2e:86:0d:5f:d8:82:37 Fingerprint (SHA-256): 77:C2:1D:4C:A3:52:51:05:C9:02:56:E4:4F:B2:D4:A5:11:7B:9E:38:86:6D:73:9F:B6:E2:7A:45:0A:BD:47:05 Fingerprint (SHA1): B3:4E:C4:37:15:D6:C8:E9:7C:DB:DE:6C:15:8C:CF:98:7B:8E:3B:E8 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #7376: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #7377: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #7378: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #7379: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182311 (0x1ee2d5a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:45:20 2015 Not After : Mon May 18 22:45:20 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:58:9e:a2:54:32:7c:f8:b2:71:76:9a:b9:85:e2:cd: 91:d6:f2:f3:a4:23:e4:b8:a5:d2:f7:aa:e6:09:4c:f8: ac:3c:31:fd:99:74:05:10:f0:5b:b3:38:47:0e:08:27: 7f:cd:7b:af:54:ac:60:fc:7f:30:f6:f3:88:a3:c3:19: 65:c2:25:93:d6:b2:64:a6:06:b2:dd:bf:37:02:be:42: 8b:7c:2c:7a:7e:69:49:35:d1:9c:79:24:73:82:4d:ba: 24:83:cf:a0:76:25:1f:a3:cd:e0:82:95:5a:cb:d0:9e: 4c:3d:80:db:45:cd:83:b0:7d:5a:fd:38:49:4a:fe:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:20:2d:46:47:27:18:77:e5:1a:bd:6a:e3:62:d2:79: 77:bf:0b:ba:cf:8f:11:2b:56:3c:86:e5:cf:79:5a:b9: 0e:da:40:eb:9a:41:ae:0f:18:9e:8e:a6:7b:25:81:4a: 4c:8d:61:f1:d4:54:af:48:9d:ac:fd:69:42:6c:81:20: b4:03:20:b4:ff:74:bc:9d:5c:2b:e3:ed:fc:c3:7b:11: 64:f5:18:09:6e:1a:81:53:77:92:e0:23:59:53:64:90: 50:cf:4e:78:da:30:bf:70:70:40:c5:6c:50:4f:f6:3c: 8c:ac:14:d7:28:46:fc:b5:54:d4:0c:63:90:ff:6e:ba Fingerprint (SHA-256): C4:38:0C:D5:58:C7:2F:E7:19:F0:C2:DE:6B:B6:37:CD:8C:47:CF:C6:50:A3:32:43:A8:37:70:49:D8:D0:55:FA Fingerprint (SHA1): 60:02:8F:61:9B:6C:7F:59:E7:39:E1:7A:30:37:58:7E:C5:7F:42:6C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7380: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182315 (0x1ee2d5ab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:45:37 2015 Not After : Mon May 18 22:45:37 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:b9:9f:81:46:a6:86:04:1e:09:d8:c8:73:13:2c:e9: c5:9b:43:95:44:d6:32:e1:e4:35:37:dd:14:c7:90:e8: 23:da:83:14:78:fc:3d:2b:3a:9b:56:91:c5:18:60:dd: 8f:59:26:e3:3a:16:ee:68:c5:5f:cd:b7:ef:25:18:31: 6d:ae:f3:fe:0f:65:ad:d5:73:79:c3:0e:3a:db:cb:01: aa:16:80:6b:fd:08:29:00:14:cd:0a:80:0f:70:90:ab: dd:65:8d:e0:26:d2:fd:c3:53:cc:29:22:3d:2b:5f:a4: 90:59:0e:6c:83:89:c3:84:71:fd:cc:38:3f:94:5f:2f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:95:67:78:a5:c5:2d:d6:4a:bb:a6:9d:c8:e9:87:e8: 08:3d:64:c8:78:ac:e0:47:2a:7c:84:82:0f:19:ed:ae: dc:0f:4b:2b:e7:93:2a:1f:9e:77:e1:ab:cb:df:f6:67: 50:4d:a5:14:6e:86:9a:85:51:12:38:4d:86:07:40:c3: cf:f1:d0:c0:81:60:a3:57:9b:aa:6e:77:7e:ba:16:e3: 32:28:cc:72:d8:49:f5:bb:3e:28:a4:9d:ba:e1:27:7f: 6c:3d:6d:c0:0a:01:30:04:ef:f2:bd:d1:7c:2c:4c:72: 91:2c:ed:9f:de:0a:b6:0c:f2:64:27:52:15:59:50:1c Fingerprint (SHA-256): F1:E5:10:28:10:2F:7D:74:9F:B4:86:F6:EC:FB:EA:96:95:5F:45:B7:B2:1D:4A:3B:AA:BA:65:62:C1:E4:48:9E Fingerprint (SHA1): 19:1F:11:0E:A4:4F:7A:12:BB:9F:AE:80:AB:62:70:D2:D0:3B:64:4F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #7381: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182311 (0x1ee2d5a7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Mon May 18 22:45:20 2015 Not After : Mon May 18 22:45:20 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:58:9e:a2:54:32:7c:f8:b2:71:76:9a:b9:85:e2:cd: 91:d6:f2:f3:a4:23:e4:b8:a5:d2:f7:aa:e6:09:4c:f8: ac:3c:31:fd:99:74:05:10:f0:5b:b3:38:47:0e:08:27: 7f:cd:7b:af:54:ac:60:fc:7f:30:f6:f3:88:a3:c3:19: 65:c2:25:93:d6:b2:64:a6:06:b2:dd:bf:37:02:be:42: 8b:7c:2c:7a:7e:69:49:35:d1:9c:79:24:73:82:4d:ba: 24:83:cf:a0:76:25:1f:a3:cd:e0:82:95:5a:cb:d0:9e: 4c:3d:80:db:45:cd:83:b0:7d:5a:fd:38:49:4a:fe:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:20:2d:46:47:27:18:77:e5:1a:bd:6a:e3:62:d2:79: 77:bf:0b:ba:cf:8f:11:2b:56:3c:86:e5:cf:79:5a:b9: 0e:da:40:eb:9a:41:ae:0f:18:9e:8e:a6:7b:25:81:4a: 4c:8d:61:f1:d4:54:af:48:9d:ac:fd:69:42:6c:81:20: b4:03:20:b4:ff:74:bc:9d:5c:2b:e3:ed:fc:c3:7b:11: 64:f5:18:09:6e:1a:81:53:77:92:e0:23:59:53:64:90: 50:cf:4e:78:da:30:bf:70:70:40:c5:6c:50:4f:f6:3c: 8c:ac:14:d7:28:46:fc:b5:54:d4:0c:63:90:ff:6e:ba Fingerprint (SHA-256): C4:38:0C:D5:58:C7:2F:E7:19:F0:C2:DE:6B:B6:37:CD:8C:47:CF:C6:50:A3:32:43:A8:37:70:49:D8:D0:55:FA Fingerprint (SHA1): 60:02:8F:61:9B:6C:7F:59:E7:39:E1:7A:30:37:58:7E:C5:7F:42:6C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7382: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #7383: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #7384: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #7385: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #7386: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #7387: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 518182316 (0x1ee2d5ac) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Mon May 18 22:45:41 2015 Not After : Mon May 18 22:45:41 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d0:42:fd:0f:e3:2d:6f:47:7d:c1:fc:5a:b5:ad:71:f5: d3:bf:d9:c3:ac:61:b4:48:dd:7a:8f:e2:48:5f:81:5e: 39:72:c3:bc:ad:4a:a1:d8:46:ab:c0:b5:df:c1:53:f5: b9:6c:22:4a:67:5f:9c:66:c0:2f:10:ab:5f:6d:0e:cf: b8:53:b8:0d:cd:03:b6:45:5d:9e:90:68:b1:29:9b:24: aa:6c:d3:74:f0:9e:ff:56:1d:6f:7d:34:35:ad:8a:fc: 12:3a:8c:78:98:10:4d:14:b4:3f:97:14:5c:53:a1:2d: 9f:bf:f3:d3:56:19:37:cb:16:30:8f:eb:2b:3e:a1:f1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:3d:d4:2a:8b:3c:bd:d3:c5:dd:68:20:c9:2f:4e:31: a0:ef:e7:76:80:f4:b6:86:84:16:cc:06:18:b7:01:5e: ff:2b:9e:d7:0e:a1:7c:f0:e4:5d:e4:0b:9c:3f:ea:e3: ee:6c:88:e2:49:be:47:f6:f8:ac:c8:4b:62:e0:08:9e: 5b:f7:17:f7:16:86:96:fc:67:46:47:80:8e:54:a8:00: ae:03:25:18:8b:c8:b4:9a:35:0b:e7:96:c4:51:f7:d3: f7:7d:c5:5f:ce:bf:f6:da:f5:57:68:f9:8c:08:c0:85: 81:fc:61:e5:69:61:e2:13:69:66:23:35:2a:45:b7:ee Fingerprint (SHA-256): C1:4A:BD:B9:7B:D6:AD:40:5C:BF:C7:56:F5:93:E2:0A:1C:19:0D:79:AA:C6:F1:40:0D:E6:FE:9A:21:53:96:1D Fingerprint (SHA1): 4A:CA:35:84:4C:B9:22:E5:4C:F2:06:28:C8:79:E5:37:C6:CC:0F:8C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #7388: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #7389: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #7390: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #7391: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #7392: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7393: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7394: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #7395: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7396: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7397: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #7398: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7399: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7400: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7401: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7402: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7403: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7404: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7405: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7406: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7407: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7408: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #7409: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7410: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #7411: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 4911 at Mon May 18 18:46:18 EDT 2015 kill -USR1 4911 httpserv: normal termination httpserv -b -p 9683 2>/dev/null; httpserv with PID 4911 killed at Mon May 18 18:46:19 EDT 2015 TIMESTAMP chains END: Mon May 18 18:46:19 EDT 2015 SUMMARY: ======== NSS variables: -------------- HOST=localhost DOMSUF=localdomain BUILD_OPT=1 USE_X32= USE_64= NSS_CYCLES="" NSS_TESTS="" NSS_SSL_TESTS="crl bypass_normal normal_bypass fips_normal normal_fips iopr" NSS_SSL_RUN="cov auth stapling stress" NSS_AIA_PATH= NSS_AIA_HTTP= NSS_AIA_OCSP= IOPR_HOSTADDR_LIST= PKITS_DATA= Tests summary: -------------- Passed: 7393 Failed: 18 Failed with core: 0 Unknown status: 0 ~/build/BUILD/nss-3.16.2.3 + popd + killall selfserv_9673 selfserv_9673: no process found + : ++ grep -c FAILED ./tests_results/security/localhost.1/output.log + TEST_FAILURES=18 RPM build errors: /var/tmp/rpm-tmp.k0wkwt: line 119: syntax error near unexpected token `fi' error: Bad exit status from /var/tmp/rpm-tmp.k0wkwt (%check) bogus date in %changelog: Thu Mar 20 2015 Jim Perrin - 3.16.2.3-5.el7.0.1 Bad exit status from /var/tmp/rpm-tmp.k0wkwt (%check) Child return code was: 1 EXCEPTION: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/mockbuild/trace_decorator.py", line 70, in trace result = func(*args, **kw) File "/usr/lib/python2.7/site-packages/mockbuild/util.py", line 378, in do raise mockbuild.exception.Error, ("Command failed. See logs for output.\n # %s" % (command,), child.returncode) Error: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] LEAVE do --> EXCEPTION RAISED Mock Version: 1.1.41 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} Building target platforms: armv7hl Building for target armv7hl Wrote: /builddir/build/SRPMS/nss-3.16.2.3-5.el7.0.1.src.rpm Child return code was: 0 LEAVE do --> ENTER do(['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'], False, '/var/lib/mock/centos-7-1-pass1-armhfp/root/', None, 0, True, False, 1000, 135, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bb --target armv7hl --nodeps builddir/build/SPECS/nss.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'CCACHE_DIR': '/tmp/ccache', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'CCACHE_UMASK': '002'} Building target platforms: armv7hl Building for target armv7hl Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.kGeY3x + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf nss-3.16.2.3 + /usr/bin/gzip -dc /builddir/build/SOURCES/nss-3.16.2.3.tar.gz + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd nss-3.16.2.3 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/cp /builddir/build/SOURCES/PayPalEE.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestCA.ca.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser50.cert -f ./nss/tests/libpkix/certs + /usr/bin/cp /builddir/build/SOURCES/TestUser51.cert -f ./nss/tests/libpkix/certs + cd /builddir/build/BUILD + cd nss-3.16.2.3 + /usr/bin/bzip2 -dc /builddir/build/SOURCES/nss-pem-20140125.tar.bz2 + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + echo 'Patch #2 (add-relro-linker-option.patch):' Patch #2 (add-relro-linker-option.patch): + /usr/bin/cat /builddir/build/SOURCES/add-relro-linker-option.patch + /usr/bin/patch -p0 -b --suffix .relro --fuzz=0 patching file nss/coreconf/Linux.mk Hunk #1 succeeded at 176 (offset 2 lines). Patch #3 (renegotiate-transitional.patch): + echo 'Patch #3 (renegotiate-transitional.patch):' + /usr/bin/cat /builddir/build/SOURCES/renegotiate-transitional.patch + /usr/bin/patch -p0 -b --suffix .transitional --fuzz=0 patching file nss/lib/ssl/sslsock.c Hunk #1 succeeded at 74 (offset -75 lines). Patch #6 (nss-enable-pem.patch): + echo 'Patch #6 (nss-enable-pem.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-enable-pem.patch + /usr/bin/patch -p0 -b --suffix .libpem --fuzz=0 patching file nss/lib/ckfw/manifest.mn Patch #16 (nss-539183.patch): + echo 'Patch #16 (nss-539183.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-539183.patch + /usr/bin/patch -p0 -b --suffix .539183 --fuzz=0 patching file nss/cmd/httpserv/httpserv.c Hunk #1 succeeded at 938 (offset 277 lines). patching file nss/cmd/selfserv/selfserv.c + echo 'Patch #18 (nss-646045.patch):' Patch #18 (nss-646045.patch): + /usr/bin/cat /builddir/build/SOURCES/nss-646045.patch + /usr/bin/patch -p0 -b --suffix .646045 --fuzz=0 patching file nss/tests/dbtests/dbtests.sh + echo 'Patch #25 (nsspem-use-system-freebl.patch):' Patch #25 (nsspem-use-system-freebl.patch): + /usr/bin/cat /builddir/build/SOURCES/nsspem-use-system-freebl.patch + /usr/bin/patch -p0 -b --suffix .systemfreebl --fuzz=0 patching file nss/lib/ckfw/pem/config.mk patching file nss/lib/ckfw/pem/Makefile patching file nss/lib/ckfw/pem/manifest.mn + echo 'Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch):' Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch): + /usr/bin/cat /builddir/build/SOURCES/nss-3.14.0.0-disble-ocsp-test.patch + /usr/bin/patch -p0 -b --suffix .noocsptest --fuzz=0 patching file nss/tests/chains/scenarios/scenarios Hunk #1 succeeded at 59 (offset 9 lines). Patch #47 (utilwrap-include-templates.patch): + echo 'Patch #47 (utilwrap-include-templates.patch):' + /usr/bin/cat /builddir/build/SOURCES/utilwrap-include-templates.patch + /usr/bin/patch -p0 -b --suffix .templates --fuzz=0 patching file nss/lib/nss/config.mk Patch #49 (nss-skip-bltest-and-fipstest.patch): + echo 'Patch #49 (nss-skip-bltest-and-fipstest.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-skip-bltest-and-fipstest.patch + /usr/bin/patch -p0 -b --suffix .skipthem --fuzz=0 patching file nss/cmd/Makefile Patch #50 (iquote.patch): + echo 'Patch #50 (iquote.patch):' + /usr/bin/cat /builddir/build/SOURCES/iquote.patch + /usr/bin/patch -p0 -b --suffix .iquote --fuzz=0 patching file ./nss/cmd/bltest/Makefile patching file ./nss/cmd/httpserv/Makefile patching file ./nss/cmd/lib/Makefile patching file ./nss/cmd/modutil/Makefile patching file ./nss/cmd/selfserv/Makefile patching file ./nss/cmd/ssltap/Makefile patching file ./nss/cmd/strsclnt/Makefile patching file ./nss/cmd/tstclnt/Makefile patching file ./nss/cmd/vfyserv/Makefile patching file ./nss/coreconf/location.mk patching file ./nss/lib/certhigh/Makefile patching file ./nss/lib/cryptohi/Makefile patching file ./nss/lib/libpkix/pkix/checker/Makefile patching file ./nss/lib/nss/Makefile ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #52 (Bug-1001841-disable-sslv2-libssl.patch): + pushd nss + echo 'Patch #52 (Bug-1001841-disable-sslv2-libssl.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-libssl.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2libssl --fuzz=0 patching file lib/ssl/config.mk patching file lib/ssl/sslsock.c Hunk #1 succeeded at 650 (offset 1 line). Hunk #2 succeeded at 675 (offset 1 line). Patch #53 (Bug-1001841-disable-sslv2-tests.patch): + echo 'Patch #53 (Bug-1001841-disable-sslv2-tests.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1001841-disable-sslv2-tests.patch + /usr/bin/patch -p1 -b --suffix .disableSSL2tests --fuzz=0 + popd + echo 'Patch #55 (enable-fips-when-system-is-in-fips-mode.patch):' patching file tests/ssl/ssl.sh patching file tests/ssl/sslcov.noSSL2orExport.txt patching file tests/ssl/sslstress.noSSL2orExport.txt ~/build/BUILD/nss-3.16.2.3 Patch #55 (enable-fips-when-system-is-in-fips-mode.patch): patching file nss/lib/pk11wrap/pk11pars.c patching file nss/lib/pk11wrap/pk11util.c + /usr/bin/cat /builddir/build/SOURCES/enable-fips-when-system-is-in-fips-mode.patch + /usr/bin/patch -p0 -b --suffix .852023 --fuzz=0 + echo 'Patch #56 (p-ignore-setpolicy.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-ignore-setpolicy.patch + /usr/bin/patch -p0 -b --suffix .1026677 --fuzz=0 patching file nss/lib/pk11wrap/secmodi.h Hunk #1 succeeded at 113 (offset -3 lines). Patch #56 (p-ignore-setpolicy.patch): patching file ./nss/lib/ssl/sslsock.c Hunk #1 succeeded at 1328 (offset 13 lines). Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch): + echo 'Patch #62 (dont-hold-issuer-cert-handles-in-crl-cache.patch):' + /usr/bin/cat /builddir/build/SOURCES/dont-hold-issuer-cert-handles-in-crl-cache.patch + /usr/bin/patch -p0 -b --suffix .1034409 --fuzz=0 patching file ./nss/lib/certdb/certi.h patching file ./nss/lib/certdb/crl.c patching file ./nss/tests/chains/chains.sh ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch): + pushd nss + echo 'Patch #64 (Crash-in-stan_GetCERTCertificate-rhbz1094468.patch):' + /usr/bin/cat /builddir/build/SOURCES/Crash-in-stan_GetCERTCertificate-rhbz1094468.patch + /usr/bin/patch -p1 -b --suffix .1094468 --fuzz=0 patching file lib/pki/pki3hack.c patching file lib/pki/tdcache.c Patch #88 (p-1083360.patch): + echo 'Patch #88 (p-1083360.patch):' + /usr/bin/cat /builddir/build/SOURCES/p-1083360.patch + /usr/bin/patch -p1 -b --suffix .support_tls_fallback_scsv --fuzz=0 patching file cmd/ssltap/ssltap.c patching file cmd/tstclnt/tstclnt.c ~/build/BUILD/nss-3.16.2.3 Patch #89 (certutil-man-supply-missing-options.patch): + popd + echo 'Patch #89 (certutil-man-supply-missing-options.patch):' + /usr/bin/cat /builddir/build/SOURCES/certutil-man-supply-missing-options.patch + /usr/bin/patch -p0 -b --suffix .missing_options --fuzz=0 patching file ./nss/doc/certutil.xml ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 Patch #90 (Bug-1174527-fixsegfault.patch): + pushd nss + echo 'Patch #90 (Bug-1174527-fixsegfault.patch):' + /usr/bin/cat /builddir/build/SOURCES/Bug-1174527-fixsegfault.patch + /usr/bin/patch -p1 -b --suffix .1174527 --fuzz=0 + echo 'Patch #1001 (0001-paypal-fix.patch):' patching file lib/pkcs12/p12local.c Patch #1001 (0001-paypal-fix.patch): patching file tests/chains/scenarios/realcerts.cfg ~/build/BUILD/nss-3.16.2.3 Patch #91 (nss-3.16-tcache-race.patch): + /usr/bin/cat /builddir/build/SOURCES/0001-paypal-fix.patch + /usr/bin/patch -p1 -b --suffix .paypal --fuzz=0 + popd + echo 'Patch #91 (nss-3.16-tcache-race.patch):' + /usr/bin/cat /builddir/build/SOURCES/nss-3.16-tcache-race.patch + /usr/bin/patch -p0 -b --suffix .race --fuzz=0 patching file ./nss/lib/pki/tdcache.c + pemNeedsFromSoftoken='lowkeyi lowkeyti softoken softoknt' + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoken.h ./nss/lib/ckfw/pem/ + for file in '${pemNeedsFromSoftoken}' + /usr/bin/cp ./nss/lib/softoken/softoknt.h ./nss/lib/ckfw/pem/ + /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf + /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf + /usr/bin/rm -rf ./nss/lib/freebl + /usr/bin/rm -rf ./nss/lib/softoken + /usr/bin/rm -rf ./nss/lib/util + /usr/bin/rm -rf ./nss/cmd/bltest + /usr/bin/rm -rf ./nss/cmd/fipstest + /usr/bin/rm -rf ./nss/cmd/rsaperf_low Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.aD0Cy2 + exit 0 + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + NSS_NO_PKCS11_BYPASS=1 + export NSS_NO_PKCS11_BYPASS + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + XCFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard' + export XCFLAGS + PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 + PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + export PKG_CONFIG_ALLOW_SYSTEM_LIBS + export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS ++ /usr/bin/pkg-config --cflags-only-I nspr ++ sed s/-I// + NSPR_INCLUDE_DIR='/usr/include/nspr4 ' + NSPR_LIB_DIR=/usr/lib + export NSPR_INCLUDE_DIR + export NSPR_LIB_DIR ++ /usr/bin/pkg-config --cflags-only-I nss-util ++ sed s/-I// + export 'NSSUTIL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + NSSUTIL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export NSSUTIL_LIB_DIR=/usr/lib + NSSUTIL_LIB_DIR=/usr/lib ++ /usr/bin/pkg-config --cflags-only-I nss-softokn ++ sed s/-I// + export 'FREEBL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4 ' + FREEBL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4 ' + export FREEBL_LIB_DIR=/usr/lib + FREEBL_LIB_DIR=/usr/lib + export USE_SYSTEM_FREEBL=1 + USE_SYSTEM_FREEBL=1 + export NSS_USE_SYSTEM_FREEBL=1 + NSS_USE_SYSTEM_FREEBL=1 ++ /usr/bin/pkg-config --libs nss-softokn + export 'FREEBL_LIBS=-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + FREEBL_LIBS='-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl ' + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib + export USE_SYSTEM_NSSUTIL=1 + USE_SYSTEM_NSSUTIL=1 + export USE_SYSTEM_SOFTOKEN=1 + USE_SYSTEM_SOFTOKEN=1 + export NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_BUILD_WITHOUT_SOFTOKEN=1 + NSS_USE_SYSTEM_SQLITE=1 + export NSS_USE_SYSTEM_SQLITE + export IN_TREE_FREEBL_HEADERS_FIRST=1 + IN_TREE_FREEBL_HEADERS_FIRST=1 + NSS_ENABLE_ECC=1 + export NSS_ENABLE_ECC + NSS_ECC_MORE_THAN_SUITE_B=1 + export NSS_ECC_MORE_THAN_SUITE_B + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + /usr/bin/make -C ./nss/coreconf make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsinstall.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pathsub.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pathsub.o -Wl,-z,relro -lpthread -ldl -lc true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' + /usr/bin/make -C ./nss/lib/dbm make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' Creating ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm Creating ../../../../dist/private/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[1]: Nothing to be done for `export'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' cd include; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[1]: Nothing to be done for `libs'. make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard db.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_bigkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_func.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_log2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard h_page.c h_page.c: In function 'new_lseek': h_page.c:165:15: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); ^ h_page.c: In function 'overflow_page': h_page.c:1002:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1017:4: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); ^ h_page.c:1043:5: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result] (void)write(STDERR_FILENO, OVMSG, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash_buf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mktemp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DHAVE_SYS_CDEFS_H -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dirent.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a Linux3.19_arm_glibc_PTH_OPT.OBJ/db.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_bigkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_func.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_log2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/h_page.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash_buf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mktemp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dirent.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' + /usr/bin/make -C ./nss make: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss' cd coreconf; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cdefs.h mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h mpool.h search.h ../../../../dist/private/dbm make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' Creating ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssbaset.h nssbase.h ../../../dist/public/nss Creating ../../../dist/private/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 baset.h base.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ckhelper.h devm.h devtm.h devt.h dev.h nssdevt.h nssdev.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pki.h pkit.h nsspkit.h nsspki.h pkistore.h pki3hack.h pkitm.h pkim.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd include; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make private_export make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cert.h certt.h certdb.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 genname.h xconst.h certxutl.h certi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocsp.h ocspt.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocspti.h ocspi.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmod.h secmodt.h secpkcs5.h pk11func.h pk11pub.h pk11priv.h pk11sdr.h pk11pqg.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmodi.h dev3hack.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cryptohi.h cryptoht.h key.h keyhi.h keyt.h keythi.h sechash.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nss.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssrenam.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ssl.h sslt.h sslerr.h sslproto.h preenc.h ../../../dist/public/nss There are no private exports. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkcs12t.h pkcs12.h p12plcy.h p12.h p12t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmime.h secpkcs7.h pkcs7t.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cms.h cmst.h smime.h cmsreclist.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmf.h crmft.h cmmf.h cmmft.h ../../../dist/public/nss ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmfi.h crmfit.h cmmfi.h cmmfit.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 jar.h jar-ds.h jarfile.h ../../../dist/public/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd builtins; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssckbi.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nsspem.h ../../../../dist/public/nss make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssck.api nssckepv.h nssckft.h nssckfw.h nssckfwc.h nssckfwt.h nssckg.h nssckmdt.h nssckt.h ../../../dist/public/nss cd builtins; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make private_export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' There are no private exports. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ck.h ckfw.h ckfwm.h ckfwtm.h ckmd.h ckt.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make export make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 basicutil.h secutil.h pk11table.h ../../../dist/private/nss make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd mangle; /usr/bin/make export make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[3]: Nothing to be done for `export'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make export make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[2]: Nothing to be done for `export'. make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd coreconf; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd nsinstall; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' true -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf/nsinstall' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/coreconf' cd lib; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd dbm; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/include' cd src; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm/src' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dbm' cd base; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard arena.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard errorval.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hashops.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard libc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tracker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard item.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utf8.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c list.c: In function 'nssList_Add': list.c:220:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/base' cd dev; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devtoken.c devtoken.c: In function 'nssToken_TraverseCertificates': devtoken.c:1469:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard devutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckhelper.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/dev' cd pki; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asymmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certificate.c certificate.c: In function 'nssCertificateList_DoCallback': certificate.c:898:14: warning: variable 'nssrv' set but not used [-Wunused-but-set-variable] PRStatus nssrv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cryptocontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symmkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard trustdomain.c trustdomain.c: In function 'NSSTrustDomain_TraverseCertificates': trustdomain.c:998:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status = PR_FAILURE; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tdcache.c tdcache.c: In function 'add_cert_to_cache': tdcache.c:779:9: warning: variable 'handle' set but not used [-Wunused-but-set-variable] PRBool handle = PR_FALSE; ^ tdcache.c: In function 'nssTrustDomain_RemoveCertFromCacheLOCKED': tdcache.c:272:16: warning: 'nickname' may be used uninitialized in this function [-Wmaybe-uninitialized] nssHash_Remove(cache->nickname, nickname); ^ tdcache.c:332:14: note: 'nickname' was declared here NSSUTF8 *nickname; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkistore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkibase.c pkibase.c: In function 'nssPKIObjectCollection_Traverse': pkibase.c:906:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCertificateCollection_Create': pkibase.c:1060:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pkibase.c: In function 'nssCRLCollection_Create': pkibase.c:1167:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pki3hack.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pki' cd libpkix; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd include; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' make[3]: Nothing to be done for `libs'. make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/include' cd pkix; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd certsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcertselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/certsel' cd crlsel; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlselector.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_comcrlselparams.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/crlsel' cd checker; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_basicconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_certchainchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_crlchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ekuchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_expirationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_namechainingchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_nameconstraintschecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_ocspchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationmethod.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_revocationchecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policychecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_signaturechecker.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_targetcertchecker.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/checker' cd params; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_trustanchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_procparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valparams.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_resourcelimits.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/params' cd results; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_buildresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_policynode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_valresult.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_verifynode.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/results' cd store; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_store.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/store' cd top; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_validate.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_lifecycle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_build.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/top' cd util; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_tools.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_logger.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_errpaths.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix/util' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix' cd pkix_pl_nss; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' cd pki; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_basicconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_cert.c pkix_pl_cert.c: In function 'PKIX_PL_Cert_Create': pkix_pl_cert.c:1518:22: warning: variable 'copyDER' set but not used [-Wunused-but-set-variable] PKIX_Boolean copyDER; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicymap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_certpolicyqualifier.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crl.c pkix_pl_crl.c: In function 'pkix_pl_CRL_ToString': pkix_pl_crl.c:455:58: warning: 'crlVersion' may be used uninitialized in this function [-Wmaybe-uninitialized] PKIX_CHECK(PKIX_PL_Sprintf ^ pkix_pl_crl.c:354:21: note: 'crlVersion' was declared here PKIX_UInt32 crlVersion; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crldp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_crlentry.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_date.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_generalname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_infoaccess.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nameconstraints.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocsprequest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_publickey.c pkix_pl_publickey.c: In function 'pkix_pl_PublicKey_Hashcode': pkix_pl_publickey.c:214:21: warning: variable 'fullHash' set but not used [-Wunused-but-set-variable] PKIX_UInt32 fullHash; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_x500name.c pkix_pl_x500name.c:37:1: warning: 'pkix_pl_X500Name_ToString_Helper' defined but not used [-Wunused-function] pkix_pl_X500Name_ToString_Helper( ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ocspcertid.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/pki' cd system; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bigint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_bytearray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_error.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_hashtable.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_lifecycle.c pkix_pl_lifecycle.c: In function 'PKIX_PL_Shutdown': pkix_pl_lifecycle.c:248:21: warning: variable 'numLeakedObjects' set but not used [-Wunused-but-set-variable] PKIX_UInt32 numLeakedObjects = 0; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mem.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_monitorlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_oid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_primhash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_rwlock.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_string.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/system' cd module; /usr/bin/make libs make[4]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_aiamgr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_colcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_httpdefaultclient.c pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_KeepAliveSession': pkix_pl_httpdefaultclient.c:1135:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ pkix_pl_httpdefaultclient.c: In function 'pkix_pl_HttpDefaultClient_Cancel': pkix_pl_httpdefaultclient.c:1487:36: warning: variable 'client' set but not used [-Wunused-but-set-variable] PKIX_PL_HttpDefaultClient *client = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaptemplates.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapcertstore.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapresponse.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldaprequest.c pkix_pl_ldaprequest.c: In function 'pkix_pl_LdapRequest_Destroy': pkix_pl_ldaprequest.c:266:30: warning: variable 'ldapRq' set but not used [-Wunused-but-set-variable] PKIX_PL_LdapRequest *ldapRq = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_ldapdefaultclient.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_nsscontext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_pk11certstore.c pkix_pl_pk11certstore.c: In function 'NameCacheHasFetchedCrlInfo': pkix_pl_pk11certstore.c:382:22: warning: variable 'cert' set but not used [-Wunused-but-set-variable] CERTCertificate *cert; ^ pkix_pl_pk11certstore.c: In function 'DownloadCrl': pkix_pl_pk11certstore.c:782:16: warning: variable 'savedError' set but not used [-Wunused-but-set-variable] PKIX_Int32 savedError = -1; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix_pl_socket.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[4]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss/module' make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix/pkix_pl_nss' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/libpkix' cd certdb; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard alg1485.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certdb.c certdb.c: In function 'cert_VerifySubjectAltName': certdb.c:1428:18: warning: variable 'hnLen' set but not used [-Wunused-but-set-variable] unsigned int hnLen; ^ certdb.c: In function 'CERT_ImportCerts': certdb.c:2440:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certdb.c: In function 'CERT_UnlockCertRefCount': certdb.c:2890:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ certdb.c: In function 'CERT_UnlockCertTrust': certdb.c:2970:14: warning: variable 'prstat' set but not used [-Wunused-but-set-variable] PRStatus prstat; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certv3.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certxutl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crl.c crl.c: In function 'crl_storeCRL': crl.c:630:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ crl.c: In function 'cert_CheckCertRevocationStatus': crl.c:2696:27: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); ^ crl.c: In function 'cert_CacheCRLByGeneralName': crl.c:3053:32: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] SECStatus rv = SECSuccess, rv2; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard genname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard stanpcertdb.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard polcyxtn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secname.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xauthkid.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xbsconst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xconst.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certdb' cd certhigh; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhtml.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlv2.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocsp.c ocsp.c: In function 'ocsp_RemoveCacheItem': ocsp.c:562:12: warning: variable 'couldRemoveFromHashTable' set but not used [-Wunused-but-set-variable] PRBool couldRemoveFromHashTable; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspsig.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certhigh.c certhigh.c: In function 'CERT_MatchNickname': certhigh.c:28:9: warning: variable 'len' set but not used [-Wunused-but-set-variable] int len; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkix.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certvfypkixprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard xcrldist.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/certhigh' cd pk11wrap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dev3hack.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11akey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11auth.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cert.c pk11cert.c: In function 'pk11_fastCert': pk11cert.c:231:14: warning: variable 'status' set but not used [-Wunused-but-set-variable] PRStatus status; ^ pk11cert.c: In function 'PK11_MakeCertFromHandle': pk11cert.c:297:12: warning: variable 'swapNickname' set but not used [-Wunused-but-set-variable] PRBool swapNickname = PR_FALSE; ^ pk11cert.c:296:12: warning: variable 'isFortezzaRootCA' set but not used [-Wunused-but-set-variable] PRBool isFortezzaRootCA = PR_FALSE; ^ pk11cert.c: In function 'PK11_TraverseCertsForNicknameInSlot': pk11cert.c:2014:28: warning: variable 'pk11cb' set but not used [-Wunused-but-set-variable] struct nss3_cert_cbstr pk11cb; ^ pk11cert.c: In function 'PK11_FindCertFromDERCertItem': pk11cert.c:2158:21: warning: unused variable 'td' [-Wunused-variable] NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11cxt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11err.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11kea.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11load.c pk11load.c: In function 'SECMOD_UnloadModule': pk11load.c:592:28: warning: unused variable 'status' [-Wunused-variable] PRStatus status = PR_UnloadLibrary(softokenLib); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mech.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11merge.c pk11merge.c: In function 'pk11_mergeByObjectIDs': pk11merge.c:852:20: warning: 'error' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_SetError(error); ^ pk11merge.c:753:9: note: 'error' was declared here int error; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11nobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11obj.c pk11obj.c: In function 'PK11_MatchItem': pk11obj.c:1784:22: warning: variable 'parent' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE parent; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pars.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pbe.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pk12.c pk11pk12.c: In function 'PK11_ImportPrivateKeyInfoAndReturnKey': pk11pk12.c:425:17: warning: variable 'keyType' set but not used [-Wunused-but-set-variable] CK_KEY_TYPE keyType = CKK_RSA; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11pqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11sdr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11skey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11slot.c pk11slot.c: In function 'PK11_InitToken': pk11slot.c:1108:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ pk11slot.c: In function 'PK11_InitSlot': pk11slot.c:1352:11: warning: variable 'tmp' set but not used [-Wunused-but-set-variable] char *tmp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11util.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pk11wrap' cd cryptohi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sechash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard seckey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secvfy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dsautil.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/cryptohi' cd nss; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssinit.c nssinit.c: In function 'NSS_VersionCheck': nssinit.c:1250:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nssver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard utilwrap.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a grep -v ';-' nss.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnss3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nss.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nssinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/nssver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/utilwrap.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhtml.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certreq.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/crlv2.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocsp.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspsig.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certhigh.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfy.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkix.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/certvfypkixprint.o ../certhigh/Linux3.19_arm_glibc_PTH_OPT.OBJ/xcrldist.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/sechash.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/seckey.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secsign.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/secvfy.o ../cryptohi/Linux3.19_arm_glibc_PTH_OPT.OBJ/dsautil.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/dev3hack.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11akey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11auth.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cert.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11cxt.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11err.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11kea.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11list.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11load.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mech.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11merge.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11nobj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11obj.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pars.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pbe.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pk12.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11pqg.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11sdr.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11skey.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11slot.o ../pk11wrap/Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11util.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/alg1485.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certv3.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/certxutl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/crl.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/genname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/stanpcertdb.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/polcyxtn.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/secname.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xauthkid.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xbsconst.o ../certdb/Linux3.19_arm_glibc_PTH_OPT.OBJ/xconst.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/asymmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certificate.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/cryptocontext.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/symmkey.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/trustdomain.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/tdcache.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/certdecode.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkistore.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkibase.o ../pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pki3hack.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devslot.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devtoken.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/devutil.o ../dev/Linux3.19_arm_glibc_PTH_OPT.OBJ/ckhelper.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/arena.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/error.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/errorval.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hashops.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/libc.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/tracker.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/item.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/utf8.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o ../base/Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certselector.o ../libpkix/pkix/certsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policychecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o ../libpkix/pkix/checker/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_trustanchor.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_procparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valparams.o ../libpkix/pkix/params/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_buildresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_policynode.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_valresult.o ../libpkix/pkix/results/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_verifynode.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_validate.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_lifecycle.o ../libpkix/pkix/top/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_build.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_tools.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_error.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_logger.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_list.o ../libpkix/pkix/util/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_errpaths.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_crlselector.o ../libpkix/pkix/crlsel/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ../libpkix/pkix/store/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_store.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_cert.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crl.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_date.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o ../libpkix/pkix_pl_nss/pki/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_common.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_error.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mem.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_object.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_oid.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o ../libpkix/pkix_pl_nss/system/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_string.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o ../libpkix/pkix_pl_nss/module/Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnss3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/nss' cd ssl; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derive.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dtlscon.c dtlscon.c: In function 'ssl3_DisableNonDTLSSuites': dtlscon.c:100:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prelib.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3con.c ssl3con.c: In function 'ssl3_HandleRSAClientKeyExchange': ssl3con.c:9199:13: warning: variable 'pmsItem' set but not used [-Wunused-but-set-variable] SECItem pmsItem = {siBuffer, NULL, 0}; ^ ssl3con.c:9195:12: warning: variable 'isTLS' set but not used [-Wunused-but-set-variable] PRBool isTLS = PR_FALSE; ^ ssl3con.c: In function 'ssl3_HandleRecord': ssl3con.c:11573:21: warning: 'dtls_seq_num' may be used uninitialized in this function [-Wmaybe-uninitialized] dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num); ^ ssl3con.c:11293:14: note: 'dtls_seq_num' was declared here PRUint64 dtls_seq_num; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3gthr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslauth.c sslauth.c: In function 'SSL_AuthCertificate': sslauth.c:267:18: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslcon.c sslcon.c: In function 'ssl2_HandleMessage': sslcon.c:2497:9: warning: variable 'rv2' set but not used [-Wunused-but-set-variable] int rv2; ^ sslcon.c: In function 'NSSSSL_VersionCheck': sslcon.c:3686:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssldef.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslenum.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslerrstrs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinit.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ext.c ssl3ext.c: In function 'ssl3_HandleServerNameXtn': ssl3ext.c:418:17: warning: variable 'type' set but not used [-Wunused-but-set-variable] PRInt32 type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslgathr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslmutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslnonce.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslreveal.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsecur.c sslsecur.c: In function 'ssl_SecureRecv': sslsecur.c:1182:22: warning: variable 'sec' set but not used [-Wunused-but-set-variable] sslSecurityInfo *sec; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsnce.c sslsnce.c: In function 'InitCache': sslsnce.c:1232:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1233:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1234:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1235:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1236:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1237:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1238:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1239:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1240:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1241:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1242:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1243:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1244:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ sslsnce.c: In function 'SSL_InheritMPServerSIDCacheInstance': sslsnce.c:1584:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; ^ sslsnce.c:1585:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; ^ sslsnce.c:1586:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheLock) += ptr; ^ sslsnce.c:1587:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; ^ sslsnce.c:1588:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; ^ sslsnce.c:1589:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; ^ sslsnce.c:1590:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->certCacheData) += ptr; ^ sslsnce.c:1591:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; ^ sslsnce.c:1592:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; ^ sslsnce.c:1593:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; ^ sslsnce.c:1594:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; ^ sslsnce.c:1595:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; ^ sslsnce.c:1596:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslsock.c sslsock.c: In function 'NSS_SetDomesticPolicy': sslsock.c:1327:15: warning: unused variable 'status' [-Wunused-variable] SECStatus status = SECSuccess; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltrace.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard authcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmpcert.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sslinfo.c sslinfo.c: In function 'SSL_DisableDefaultExportCipherSuites': sslinfo.c:247:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ sslinfo.c: In function 'SSL_DisableExportCipherSuites': sslinfo.c:268:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssl3ecc.c ssl3ecc.c: In function 'ssl3_DisableECCSuites': ssl3ecc.c:953:19: warning: unused variable 'rv' [-Wunused-variable] SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_NO_SSL2 -DNO_PKCS11_BYPASS -DNSS_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard unix_err.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a grep -v ';-' ssl.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libssl3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/derive.o Linux3.19_arm_glibc_PTH_OPT.OBJ/dtlscon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prelib.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3con.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslauth.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslcon.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssldef.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslenum.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinit.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslgathr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslmutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslnonce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslreveal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsecur.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsnce.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslsock.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltrace.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/authcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmpcert.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sslinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/unix_err.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc -lz chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libssl3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ssl' cd pkcs12; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12creat.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12dec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12plcy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12tmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12e.c p12e.c: In function 'sec_PKCS12CreateSafeBag': p12e.c:698:12: warning: variable 'setName' set but not used [-Wunused-but-set-variable] PRBool setName = PR_TRUE; ^ p12e.c: In function 'sec_pkcs12_encoder_start_context': p12e.c:1535:12: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p12d.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs12' cd pkcs7; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certread.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7common.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7create.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7decode.c p7decode.c: In function 'sec_pkcs7_verify_signature': p7decode.c:1293:21: warning: variable 'crls' set but not used [-Wunused-but-set-variable] CERTSignedCrl **crls; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7encode.c p7encode.c: In function 'sec_pkcs7_encoder_start_encrypt': p7encode.c:62:18: warning: variable 'wincx' set but not used [-Wunused-but-set-variable] void *mark, *wincx; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7local.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmime.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/pkcs7' cd smime; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsarray.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsattr.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscinfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmscipher.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdecode.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsdigest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsencode.c cmsencode.c: In function 'nss_cms_encoder_notify': cmsencode.c:125:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ cmsencode.c: In function 'nss_cms_before_data': cmsencode.c:204:18: warning: variable 'poolp' set but not used [-Wunused-but-set-variable] PLArenaPool *poolp; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsenvdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsmessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmspubkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsrecinfo.c cmsrecinfo.c: In function 'NSS_CMSRecipientInfo_UnwrapBulkKey': cmsrecinfo.c:529:21: warning: variable 'encalg' set but not used [-Wunused-but-set-variable] SECAlgorithmID *encalg; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsreclist.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssigdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmssiginfo.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsudf.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimemessage.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimeutil.c smimeutil.c: In function 'NSSSMIME_VersionCheck': smimeutil.c:770:19: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ smimeutil.c: In function 'NSS_SMIMEUtil_FindBulkAlgForRecipients': smimeutil.c:446:9: warning: 'key_type' may be used uninitialized in this function [-Wmaybe-uninitialized] if (key_type == ecKey) { ^ smimeutil.c:425:14: note: 'key_type' was declared here KeyType key_type; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard smimever.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a grep -v ';-' smime.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libsmime3.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/smime.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsarray.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsattr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmscipher.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdecode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsdigest.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsencode.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsmessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmspubkey.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsreclist.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssigdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsudf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimemessage.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimeutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/smimever.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12local.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12creat.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12dec.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12plcy.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12tmpl.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12e.o ../pkcs12/Linux3.19_arm_glibc_PTH_OPT.OBJ/p12d.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/certread.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7common.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7create.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7decode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7encode.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/p7local.o ../pkcs7/Linux3.19_arm_glibc_PTH_OPT.OBJ/secmime.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsmime3.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/smime' cd crmf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfenc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmftmpl.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfreq.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfpop.c crmfpop.c: In function 'CRMF_CertReqMsgSetRAVerifiedPOP': crmfpop.c:36:14: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] SECItem *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfdec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crmfcont.c crmfcont.c: In function 'CRMF_CreateEncryptedKeyWithEncryptedValue': crmfcont.c:860:25: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] CRMFEncryptedValue *dummy; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfasn1.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfresp.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfrec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmmfchal.c cmmfchal.c: In function 'cmmf_create_witness_and_challenge': cmmfchal.c:33:22: warning: variable 'id' set but not used [-Wunused-but-set-variable] CK_OBJECT_HANDLE id; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard servget.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard respcmn.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard challcli.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard asn1cmn.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfenc.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftmpl.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfreq.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfpop.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfdec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmfcont.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfasn1.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfresp.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfrec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmmfchal.o Linux3.19_arm_glibc_PTH_OPT.OBJ/servget.o Linux3.19_arm_glibc_PTH_OPT.OBJ/encutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/respcmn.o Linux3.19_arm_glibc_PTH_OPT.OBJ/challcli.o Linux3.19_arm_glibc_PTH_OPT.OBJ/asn1cmn.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/crmf' cd jar; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarsign.c jarsign.c: In function 'jar_create_pk7': jarsign.c:174:11: warning: variable 'errstring' set but not used [-Wunused-but-set-variable] char *errstring; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jar-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarfile.c jarfile.c: In function 'jar_listtar': jarfile.c:824:12: warning: variable 'when' set but not used [-Wunused-but-set-variable] time_t when; ^ jarfile.c:823:14: warning: variable 'mode' set but not used [-Wunused-but-set-variable] long sz, mode; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard jarint.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a Linux3.19_arm_glibc_PTH_OPT.OBJ/jarver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarsign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jar-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarfile.o Linux3.19_arm_glibc_PTH_OPT.OBJ/jarint.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/jar' cd ckfw; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crypto.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard find.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard hash.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instance.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mutex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard object.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard session.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sessobj.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard slot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard token.c token.c: In function 'nssCKFWToken_GetUTCTime': token.c:1261:27: warning: variable 'z' set but not used [-Wunused-but-set-variable] int Y, M, D, h, m, s, z; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard wrap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mechanism.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a Linux3.19_arm_glibc_PTH_OPT.OBJ/crypto.o Linux3.19_arm_glibc_PTH_OPT.OBJ/find.o Linux3.19_arm_glibc_PTH_OPT.OBJ/hash.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instance.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mutex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/object.o Linux3.19_arm_glibc_PTH_OPT.OBJ/session.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sessobj.o Linux3.19_arm_glibc_PTH_OPT.OBJ/slot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/token.o Linux3.19_arm_glibc_PTH_OPT.OBJ/wrap.o Linux3.19_arm_glibc_PTH_OPT.OBJ/mechanism.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckfw.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib cd builtins; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard binst.c binst.c: In function 'builtins_mdInstance_GetLibraryVersion': binst.c:70:17: warning: variable 'c' set but not used [-Wunused-but-set-variable] volatile char c; /* force a reference that won't get optimized away */ ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bobject.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bsession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard bslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoken.c perl certdata.perl < certdata.txt > Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckbiver.c grep -v ';-' nssckbi.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnssckbi.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nssckbi.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/binst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bsession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/bslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certdata.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckbiver.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/builtins' cd pem; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard anchor.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard constants.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pargs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pfind.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pinst.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pobject.c pobject.c: In function 'pem_CreateObject': pobject.c:1047:15: warning: variable 'token' set but not used [-Wunused-but-set-variable] pemToken *token; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard prsa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard psession.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pslot.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ptoken.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ckpemver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsawrapr.c rsawrapr.c:128:1: warning: 'oaep_xor_with_h1' defined but not used [-Wunused-function] oaep_xor_with_h1(unsigned char *data, unsigned int datalen, ^ rsawrapr.c:190:1: warning: 'oaep_xor_with_h2' defined but not used [-Wunused-function] oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'ReadDERFromFile': util.c:142:9: warning: variable 'error' set but not used [-Wunused-but-set-variable] int error; ^ grep -v ';-' nsspem.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsspem.so -Wl,--version-script,Linux3.19_arm_glibc_PTH_OPT.OBJ/nsspem.def -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so Linux3.19_arm_glibc_PTH_OPT.OBJ/anchor.o Linux3.19_arm_glibc_PTH_OPT.OBJ/constants.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pargs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pfind.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pinst.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pobject.o Linux3.19_arm_glibc_PTH_OPT.OBJ/prsa.o Linux3.19_arm_glibc_PTH_OPT.OBJ/psession.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pslot.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ptoken.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ckpemver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsawrapr.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lnssutil3 -lfreebl3 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssckfw -lnssb -lplc4 -lplds4 -L../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lnssutil3 -lfreebl3 -lsoftokn3 -lpthread -ldl -lc -L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsspem.so ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw/pem' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/ckfw' cd sysinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nsssysinit.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so gcc -shared -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsssysinit.so -o Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so Linux3.19_arm_glibc_PTH_OPT.OBJ/nsssysinit.o -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc chmod +x Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib/sysinit' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/lib' cd cmd; /usr/bin/make libs make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' cd lib; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard basicutil.c basicutil.c: In function 'SECU_PrintAsHex': basicutil.c:312:9: warning: 'column' may be used uninitialized in this function [-Wmaybe-uninitialized] column++; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secutil.c secutil.c: In function 'SECU_ChangePW2': secutil.c:332:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ secutil.c: In function 'secu_PrintPKCS7Signed': secutil.c:2702:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'secu_PrintPKCS7SignedAndEnveloped': secutil.c:2821:11: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from secutil.c:19:0: secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ secutil.c: In function 'SEC_PrintCertificateAndTrust': secutil.c:3151:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ secutil.c:3124:5: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secpwd.c secpwd.c: In function 'SEC_GetPassword': secpwd.c:77:8: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] QUIET_FGETS ( phrase, sizeof(phrase), input); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derprint.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard moreoids.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pppolicy.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ffs.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11table.c rm -f Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ar cr Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a Linux3.19_arm_glibc_PTH_OPT.OBJ/basicutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/secpwd.o Linux3.19_arm_glibc_PTH_OPT.OBJ/derprint.o Linux3.19_arm_glibc_PTH_OPT.OBJ/moreoids.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pppolicy.o Linux3.19_arm_glibc_PTH_OPT.OBJ/ffs.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11table.o ranlib Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux3.19_arm_glibc_PTH_OPT.OBJ/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/lib' cd addbuiltin; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard addbuiltin.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/addbuiltin ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/addbuiltin' cd atob; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard atob.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/atob -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/atob.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/atob ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/atob' cd btoa; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard btoa.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/btoa ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/btoa' cd certcgi; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certcgi.c certcgi.c: In function 'MakeV1Cert': certcgi.c:530:15: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ certcgi.c: In function 'get_serial_number': certcgi.c:594:6: warning: this decimal constant is unsigned only in ISO C90 [enabled by default] if (serial == 4294967295) { ^ certcgi.c: In function 'string_to_binary': certcgi.c:1425:9: warning: variable 'low_digit' set but not used [-Wunused-but-set-variable] int low_digit; ^ certcgi.c:1424:9: warning: variable 'high_digit' set but not used [-Wunused-but-set-variable] int high_digit; ^ certcgi.c: At top level: certcgi.c:360:1: warning: 'update_data_by_name' defined but not used [-Wunused-function] update_data_by_name(Pair *data, ^ certcgi.c:388:1: warning: 'update_data_by_index' defined but not used [-Wunused-function] update_data_by_index(Pair *data, ^ certcgi.c:404:1: warning: 'add_field' defined but not used [-Wunused-function] add_field(Pair *data, ^ certcgi.c: In function 'get_serial_number': certcgi.c:590:11: warning: ignoring return value of 'fread', declared with attribute warn_unused_result [-Wunused-result] fread(&serial, sizeof(int), 1, serialFile); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certcgi ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certcgi' cd certutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certext.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard keystuff.c keystuff.c: In function 'CERTUTIL_GeneratePrivateKey': keystuff.c:497:15: warning: variable 'algtag' set but not used [-Wunused-but-set-variable] SECOidTag algtag; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/certext.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/keystuff.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/certutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/certutil' cd checkcert; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard checkcert.c checkcert.c: In function 'OurVerifyData': checkcert.c:125:15: warning: variable 'sigAlgTag' set but not used [-Wunused-but-set-variable] SECOidTag sigAlgTag; ^ checkcert.c: In function 'main': checkcert.c:392:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from checkcert.c:5:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/checkcert ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/checkcert' cd chktest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard chktest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/chktest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/chktest' cd crlutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen_lex.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlgen.c crlgen.c: In function 'crlgen_RmCert': crlgen.c:1082:18: warning: variable 'arena' set but not used [-Wunused-but-set-variable] PLArenaPool *arena; ^ crlgen.c: In function 'crlgen_CreateInvalidityDate': crlgen.c:627:27: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease(arena, mark); ^ crlgen.c: In function 'crlgen_CreateReasonCode': crlgen.c:586:28: warning: 'mark' may be used uninitialized in this function [-Wmaybe-uninitialized] PORT_ArenaRelease (arena, mark); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard crlutil.c crlutil.c: In function 'main': crlutil.c:1108:16: warning: 'rv' may be used uninitialized in this function [-Wmaybe-uninitialized] return (rv != SECSuccess); ^ crlutil.c:851:9: note: 'rv' was declared here int rv; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen_lex.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crlutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crlutil' cd crmftest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard testcrmf.c testcrmf.c: In function 'get_serial_number': testcrmf.c:130:14: warning: variable 'rv' set but not used [-Wunused-but-set-variable] SECStatus rv; ^ testcrmf.c: In function 'main': testcrmf.c:1539:12: warning: variable 'PArg' set but not used [-Wunused-but-set-variable] PRBool PArg = PR_FALSE; ^ testcrmf.c:1538:12: warning: variable 'sArg' set but not used [-Wunused-but-set-variable] PRBool sArg = PR_FALSE; ^ testcrmf.c:1537:12: warning: variable 'eArg' set but not used [-Wunused-but-set-variable] PRBool eArg = PR_FALSE; ^ testcrmf.c:1536:12: warning: variable 'pArg' set but not used [-Wunused-but-set-variable] PRBool pArg = PR_FALSE; ^ testcrmf.c: At top level: testcrmf.c:941:1: warning: 'mapWrapKeyType' defined but not used [-Wunused-function] mapWrapKeyType(KeyType keyType) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/testcrmf.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/crmftest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/crmftest' cd dbtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dbtest.c In file included from ../modutil/modutil.h:22:0, from dbtest.c:32: ../modutil/error.h:136:14: warning: 'msgStrings' defined but not used [-Wunused-variable] static char *msgStrings[] = { ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/dbtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/dbtest' cd derdump; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard derdump.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/derdump ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/derdump' cd digest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard digest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/digest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/digest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/digest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/digest' cd httpserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard httpserv.c httpserv.c: In function 'handle_connection': httpserv.c:715:39: warning: integer overflow in expression [-Woverflow] nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ ^ httpserv.c:716:37: warning: integer overflow in expression [-Woverflow] revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ ^ httpserv.c: In function 'getBoundListenSocket': httpserv.c:941:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/httpserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/httpserv' cd listsuites; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard listsuites.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/listsuites ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/listsuites' cd makepqg; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard makepqg.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/makepqg ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/makepqg' cd multinit; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard multinit.c multinit.c:320:1: warning: 'appendItem' defined but not used [-Wunused-function] appendItem(SECItem *item) ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/multinit ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/multinit' cd ocspclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspclnt.c ocspclnt.c: In function 'print_raw_certificates': ocspclnt.c:565:10: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from ocspclnt.c:9:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ ocspclnt.c: In function 'main': ocspclnt.c:446:8: warning: 'cert_usage' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time, ^ ocspclnt.c:967:18: note: 'cert_usage' was declared here SECCertUsage cert_usage; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspclnt' cd ocspresp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ocspresp.c ocspresp.c: In function 'main': ocspresp.c:140:15: warning: variable 'statusDecodedFail' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedFail; ^ ocspresp.c:136:15: warning: variable 'statusDecodedRev' set but not used [-Wunused-but-set-variable] SECStatus statusDecodedRev; ^ ocspresp.c:132:15: warning: variable 'statusDecoded' set but not used [-Wunused-but-set-variable] SECStatus statusDecoded; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ocspresp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ocspresp' cd oidcalc; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard oidcalc.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/oidcalc ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/oidcalc' cd p7content; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7content.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7content ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7content' cd p7env; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7env.c p7env.c: In function 'main': p7env.c:133:11: warning: variable 'certName' set but not used [-Wunused-but-set-variable] char *certName; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7env ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7env' cd p7sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7sign' cd p7verify; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard p7verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/p7verify ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/p7verify' cd pk12util; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk12util.c pk12util.c: In function 'p12u_InitContext': pk12util.c:104:12: warning: variable 'fileExist' set but not used [-Wunused-but-set-variable] PRBool fileExist; ^ pk12util.c: In function 'P12U_ListPKCS12File': pk12util.c:762:30: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] 0, SECU_PrintCertificate) != 0) { ^ In file included from pk12util.c:11:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk12util ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk12util' cd pk11gcmtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11gcmtest.c pk11gcmtest.c: In function 'aes_gcm_kat': pk11gcmtest.c:319:6: warning: 'tagsize' may be used uninitialized in this function [-Wmaybe-uninitialized] rv = aes_decrypt_buf(key, keysize, iv, ivsize, ^ pk11gcmtest.c:319:6: warning: 'ciphertextlen' may be used uninitialized in this function [-Wmaybe-uninitialized] pk11gcmtest.c:66:24: warning: 'ivsize' may be used uninitialized in this function [-Wmaybe-uninitialized] gcm_params.ulIvLen = ivsize; ^ pk11gcmtest.c:174:18: note: 'ivsize' was declared here unsigned int ivsize; ^ pk11gcmtest.c:54:18: warning: 'keysize' may be used uninitialized in this function [-Wmaybe-uninitialized] key_item.len = keysize; ^ pk11gcmtest.c:172:18: note: 'keysize' was declared here unsigned int keysize; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11gcmtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11gcmtest' cd pk11mode; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11mode.c pk11mode.c: In function 'PKM_TLSMasterKeyDerive': pk11mode.c:4561:16: warning: variable 'expected_version' set but not used [-Wunused-but-set-variable] CK_VERSION expected_version, version; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11mode ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk11mode' cd pk1sign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk1sign.c pk1sign.c: In function 'main': pk1sign.c:283:32: warning: 'cert' may be used uninitialized in this function [-Wmaybe-uninitialized] CERT_DestroyCertificate(cert); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pk1sign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pk1sign' cd pkix-errcodes; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pkix-errcodes.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pkix-errcodes ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pkix-errcodes' cd pp; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pp.c pp.c: In function 'Usage': pp.c:35:13: warning: too many arguments for format [-Wformat-extra-args] SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); ^ pp.c: In function 'main': pp.c:140:9: warning: passing argument 5 of 'SECU_PrintSignedData' from incompatible pointer type [enabled by default] SECU_PrintCertificate); ^ In file included from pp.c:10:0: ../../../dist/private/nss/secutil.h:260:12: note: expected 'SECU_PPFunc' but argument is of type 'int (*)(struct FILE *, const struct SECItem *, const char *, int)' extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pp -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pp.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pp ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pp' cd pwdecrypt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pwdecrypt.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/pwdecrypt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/pwdecrypt' cd rsaperf; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard rsaperf.c rsaperf.c: In function 'main': rsaperf.c:433:27: warning: variable 'certdb' set but not used [-Wunused-but-set-variable] CERTCertDBHandle* certdb = NULL; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard defkey.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf.o Linux3.19_arm_glibc_PTH_OPT.OBJ/defkey.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /usr/lib/libfreebl.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3 -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/rsaperf ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/rsaperf' cd sdrtest; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sdrtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/sdrtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/sdrtest' cd selfserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard selfserv.c selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1132:33: warning: integer overflow in expression [-Woverflow] nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ ^ selfserv.c:1147:18: warning: integer overflow in expression [-Woverflow] now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ ^ selfserv.c: In function 'getBoundListenSocket': selfserv.c:1690:14: warning: variable 'socketDomain' set but not used [-Wunused-but-set-variable] PRUint16 socketDomain = PR_AF_INET; ^ selfserv.c: In function 'makeSignedOCSPResponse': selfserv.c:1163:24: warning: 'sr' may be used uninitialized in this function [-Wmaybe-uninitialized] singleResponses[0] = sr; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/selfserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/selfserv' cd signtool; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signtool.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard certgen.c certgen.c: In function 'sign_cert': certgen.c:423:11: warning: variable 'dummy' set but not used [-Wunused-but-set-variable] void *dummy; ^ certgen.c: In function 'GetSubjectFromUser': certgen.c:125:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:147:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:166:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:184:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:202:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:223:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ certgen.c:241:10: warning: ignoring return value of 'fgets', declared with attribute warn_unused_result [-Wunused-result] fgets(buf, STDIN_BUF_SIZE, stdin); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard javascript.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard list.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard sign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard util.c util.c: In function 'XP_GetString': util.c:21:5: warning: return discards 'const' qualifier from pointer target type [enabled by default] return SECU_Strerror (i); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard verify.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard zip.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool.o Linux3.19_arm_glibc_PTH_OPT.OBJ/certgen.o Linux3.19_arm_glibc_PTH_OPT.OBJ/javascript.o Linux3.19_arm_glibc_PTH_OPT.OBJ/list.o Linux3.19_arm_glibc_PTH_OPT.OBJ/sign.o Linux3.19_arm_glibc_PTH_OPT.OBJ/util.o Linux3.19_arm_glibc_PTH_OPT.OBJ/verify.o Linux3.19_arm_glibc_PTH_OPT.OBJ/zip.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signtool ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signtool' cd signver; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard signver.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk7print.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/signver -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/signver.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk7print.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/signver ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/signver' cd shlibsign; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard shlibsign.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/shlibsign ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin cd mangle; /usr/bin/make libs make[3]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard mangle.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle.o -Wl,-z,relro -L/usr/lib -lplc4 -lplds4 -lnspr4 -lpthread -ldl -lc ../../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/mangle ../../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[3]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign/mangle' make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/shlibsign' cd smimetools; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard cmsutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/cmsutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/smimetools' cd ssltap; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard ssltap.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/ssltap ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/ssltap' cd strsclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard strsclnt.c strsclnt.c: In function 'do_connects': strsclnt.c:735:15: warning: variable 'result' set but not used [-Wunused-but-set-variable] SECStatus result; ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/strsclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/strsclnt' cd symkeyutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard symkeyutil.c symkeyutil.c: In function 'main': symkeyutil.c:1018:31: warning: unused variable 'rv2' [-Wunused-variable] SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/symkeyutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/symkeyutil' cd tests; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard baddbdir.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard conflict.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard dertimetest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard encodeinttest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard nonspr10.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard remtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard secmodtest.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest.o \ -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/baddbdir Linux3.19_arm_glibc_PTH_OPT.OBJ/conflict Linux3.19_arm_glibc_PTH_OPT.OBJ/dertimetest Linux3.19_arm_glibc_PTH_OPT.OBJ/encodeinttest Linux3.19_arm_glibc_PTH_OPT.OBJ/nonspr10 Linux3.19_arm_glibc_PTH_OPT.OBJ/remtest Linux3.19_arm_glibc_PTH_OPT.OBJ/secmodtest ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tests' cd tstclnt; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard tstclnt.c tstclnt.c: In function 'ownAuthCertificate': tstclnt.c:536:19: warning: unused variable 'error' [-Wunused-variable] PRErrorCode error = PR_GetError(); ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/tstclnt ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/tstclnt' cd vfychain; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfychain.c vfychain.c: In function 'configureRevocationParams': vfychain.c:363:50: warning: 'revFlags' may be used uninitialized in this function [-Wmaybe-uninitialized] revFlags[cert_revocation_method_ocsp] = ^ gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfychain ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfychain' cd vfyserv; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyserv.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard vfyutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv.o Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyutil.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/vfyserv ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/vfyserv' cd modutil; /usr/bin/make libs make[2]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard modutil.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard pk11.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard instsec.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard installparse.c ytab.c: In function 'Pk11Install_yyparse': ytab.c:219:5: warning: suggest parentheses around assignment used as truth value [-Wparentheses] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard install-ds.c gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -c -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard lex.Pk11Install_yy.c lex.Pk11Install_yy.cpp:1060:13: warning: 'Pkcs11Install_yyunput' defined but not used [-Wunused-function] lex.Pk11Install_yy.cpp:1106:12: warning: 'input' defined but not used [-Wunused-function] gcc -o Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil -O2 -fPIC -DLINUX2_1 -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil.o Linux3.19_arm_glibc_PTH_OPT.OBJ/pk11.o Linux3.19_arm_glibc_PTH_OPT.OBJ/instsec.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install.o Linux3.19_arm_glibc_PTH_OPT.OBJ/installparse.o Linux3.19_arm_glibc_PTH_OPT.OBJ/install-ds.o Linux3.19_arm_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -Wl,-z,relro ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /usr/lib/libfreebl.a -L../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4 -L/usr/lib -lsoftokn3 -lpthread -ldl -lc -lz ../../coreconf/nsinstall/Linux3.19_arm_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux3.19_arm_glibc_PTH_OPT.OBJ/modutil ../../../dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin make[2]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd/modutil' make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/cmd' make: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss' ~/build/BUILD/nss-3.16.2.3/nss ~/build/BUILD/nss-3.16.2.3 + unset NSS_BLTEST_NOT_AVAILABLE + pushd ./nss + /usr/bin/make clean_docs build_docs /usr/bin/make -C ./doc clean make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' rm -f date.xml version.xml *.tar.bz2 rm -f html/*.proc rm -fr nss-man ascii make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' /usr/bin/make -C ./doc make[1]: Entering directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' date +"%e %B %Y" | tr -d '\n' > date.xml echo -n > version.xml mkdir -p html mkdir -p nroff xmlto -o nroff man certutil.xml Note: Writing certutil.1 xmlto -o html html certutil.xml Writing index.html for refentry(certutil) mv html/index.html html/certutil.html make[1]: Leaving directory `/builddir/build/BUILD/nss-3.16.2.3/nss/doc' ~/build/BUILD/nss-3.16.2.3 + popd + /usr/bin/mkdir -p ./dist/doc/nroff + /usr/bin/cp ./nss/doc/nroff/certutil.1 ./nss/doc/nroff/cmsutil.1 ./nss/doc/nroff/crlutil.1 ./nss/doc/nroff/derdump.1 ./nss/doc/nroff/modutil.1 ./nss/doc/nroff/pk12util.1 ./nss/doc/nroff/pp.1 ./nss/doc/nroff/signtool.1 ./nss/doc/nroff/signver.1 ./nss/doc/nroff/ssltap.1 ./nss/doc/nroff/vfychain.1 ./nss/doc/nroff/vfyserv.1 ./dist/doc/nroff + /usr/bin/mkdir -p ./dist/pkgconfig + /usr/bin/cat /builddir/build/SOURCES/nss.pc.in + sed -e s,%libdir%,/usr/lib,g -e s,%prefix%,/usr,g -e s,%exec_prefix%,/usr,g -e s,%includedir%,/usr/include/nss3,g -e s,%NSS_VERSION%,3.16.2.3,g -e s,%NSPR_VERSION%,4.10.6,g -e s,%NSSUTIL_VERSION%,3.16.2.3,g -e s,%SOFTOKEN_VERSION%,3.16.2.3,g ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VMAJOR' ++ awk '{print $3}' + NSS_VMAJOR=3 ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VMINOR' ++ awk '{print $3}' + NSS_VMINOR=16 ++ cat nss/lib/nss/nss.h ++ grep '#define.*NSS_VPATCH' ++ awk '{print $3}' + NSS_VPATCH=2 + export NSS_VMAJOR + export NSS_VMINOR + export NSS_VPATCH + /usr/bin/cat /builddir/build/SOURCES/nss-config.in + sed -e s,@libdir@,/usr/lib,g -e s,@prefix@,/usr,g -e s,@exec_prefix@,/usr,g -e s,@includedir@,/usr/include/nss3,g -e s,@MOD_MAJOR_VERSION@,3,g -e s,@MOD_MINOR_VERSION@,16,g -e s,@MOD_PATCH_VERSION@,2,g + chmod 755 ./dist/pkgconfig/nss-config + /usr/bin/cat /builddir/build/SOURCES/setup-nsssysinit.sh + chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh + /usr/bin/cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/ + date '+%e %B %Y' + tr -d '\n' + echo -n 3.16.2.3 + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/nss-config.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/setup-nsssysinit.xml . + for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml + cp /builddir/build/SOURCES/pkcs11.txt.xml . + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man nss-config.xml Note: Writing nss-config.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man setup-nsssysinit.xml Note: Writing setup-nsssysinit.1 + for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml + xmlto man pkcs11.txt.xml Note: Writing pkcs11.txt.5 + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert8.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/cert9.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key3.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/key4.db.xml . + for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml + cp /builddir/build/SOURCES/secmod.db.xml . + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert8.db.xml Note: Writing cert8.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man cert9.db.xml Note: Writing cert9.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key3.db.xml Note: Writing key3.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man key4.db.xml Note: Writing key4.db.5 + for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml + xmlto man secmod.db.xml Note: Writing secmod.db.5 + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.qjbNOu + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm '!=' / ']' + rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm ++ dirname /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + cd nss-3.16.2.3 + /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1 + mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5 + touch /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnssckbi.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/libnssckbi.so + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert8.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert8.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key3.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key3.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-secmod.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/secmod.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert9.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/cert9.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key4.db /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/key4.db + /usr/bin/install -p -m 644 /builddir/build/SOURCES/system-pkcs11.txt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//etc/pki/nssdb/pkcs11.txt + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in libcrmf.a libnssb.a libnssckfw.a + /usr/bin/install -p -m 644 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/certutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/cmsutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/crlutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/modutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signtool /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/signver /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ssltap /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/atob /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/btoa /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/derdump /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/ocspclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pp /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/selfserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/strsclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/symkeyutil /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/tstclnt /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfyserv /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain + /usr/bin/install -p -m 755 dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/vfychain /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/nss/unsupported-tools + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cert.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certdb.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/certt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cms.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmsreclist.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cmst.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmf.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/crmft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptohi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/cryptoht.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar-ds.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jar.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/jarfile.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/key.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyhi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keyt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/keythi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nss.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbase.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssbaset.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckbi.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckepv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckft.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfw.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckfwt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckmdt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nssckt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/nsspem.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocsp.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ocspt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12plcy.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/p12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11func.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pqg.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11priv.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11pub.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pk11sdr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs12t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/pkcs7t.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/preenc.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sechash.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmod.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secmodt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs5.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/secpkcs7.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/smime.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/ssl.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslerr.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslproto.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in 'dist/public/nss/*.h' + /usr/bin/install -p -m 644 dist/public/nss/sslt.h /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3 + for file in dist/private/nss/nssck.api + /usr/bin/install -p -m 644 dist/private/nss/nssck.api /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/include/nss3/templates + /usr/bin/install -p -m 644 ./dist/pkgconfig/nss.pc /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/lib/pkgconfig/nss.pc + /usr/bin/install -p -m 755 ./dist/pkgconfig/nss-config /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/nss-config + /usr/bin/install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh + ln -r -s -f /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm//usr/bin/setup-nsssysinit + for f in nss-config setup-nsssysinit + install -c -m 644 nss-config.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/nss-config.1 + for f in nss-config setup-nsssysinit + install -c -m 644 setup-nsssysinit.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/setup-nsssysinit.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/certutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/certutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/cmsutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/cmsutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/crlutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/crlutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/derdump.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/derdump.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/modutil.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/modutil.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pk12util.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pk12util.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/pp.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/pp.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signtool.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signtool.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/signver.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/signver.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/ssltap.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/ssltap.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfychain.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfychain.1 + for f in '""certutil' cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain 'vfyserv""' + install -c -m 644 ./dist/doc/nroff/vfyserv.1 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man1/vfyserv.1 + for f in pkcs11.txt + install -c -m 644 pkcs11.txt.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/pkcs11.txt.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert8.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert8.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 cert9.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/cert9.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key3.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key3.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 key4.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/key4.db.5 + for f in cert8.db cert9.db key3.db key4.db secmod.db + install -c -m 644 secmod.db.5 /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/share/man/man5/secmod.db.5 + /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 /builddir/build/BUILD/nss-3.16.2.3 extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/certutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signtool extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/pk12util extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/crlutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/modutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/signver extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/cmsutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/bin/ssltap extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libsmime3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsssysinit.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libssl3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnss3.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfyserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/vfychain extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/selfserv extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/ocspclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/strsclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/derdump extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/pp extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/tstclnt extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/btoa extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/symkeyutil extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/unsupported-tools/atob extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/nss/libnssckbi.so extracting debug info from /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm/usr/lib/libnsspem.so /usr/lib/rpm/sepdebugcrcfix: Updated 25 CRC32s, 0 CRC32s did match. cpio: nss-3.16.2.3/nss/cmd/modutil/lex.Pk11Install_yy.cpp: Cannot stat: No such file or directory cpio: nss-3.16.2.3/nss/cmd/modutil/ytab.c: Cannot stat: No such file or directory 23564 blocks + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/lib/rpm/redhat/brp-java-repack-jars Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.nUwdFB + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + '[' 0 -eq 1 ']' + export NSS_NO_SSL2=1 + NSS_NO_SSL2=1 + FREEBL_NO_DEPEND=1 + export FREEBL_NO_DEPEND + BUILD_OPT=1 + export BUILD_OPT + export NSS_BLTEST_NOT_AVAILABLE=1 + NSS_BLTEST_NOT_AVAILABLE=1 + export SOFTOKEN_LIB_DIR=/usr/lib + SOFTOKEN_LIB_DIR=/usr/lib ++ find ./nss/tests ++ grep -c ' ' + SPACEISBAD=0 + : + '[' 0 -ne 0 ']' ++ perl -e 'print 9000 + int rand 1000' 9103 selfserv_9103 + MYRAND=9103 + echo 9103 + RANDSERV=selfserv_9103 + echo selfserv_9103 ++ ls -d ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ~/build/BUILD/nss-3.16.2.3 ~/build/BUILD/nss-3.16.2.3 + DISTBINDIR=./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + echo ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin ++ pwd + pushd /builddir/build/BUILD/nss-3.16.2.3 + cd ./dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin + ln -s selfserv selfserv_9103 ~/build/BUILD/nss-3.16.2.3 + popd + find ./nss/tests -type f + grep -v '\.db$' + grep -vw CVS + xargs grep -lw selfserv + xargs -l perl -pi -e 's/\bselfserv\b/selfserv_9103/g' + grep -v '\.crl$' + grep -v '\.crt$' + killall selfserv_9103 selfserv_9103: no process found + : + rm -rf ./tests_results ~/build/BUILD/nss-3.16.2.3/nss/tests ~/build/BUILD/nss-3.16.2.3 + pushd ./nss/tests/ + nss_tests='libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains' + HOST=localhost + DOMSUF=localdomain + PORT=9103 + NSS_CYCLES= + NSS_TESTS= + NSS_SSL_TESTS= + NSS_SSL_RUN= + ./all.sh testdir is /builddir/build/BUILD/nss-3.16.2.3/tests_results/security init.sh init: Creating /builddir/build/BUILD/nss-3.16.2.3/tests_results/security which: no domainname in (.:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin) ******************************************** Platform: Linux3.19_arm_glibc_PTH_OPT.OBJ Results: localhost.1 ******************************************** init.sh init: Testing PATH .:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/lib/ccache:/usr/sbin:/sbin:/usr/local/sbin:/builddir/.local/bin:/builddir/bin against LIB /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib: ./all.sh: line 304: [: -eq: unary operator expected Running tests for cipher TIMESTAMP cipher BEGIN: Tue May 19 01:40:38 EDT 2015 ./cipher.sh: line 127: res: command not found ./init.sh: line 228: [: : integer expression expected cipher.sh: #1: - PASSED TIMESTAMP cipher END: Tue May 19 01:40:38 EDT 2015 Running tests for lowhash TIMESTAMP lowhash BEGIN: Tue May 19 01:40:38 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Tue May 19 01:40:38 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Tue May 19 01:40:38 EDT 2015 TIMESTAMP libpkix END: Tue May 19 01:40:38 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Tue May 19 01:40:39 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -f ../tests.pw cert.sh: #3: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #4: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #6: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -f ../tests.pw cert.sh: #7: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #8: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #9: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #10: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #11: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #12: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #13: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -o root.cert cert.sh: #14: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -f ../tests.pw cert.sh: #15: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #16: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #17: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #18: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #19: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #20: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #21: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -o root.cert cert.sh: #22: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #23: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #24: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #25: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #26: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #27: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #28: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #29: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #30: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #31: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #32: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #33: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #34: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #35: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #36: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw cert.sh: #37: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #38: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #39: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #40: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #41: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #42: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #43: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #44: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #45: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #46: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #47: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #48: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #49: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #50: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #51: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #52: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #53: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #54: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #55: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw cert.sh: #56: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #57: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #58: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #59: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #60: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA.ca.cert cert.sh: #61: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #62: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #63: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #64: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert cert.sh: #65: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #66: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #67: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #68: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA.ca.cert cert.sh: #69: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #70: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #71: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #72: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #73: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert cert.sh: #74: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw cert.sh: #75: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #76: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA.ca.cert cert.sh: #77: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -i ../CA/TestCA-ec.ca.cert cert.sh: #78: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #79: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #80: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #81: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #82: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #83: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #84: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #85: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #86: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #87: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #88: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #89: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA.ca.cert cert.sh: #90: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -i ../CA/TestCA-ec.ca.cert cert.sh: #91: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #92: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #93: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #94: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #95: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #96: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #97: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #98: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #99: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #100: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #101: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #102: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #103: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #104: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #105: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #106: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #107: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #108: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #109: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #110: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server -f ../tests.pw cert.sh: #111: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw cert.sh: #112: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #113: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA.ca.cert cert.sh: #114: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #115: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #116: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #117: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #118: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #119: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #120: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #121: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #122: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #123: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #124: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw cert.sh: #125: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #126: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA.ca.cert cert.sh: #127: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #128: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #129: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #130: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #131: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #132: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #133: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #134: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #135: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #136: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #137: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw cert.sh: #138: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #139: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA.ca.cert cert.sh: #140: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #141: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #142: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #143: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #144: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #145: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #146: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #147: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #148: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #149: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #150: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw cert.sh: #151: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #152: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA.ca.cert cert.sh: #153: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #154: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #155: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #156: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #157: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #158: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #159: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #160: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #161: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #162: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #163: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #164: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #165: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #166: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #167: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #168: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #169: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #170: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #171: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw cert.sh: #172: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #173: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #174: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #175: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw cert.sh: #176: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #177: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #178: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #179: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #180: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #181: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #182: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #183: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #184: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #185: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #186: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #187: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw cert.sh: #188: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #189: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #190: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #191: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #192: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #193: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #194: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #195: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #196: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #197: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #198: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #199: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #200: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:18:f6 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:42:48 2015 Not After : Wed Aug 19 05:42:48 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f3:bb:06:09:4d:26:03:c4:6e:a6:7b:76:e0:42:5e:17: 67:2c:94:0d:8a:af:1e:8f:12:fd:67:02:47:28:b1:ec: 09:b5:49:39:57:14:21:3d:35:80:56:06:d1:63:a6:10: 13:9c:27:77:2c:dd:ca:f3:03:72:5d:02:99:35:6a:62: 86:ea:d2:02:bf:01:4f:99:1d:a2:2a:7c:69:9a:ea:a9: 79:84:56:4a:ba:5e:b2:d7:f6:52:44:d2:5b:67:6b:9a: 7a:43:17:e9:7e:91:f4:c1:52:a5:58:98:81:04:c7:85: 06:ae:e0:b8:91:85:e3:11:8d:61:ac:af:e5:0f:0d:49 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: be:15:69:b6:12:2a:3f:74:48:a1:7c:33:eb:2d:f1:61: c2:60:a1:0a:00:51:ad:11:da:d9:c4:c2:95:1a:ff:54: 26:ee:d6:31:1f:e2:d6:08:c2:9b:d7:27:2b:0a:e2:16: 24:13:7f:e8:44:b3:f0:5e:8c:0b:40:7c:0f:f9:ad:57: 73:b0:a6:d0:75:ce:e2:57:96:4e:da:c3:ee:79:7f:c4: c2:77:7f:a2:9b:b7:37:e8:29:3e:0b:54:7a:26:e2:9d: b5:5d:93:76:9d:15:c7:e4:19:50:10:4b:0e:a1:db:2f: ce:1f:b5:a4:2e:f0:95:41:93:96:45:91:84:8e:a2:78 Fingerprint (SHA-256): D3:12:BC:21:55:0D:1C:F5:B2:2D:3E:3F:ED:E0:1F:F4:94:81:93:8B:68:12:0B:A2:12:55:6E:10:E1:5A:42:63 Fingerprint (SHA1): 79:30:C1:A7:66:66:68:43:40:D4:DF:28:70:59:58:46:6C:0C:23:FD Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #201: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:18:fd Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:42:50 2015 Not After : Wed Aug 19 05:42:50 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:cc:2b:79:66:ec:03:df:1e:47:00:e9:ba:30:69:bc: c1:4b:e0:52:d8:66:7f:d5:ab:be:a6:b5:eb:15:2d:7e: 5f:9e:e2:9f:85:a7:a8:ac:5a:26:7e:9b:a7:e4:f3:fc: 06:eb:09:fc:0c:71:70:62:40:d2:e1:ef:80:d5:eb:bc: 2b:f4:a2:00:2d:0e:f0:c7:d6:30:a4:a0:5d:bb:7f:38: 1d:ce:e6:99:d0:e3:4d:b5:a6:e8:29:c9:72:b4:07:8b: 78:79:0e:2b:83:a6:fb:61:93:23:d4:a0:6d:55:53:dd: 49:1e:b9:54:ca:21:e4:25:53:6d:67:b8:cb:20:10:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 79:44:82:cd:87:37:3c:ea:2b:4d:f3:1b:b3:ff:58:1c: 5c:ef:b0:18:8e:65:28:4c:92:61:3e:a5:d7:47:7d:35: ac:60:69:45:d1:3f:e0:25:dd:23:20:49:d6:2a:0f:56: 94:f7:e2:3d:11:3c:96:00:b6:7d:87:42:e5:48:27:db: 1d:63:bd:e9:dc:6b:16:e5:1c:ed:60:f2:85:29:24:1d: 7b:24:a4:e7:23:16:71:ca:88:1d:0e:a9:74:46:59:f5: 55:cf:07:62:32:d2:5d:6c:14:88:8f:7e:f0:93:c2:fb: 59:6a:c8:3c:50:72:05:d8:b7:69:f8:03:5b:7c:70:d8 Fingerprint (SHA-256): 9D:69:76:F7:63:B1:D5:91:45:B1:D5:EF:27:3E:C3:06:C2:D1:2A:32:6B:BB:62:41:6B:7C:2B:94:27:0F:74:49 Fingerprint (SHA1): B3:4C:6C:5C:F3:7B:10:14:7E:AA:06:58:00:1F:FA:82:D3:F0:32:7A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #202: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:00 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:42:53 2015 Not After : Wed Aug 19 05:42:53 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:d7:86:f5:38:35:a7:88:51:0b:59:d5:2b:66:fb:67: 4c:4c:79:23:6f:47:e2:16:aa:b2:8b:fe:88:06:77:d6: ce:0f:4f:eb:99:ea:75:c3:b6:4d:1e:8b:47:7e:94:61: 5d:d9:7a:17:31:0e:87:5d:a1:ba:3d:1a:dc:ce:da:40: b0:6c:09:01:69:8f:f9:86:91:c9:8e:5d:53:10:0b:c1: 4a:f0:5c:5c:c9:7c:aa:d2:cd:ff:49:73:b7:25:18:c6: db:e1:75:cb:69:9e:c9:1c:52:60:d6:47:e3:fc:6e:a7: 7f:b8:d8:8b:da:3d:42:a4:02:ec:e8:25:27:de:91:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 83:b0:d1:ef:2c:70:40:a3:4d:b2:4f:87:57:d9:b2:4a: e3:35:96:d9:3a:5a:d2:1c:9b:e6:b9:a6:02:12:b4:15: fb:9a:20:23:5b:b8:e6:f7:f4:5a:b6:c0:37:f2:3f:71: 9e:b1:20:6e:b6:cf:41:cf:f2:90:78:3e:36:a8:e7:86: 13:01:db:3d:7d:57:58:af:f3:4b:be:17:39:d1:53:df: 46:8f:43:26:ce:df:7c:a5:3d:ba:13:89:0b:2a:a6:54: c4:09:85:c4:05:e0:3b:c2:32:6f:2e:51:02:58:9b:40: a9:6b:0a:d3:3e:6c:15:ea:16:ae:c3:ad:e8:9d:c8:9b Fingerprint (SHA-256): E8:54:3E:70:40:56:29:5A:08:A9:C3:1D:FE:C6:BD:61:57:DB:67:27:18:B7:D1:FE:A0:EA:B1:10:32:2C:5B:B1 Fingerprint (SHA1): 58:AB:C8:CD:C0:D7:D6:7D:F0:F7:47:45:EB:3A:58:5F:EF:A8:8D:B3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #203: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:05 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:42:58 2015 Not After : Wed Aug 19 05:42:58 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:95:87:e9:95:bd:1c:8f:53:f1:e0:05:ad:e3:2d:a8: d5:26:a7:91:a5:27:53:0a:70:64:93:65:25:f3:3c:57: e7:1d:a9:44:0d:3d:30:c8:dc:ab:d6:da:d1:a9:ba:ef: 58:f8:45:78:ec:80:ab:08:26:6a:b0:8e:40:9c:a3:1a: f5:86:b9:e0:93:64:ff:a5:97:15:c1:d1:99:09:93:38: 62:f3:fe:9a:f6:4c:0f:b9:b1:00:55:0b:aa:3c:3d:75: 72:7e:12:cd:c5:6e:01:7b:22:b7:02:27:1a:81:b5:54: 25:82:33:f7:e0:d5:0c:9f:73:c8:62:cb:f5:fe:1c:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:3e:a1:8d:f5:ce:9b:56:8c:68:85:a6:3e:78:60:7c: 27:db:fb:d9:da:b0:3a:1a:c0:f9:e6:88:79:f5:0e:a3: 72:a4:43:b2:49:5b:75:b4:e3:19:62:b0:58:14:27:69: 54:0f:75:f3:b1:54:e7:99:54:88:0f:dc:e7:e3:ba:50: f2:7c:24:23:6d:b1:71:3a:a7:1f:9d:7a:66:ba:bf:c7: 52:d9:fb:57:b0:ad:73:b8:d8:83:9f:99:9e:12:7b:cb: c8:99:0a:9f:a6:31:c9:30:66:4f:75:00:fa:3e:89:03: 66:26:6f:12:ad:d1:4b:3f:09:7a:c1:c7:83:1b:8f:f0 Fingerprint (SHA-256): 44:63:42:94:2D:C3:87:6A:2E:C0:2D:5A:5E:44:6B:CF:D7:2C:52:03:7F:A3:EC:26:A6:57:4B:A2:36:B3:A0:46 Fingerprint (SHA1): 60:C9:A8:46:83:77:7B:67:B6:23:EA:A2:81:8A:E1:1A:BF:BA:F9:E4 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #204: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:10 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:00 2015 Not After : Wed Aug 19 05:43:00 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:cd:bc:ec:96:c9:56:1c:4b:fa:9f:11:f5:f5:81:9c: 5f:1b:64:a6:6f:2e:8c:d1:3a:6c:77:b6:85:cb:78:46: 8d:6f:7b:ac:7e:b9:68:6d:e6:c0:7f:3b:09:1b:4e:10: 28:12:6d:51:a3:89:17:b8:be:86:e4:45:69:f4:02:db: 0d:6e:fe:49:41:47:46:21:25:52:48:7e:02:36:bb:d1: 2d:98:42:fa:16:05:4b:6e:cb:75:86:03:40:ca:0b:ac: 15:76:b4:c7:f1:ed:94:79:49:fa:3e:69:9c:0b:61:98: 7b:23:af:04:19:cf:25:48:93:1d:6b:9e:46:6a:13:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bb:57:d3:64:ec:02:ab:2e:34:ae:3d:94:8b:59:6e:b4: ea:ff:c5:c2:55:ba:f4:27:51:dd:ce:5c:8c:f9:ce:3d: cd:0c:e9:e6:62:19:74:24:d5:78:cf:a9:f3:ed:df:e2: 85:3f:a1:ec:87:dc:66:99:77:ef:c2:38:6c:a1:6b:27: 12:c6:27:cb:6a:b8:08:1b:72:bd:84:55:24:12:30:8b: 7b:c4:11:0b:a8:8a:70:03:44:ae:91:04:f7:11:c2:a0: 2a:ad:de:bb:83:c9:19:2d:f8:82:bc:48:d3:a8:b3:63: ab:0c:a8:85:46:5b:d1:e2:1c:ff:ae:fd:73:3c:4e:09 Fingerprint (SHA-256): 2C:9C:03:20:B7:54:9A:76:AA:7E:E9:B1:AD:17:24:65:A3:FF:0A:6E:90:E7:96:90:17:B0:84:AF:B9:EB:05:00 Fingerprint (SHA1): A9:9E:E8:64:9F:E1:A2:E9:5B:BF:7A:F4:34:FD:47:0B:C4:CB:E0:0A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #205: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:14 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:03 2015 Not After : Wed Aug 19 05:43:03 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:43:36:c4:59:9a:fd:8f:22:97:b5:f5:97:2a:8c:b2: 0f:6a:54:30:ac:6d:de:08:e3:ab:8f:19:67:0a:7b:2c: 8d:f1:56:c6:d6:7a:99:bb:4d:0b:5e:36:44:48:e3:b2: a0:d4:3b:69:68:43:75:e5:78:10:18:ad:2c:59:d4:01: 20:7f:24:12:81:68:07:2d:f6:47:20:37:83:77:dc:a3: 4a:0f:da:c9:93:08:dc:08:8c:7a:b2:6f:71:61:26:94: e1:4e:87:45:de:56:c6:2b:68:13:73:c3:74:df:d8:05: 10:b7:14:47:b8:31:3f:df:63:e2:b3:bb:68:ba:76:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:8b:12:e3:55:c5:6d:87:05:a6:8c:2d:74:7d:94:76: 8b:5a:f3:79:7f:89:a5:b0:ce:df:aa:86:73:07:1e:8f: 6a:6a:e0:07:b9:44:bc:91:2b:51:56:57:0d:da:92:f5: f4:da:34:28:03:29:e8:3b:69:93:62:56:f9:35:91:6f: dc:a7:5b:b5:08:e4:41:52:ee:8c:aa:45:0f:d1:9b:d8: 0f:f9:de:e4:a4:73:b5:bd:4a:7e:64:db:79:05:99:89: 9b:55:76:ac:f8:39:c4:3a:50:43:60:e0:05:49:ac:cf: 4d:3a:51:e2:5c:50:d3:85:45:e7:f2:17:77:ba:9d:77 Fingerprint (SHA-256): D9:49:5A:CB:5D:3B:22:10:2A:0E:CF:36:1D:5D:23:5E:F1:FD:7C:C5:40:CC:A7:F3:B6:38:68:2E:6A:6F:49:94 Fingerprint (SHA1): 01:58:57:AC:3B:AC:04:69:69:23:E7:F6:E8:B0:E7:94:68:3C:16:E3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #206: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:19 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:05 2015 Not After : Wed Aug 19 05:43:05 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:e2:49:43:68:00:58:eb:e2:9a:de:2a:9b:ef:2f:10: 2a:68:55:5f:64:a8:47:5f:a4:39:8d:f2:bd:50:ab:bb: 93:8c:16:b0:42:e1:54:86:d9:a5:2c:0b:f8:79:ed:77: 37:56:7b:51:28:e3:dd:98:00:55:ed:82:1a:3b:78:6b: 55:b8:54:c9:1f:d4:e1:3d:d5:ff:7c:6f:3b:4b:00:4e: d4:a6:db:98:86:5c:b8:be:48:42:07:14:d1:b8:24:bd: 4d:ed:88:7c:0b:0b:e0:6f:c2:d4:9e:6d:15:07:c0:01: 08:42:fa:3e:60:dd:0f:89:e3:54:43:de:bc:80:1a:13 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 14:d3:8d:15:eb:9d:1b:f4:a0:e8:a8:aa:da:98:71:78: 7b:0b:fd:70:72:83:db:c4:ad:f2:5b:21:bc:49:c3:d0: e1:65:13:e8:66:58:ea:d6:ad:a7:cd:ef:61:e8:2a:9f: fd:0f:c1:88:6a:d7:71:a4:ed:89:d3:2c:43:7b:6b:5b: 43:42:51:ab:2d:69:c3:4d:86:3e:c7:10:59:9a:45:20: e2:11:e9:b2:17:81:75:9c:a7:25:07:e6:13:fb:eb:91: 85:2d:91:d6:07:39:96:b6:61:95:b4:e6:c7:9c:aa:a6: e7:7e:38:a6:09:c9:7a:59:7e:4a:4d:e3:13:03:b3:0d Fingerprint (SHA-256): 6F:99:3D:24:98:51:0F:DF:C7:6D:5D:A5:F6:F0:D1:14:09:0C:21:15:4F:24:6B:06:CB:7A:C4:BD:3F:6C:B7:AD Fingerprint (SHA1): A4:88:D7:E2:59:00:E1:D6:A4:C9:A3:24:EE:A0:D6:F4:5A:59:EB:58 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #207: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:1c Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:07 2015 Not After : Wed Aug 19 05:43:07 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:1c:60:58:1b:c3:fb:2d:7f:8b:d7:3c:26:62:bf:b8: 94:d2:53:91:19:12:02:d8:74:2e:86:06:92:69:34:a5: 9d:80:1c:c7:61:02:ee:c9:d6:65:0c:24:5e:8b:6b:b0: c9:58:1b:8d:5a:a6:a7:ea:49:bf:3f:6c:4c:d6:25:1a: a2:03:28:57:24:4b:de:03:b2:46:5b:6f:1f:c1:af:7c: 93:e5:24:9c:eb:14:4c:92:a3:af:10:72:af:56:02:f5: c6:a2:1b:2a:1e:10:88:0d:d5:e7:db:9b:f2:f0:61:2c: 15:27:22:ee:89:ae:cb:be:7d:b5:cd:3b:5c:d3:fd:bf Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:26:85:2f:ac:81:c3:73:15:bd:6a:c7:d2:90:c9:a0: 55:7c:0c:02:d5:9e:1b:b3:3f:e1:24:27:ff:d4:f3:08: 63:f5:b7:f6:4d:02:e6:5b:de:5f:42:c3:bd:21:f4:8a: 5f:2e:f6:8e:d7:f6:2d:eb:89:9e:46:65:d1:47:22:be: f1:6f:48:89:3f:59:43:67:8c:5c:8b:f1:75:41:a3:99: dd:db:b8:9e:1b:83:bd:e2:63:81:de:ba:a0:51:e1:97: 82:41:9e:34:03:2b:a1:14:ec:8e:86:1f:b0:67:41:27: 6a:d7:07:a1:be:8a:e8:24:36:87:ee:0b:9d:cb:9d:db Fingerprint (SHA-256): F1:89:05:49:91:5F:ED:DA:5E:38:88:A4:8E:F3:8B:33:DC:61:9A:E6:74:09:46:0E:EE:4C:C7:B9:CF:84:AA:B0 Fingerprint (SHA1): 02:21:F1:5E:15:EA:6E:DA:85:2A:56:B4:52:DC:35:34:BC:4F:62:90 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #208: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:21 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:09 2015 Not After : Wed Aug 19 05:43:09 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:6c:51:e9:3d:92:a3:5a:26:3a:1e:e8:7b:e0:ac:57: 99:03:74:42:f3:8e:27:5d:3e:ef:6f:a6:b7:53:0d:fd: 8b:bb:0d:1a:d4:87:a6:20:f6:0a:c9:f9:90:d1:0b:92: dd:85:8c:ae:ca:7f:c7:92:54:b6:aa:88:9d:a4:8b:58: f2:ac:3a:0f:47:ba:c1:05:39:36:aa:6d:aa:2e:20:05: bb:b6:87:dd:36:b9:0f:a5:7b:9f:45:4c:8a:10:35:f0: 90:62:c7:18:bd:cc:94:40:16:c8:8d:82:df:81:33:01: 72:94:0f:5d:b8:fa:9f:31:a9:c0:8e:f1:98:ed:95:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:a3:26:a6:a9:d5:b5:5d:98:64:a9:37:dd:d6:32:9c: 31:94:80:e0:e6:52:70:34:c2:3c:f7:77:56:17:b4:c8: ea:f0:3f:52:02:e5:9e:e7:74:4a:b5:c9:14:a6:05:f2: 6c:7a:54:2f:86:9e:33:df:d7:b1:2d:50:a7:5f:04:eb: 81:df:46:59:9d:4c:71:f8:b0:de:3c:ea:d8:9f:96:7c: 45:59:fb:62:48:a1:d4:86:27:fb:20:f2:23:c6:85:14: 98:28:b4:0a:30:63:b1:d2:06:4f:89:4e:12:c5:07:b5: 7b:0a:00:02:9b:52:35:dd:43:7f:7b:8b:ae:db:fa:d5 Fingerprint (SHA-256): 63:4C:B0:A9:86:14:CD:01:6D:19:1C:B1:93:17:1D:3C:97:57:FD:A6:2C:11:BF:BA:A2:08:39:54:2B:4F:6C:C9 Fingerprint (SHA1): 7F:3A:99:3B:4A:4A:65:89:E1:16:D0:11:D7:F6:5C:E0:AF:BE:6D:E3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #209: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:25 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:12 2015 Not After : Wed Aug 19 05:43:12 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:3f:71:ee:da:f8:17:9d:4d:d0:7f:6d:35:fd:f1:4b: a9:17:34:88:d8:cf:2f:6b:b4:77:c4:0e:d8:5c:01:fc: 4a:07:d5:07:d8:86:72:eb:70:c1:20:5d:df:64:3e:cd: 02:4e:17:42:b2:0f:9d:42:04:38:83:91:91:c7:88:69: 64:52:b3:00:ac:88:0c:22:5e:c2:c4:dd:ee:93:50:05: 5b:48:9d:fd:42:60:62:99:05:38:0c:fe:bd:ac:f1:2e: 06:a7:56:a3:70:f6:eb:70:fe:3e:da:ed:2b:ea:49:16: 07:18:f9:af:09:51:a9:a6:89:91:fc:b5:c6:9f:1b:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:b3:3a:28:6f:ca:c0:8e:64:03:34:be:92:8c:8c:db: 9e:e2:17:2d:ec:4e:d8:11:95:a3:d9:b0:3f:54:2e:ea: 8b:89:0e:e0:25:15:02:d1:be:f0:7d:41:b3:65:71:14: d7:3b:0e:49:b9:cf:04:36:c7:d4:5f:98:18:ac:19:32: ee:26:64:f7:3e:cb:5a:96:29:23:a9:54:d9:56:64:9e: fe:89:3e:5d:4b:8d:6d:23:d7:fd:57:63:b8:b1:8b:42: e5:f1:fc:54:65:58:92:f7:88:d6:b5:3d:ad:7e:aa:fb: 63:ea:be:11:b7:42:88:d8:99:6a:8a:99:dc:3d:57:ce Fingerprint (SHA-256): 6F:5C:A3:3C:35:EA:E3:E3:58:AE:1A:1F:9C:6E:70:C4:51:EC:64:87:86:5C:E7:A6:6C:98:49:B0:EE:01:5D:D8 Fingerprint (SHA1): A8:3B:BB:3E:FC:98:36:7F:CB:1A:17:C2:DA:AC:63:0E:DB:39:EB:6C Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #210: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:2a Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 05:43:14 2015 Not After : Wed Aug 19 05:43:14 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:d9:04:6c:1d:0b:fb:ec:66:85:70:db:4d:01:39:a8: 5c:1d:b2:fa:10:e0:f2:9b:b1:80:4e:25:4d:bf:d4:d6: 77:0d:bf:de:83:28:ad:3b:cc:e0:7e:13:1b:6d:1e:50: 3e:f1:9d:2c:b3:75:c3:a2:eb:88:e9:34:22:6a:5d:f6: c3:86:72:c4:ec:03:6e:c1:4f:f4:4a:23:fc:9a:c2:48: be:90:11:11:b1:80:29:13:9a:9f:d9:55:43:3c:f7:5d: 24:f1:e2:87:29:5f:f0:88:92:78:13:29:3c:5c:03:03: 29:bc:00:d6:6f:5e:ab:a0:58:fe:f6:8a:49:dd:a5:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 40:fe:35:e5:a5:c7:ef:57:10:4d:a9:ea:35:27:3a:cf: 2c:0a:80:0b:ad:8e:d3:cc:2c:a5:a7:75:0f:8d:e5:7f: 8b:84:6f:5a:07:a3:00:3d:21:4e:07:15:4f:61:34:42: 95:92:4e:ac:62:5a:89:ca:c6:8f:49:71:a9:81:0d:5e: 4a:97:ed:c2:b7:1b:83:74:06:74:6c:42:13:db:4e:da: d0:3a:d0:56:e3:15:ea:3e:27:a8:a8:80:8a:94:70:60: b7:8b:b7:28:5c:e8:cc:35:2b:00:a6:eb:9d:09:85:20: 17:13:cf:9e:9d:14:0c:c6:a8:45:7d:38:01:03:41:1c Fingerprint (SHA-256): F0:17:EC:FF:AA:95:3E:36:F2:D7:00:FA:85:7E:7B:EF:F1:83:8C:2F:24:22:EF:3B:A1:0A:F6:78:6C:35:C1:F8 Fingerprint (SHA1): 3A:52:D5:42:6E:41:96:05:47:51:34:AF:5D:6F:99:8D:85:7B:86:DD Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #211: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #212: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #213: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #214: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:32 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 05:43:18 2015 Not After : Wed Aug 19 05:43:18 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:6f:d2:30:e3:fa:d9:0a:44:f3:94:fe:1c:84:52:bf: 65:d0:b2:b1:59:be:cb:79:18:09:cb:19:b9:46:f9:c4: cc:b4:9b:d2:c7:a5:9f:6b:43:b3:95:87:6c:9a:68:c7: 6e:26:a0:fa:55:53:36:be:c3:2f:79:c4:ab:55:ad:2d: 0d:b8:4e:09:9e:ad:cd:ce:f8:65:80:94:bb:05:bc:b5: ef:69:2e:d4:6e:2c:83:fb:bb:d2:cc:08:d1:2b:c6:7b: 01:29:68:80:72:46:6d:54:ab:34:4a:14:02:64:92:8d: a7:19:f6:06:56:0b:4e:42:98:10:ba:25:05:a8:d4:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bf:c6:57:00:db:68:62:53:06:ca:7c:d6:b0:4d:0d:34: 64:ad:a4:03:95:65:06:ec:ea:de:c9:7d:c5:9b:6f:d4: 59:42:d6:ad:78:85:32:df:f6:0c:c6:22:52:76:be:69: eb:e5:94:9a:5f:70:d0:03:63:2c:5e:f2:12:74:4a:c8: 5a:bf:cc:30:93:1c:61:03:95:76:c5:45:87:6e:2e:db: cb:d3:df:46:5e:21:60:8e:9c:3f:81:b2:11:81:de:1e: 47:63:26:0b:8c:89:b2:9e:a5:8a:a2:bf:ab:a4:23:16: e9:3c:2a:3c:3b:2a:eb:9a:87:df:12:39:16:3b:4f:71 Fingerprint (SHA-256): 86:61:7E:EC:F8:9C:DE:48:CC:34:B4:FE:FC:36:54:64:E1:35:C7:AB:F5:C3:D0:D8:A2:9E:13:C1:27:B0:B2:E4 Fingerprint (SHA1): 8D:BE:9C:95:17:02:34:DB:31:71:B9:0F:83:AA:90:4D:29:AC:F1:B7 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #215: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der cert.sh: #216: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #217: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #218: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #219: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #220: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success cert.sh: #221: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #222: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:19:46 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 05:43:29 2015 Not After : Wed Aug 19 05:43:29 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:d1:f5:b7:d2:97:41:f7:7f:3e:f2:4a:e7:c1:b5:a6: 3e:f8:df:7a:0f:40:4d:2d:44:f7:32:d8:06:0e:b8:27: 9a:4f:fc:23:01:da:49:71:cf:77:2a:67:84:00:18:95: f1:c8:8d:fc:9a:ff:77:0d:33:d5:6c:8e:45:29:a0:2f: 67:df:2b:0b:44:95:d0:3d:5a:20:b8:c9:e5:ab:04:dc: e8:31:46:18:8f:48:29:58:1a:5f:1d:7e:ae:14:58:9a: e3:88:ae:04:e8:11:94:b2:1b:c6:7e:50:b7:a1:0b:e9: 81:a4:c5:c8:99:f6:4a:87:54:4b:88:12:65:8e:dc:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:0b:9f:d2:1d:6d:04:60:40:dc:6f:64:f7:fb:ae:9f: 02:f6:f0:b5:9b:29:4c:3e:f6:7a:1d:30:27:c5:6b:e9: dc:82:52:98:2c:52:a9:b9:63:47:26:de:58:4e:40:2c: 87:89:41:5c:f1:35:6f:02:b3:69:a3:c2:3d:71:1a:39: 30:68:1c:a3:90:58:4c:78:ea:60:40:ca:89:ff:1a:e6: 00:6c:c6:44:0f:70:6d:79:c3:5d:5c:27:15:52:01:91: 38:9f:30:fb:33:3f:88:64:65:1c:3b:0b:71:ca:82:88: 83:84:0c:e4:87:27:4d:22:24:9c:ae:4a:1a:95:46:e4 Fingerprint (SHA-256): E7:64:5E:23:D7:94:41:8F:0C:CE:12:69:17:EB:6E:19:43:FA:BB:B2:B5:B5:D4:10:DF:3B:22:EC:C9:89:45:95 Fingerprint (SHA1): A8:62:17:41:BB:E1:53:35:B5:D2:4E:B9:F8:55:42:24:E3:66:0F:55 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #223: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #224: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #225: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw cert.sh: #226: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #227: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #228: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -o root.cert cert.sh: #229: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #230: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #231: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #232: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #233: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #234: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA.ca.cert cert.sh: #235: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #236: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #237: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #238: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #239: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #240: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #241: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #242: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #243: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #244: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #245: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw cert.sh: #246: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #247: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -o root.cert cert.sh: #248: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #249: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #250: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #251: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #252: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #253: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #254: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #255: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #256: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #257: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #258: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #259: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #260: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #261: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #262: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #263: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #264: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #265: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #266: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #267: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #268: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #269: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #270: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #271: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #272: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #273: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #274: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #275: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #276: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #277: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #278: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #279: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #280: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #281: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #282: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #283: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #284: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #285: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #286: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #287: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #288: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #289: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #290: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #291: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #292: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #293: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #294: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #295: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #296: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #297: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #298: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #299: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #300: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #301: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #302: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #303: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #304: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #305: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #306: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #307: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #308: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #309: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #310: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #311: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #312: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #313: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #314: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #315: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #316: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #317: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #318: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #319: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #320: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #321: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #322: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #323: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #324: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #325: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #326: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #327: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #328: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #329: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #330: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #331: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #332: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #333: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #334: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #335: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #336: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #337: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #338: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #339: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #340: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #341: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #342: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #343: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #344: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #345: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #346: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #347: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #348: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #349: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #350: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #351: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #352: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #353: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #354: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #355: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #356: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #357: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #358: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #359: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #360: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #361: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #362: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #363: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #364: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #365: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #366: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #367: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #368: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #369: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #370: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #371: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #372: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #373: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #374: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #375: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #376: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #377: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #378: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #379: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #380: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #381: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #382: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #383: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #384: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #385: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #386: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #387: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #388: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #389: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #390: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #391: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #392: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #393: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #394: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #395: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #396: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Tue May 19 01:45:34 EDT 2015 Running tests for dbtests TIMESTAMP dbtests BEGIN: Tue May 19 01:45:34 EDT 2015 ./dbtests.sh: line 173: syntax error near unexpected token `then' ./dbtests.sh: line 173: ` if [[ $EUID -ne 0 ]] then' TIMESTAMP dbtests END: Tue May 19 01:45:34 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Tue May 19 01:45:34 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #397: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 38:91:7b:d5:60:3f:7a:0d:14:26:3e:e5:84:0c:34:17 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #398: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #399: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #400: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #401: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 82:b5:ec:93:2b:eb:72:39:1d:89:f5:da:af:28:78:a3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 05:40:56 2015 Not After : Tue May 19 05:40:56 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:00:2a:a6:c9:06:1b:2b:ad:70:fe:19:e3:67:8c:0d: bf:37:ae:cd:8e:1f:9f:f5:cd:d1:fb:ae:aa:57:67:c6: c7:2f:ea:4d:1b:6c:0e:6a:88:cb:8a:02:eb:2a:91:17: ac:9f:72:53:06:2a:57:e2:e8:42:19:01:b2:4d:c4:3a: ee:81:fd:00:35:f2:69:83:a5:b1:eb:df:ef:0f:49:77: ba:69:4b:48:2b:cc:f1:3c:ef:a3:3f:5d:f7:bd:11:2c: e6:37:b0:cb:11:49:05:ef:82:a9:36:5a:b8:35:07:eb: bb:26:d6:bb:34:55:b5:1f:a6:d2:58:a0:33:fa:68:a1: 03:e5:d7:e5:6d Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:af:11:66:9f:9e:21:bc:34:c2:35: f3:2e:f6:d9:9b:96:8e:90:0d:cb:d5:94:9a:f2:68:57: 7f:40:26:0d:f6:08:66:17:0b:6d:b6:91:b7:ad:ea:20: b6:94:d6:56:d5:a7:e9:52:d1:14:12:e9:49:63:f1:56: 26:1c:02:f4:97:4c:fb:02:42:00:81:fb:54:91:0a:e1: a5:14:cd:63:ec:3b:e6:5b:8d:ff:42:5e:04:11:58:25: aa:7b:99:95:76:72:71:53:e8:15:a6:4f:94:ac:49:6e: 00:f0:f4:6a:35:4f:c4:72:6e:e5:eb:de:25:6c:89:20: d5:8f:11:27:d9:de:f3:37:92:83:24 Fingerprint (SHA-256): B9:32:39:02:93:AC:EE:52:FD:C5:62:D8:8E:B3:8A:60:99:06:7E:3A:D9:FC:63:EB:A6:E7:63:6E:93:5A:5F:F1 Fingerprint (SHA1): 74:8E:5D:16:41:E9:C2:F7:F9:5B:E6:C9:25:0D:8E:15:D7:54:2B:7A Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 05:41:57 2015 Not After : Tue May 19 05:41:57 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:9d:72:fb:97:c6:80:db:87:cd:60:bf:5d:41:d9:da: 40:dd:53:3e:c2:98:a4:3e:80:e4:d6:38:b1:2e:f6:b9: 0f:18:9a:70:29:28:4f:26:a0:85:68:54:8b:f6:fd:f0: ea:f0:02:a1:b1:46:de:e7:ad:3a:1c:e0:95:99:b1:e5: 45:60:7d:6f:eb:7e:05:f8:16:f2:b5:73:28:d2:b4:c9: e0:97:55:ee:f7:88:b4:ca:6e:65:6a:b1:e0:ff:d4:a3: 03 Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:49:40:82:08:9a:91:d1:19:2e:8a: 58:98:c3:b6:56:e2:76:73:4a:71:7b:64:3e:a9:1b:85: 1f:9c:94:f5:6a:a3:85:f1:af:20:7b:e6:7a:49:24:b8: d7:14:9a:83:33:9c:2c:e6:65:83:ab:15:2d:25:23:8b: 4f:a9:b0:ff:65:84:30:02:42:01:f2:c7:c1:a3:14:ec: 66:03:c6:f3:0f:6b:21:4d:cd:f6:2d:0e:d8:ea:3a:ad: 70:35:50:53:73:f2:50:a1:d3:16:47:89:af:67:17:81: 45:eb:d3:1e:68:1d:79:6c:54:79:07:b7:36:53:77:92: 16:e4:51:f0:31:b4:70:7c:b5:7e:4d Fingerprint (SHA-256): 9D:DD:79:E2:38:7E:1C:55:C1:13:29:39:38:3E:ED:2C:5D:93:94:4D:40:1F:72:F4:57:8F:4F:B0:D1:70:B2:79 Fingerprint (SHA1): 0C:8B:1B:9C:DB:F9:55:B4:CD:A4:28:3D:F3:8B:93:18:06:20:56:DB Friendly Name: Alice-ec tools.sh: #402: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #403: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 8c:8e:66:61:c1:fe:84:b4:90:56:28:50:fe:9d:2b:3f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #404: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #405: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #406: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 5a:0a:dd:af:97:28:77:9c:2b:68:03:e6:1c:7b:12:80 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #407: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #408: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #409: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 82:7c:14:fa:28:fb:22:c8:15:0f:56:ba:ed:d5:82:95 Iteration Count: 2000 (0x7d0) tools.sh: #410: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #411: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #412: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 04:f2:f5:95:54:35:15:d2:5e:1c:5e:15:03:d3:b6:39 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #413: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #414: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #415: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c1:90:45:98:47:d0:b4:ad:0f:1d:90:ee:51:a7:68:bf Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #416: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #417: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #418: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 04:72:57:fa:64:14:d3:d8:ba:72:dd:6a:24:05:3e:a1 Iteration Count: 2000 (0x7d0) tools.sh: #419: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #420: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #421: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5e:75:60:6a:00:fa:ad:0f:b6:f6:7c:e4:f2:e1:20:b1 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:d4:c2:cf:88:f1:2e:20:62:92:11:89:5c:92:e9: 19:01 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #422: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #423: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #424: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 4f:6e:c8:83:5c:0f:7c:8a:eb:33:b7:3f:16:e0:e1:28 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:b7:3f:c7:43:fd:69:ca:91:f0:5d:d3:50:54:2d: 37:77 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #425: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #426: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #427: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 6b:1b:d0:f9:47:4e:f8:d9:14:1e:ae:16:9f:4b:72:ea Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:68:95:37:0f:29:47:2e:eb:6c:35:c0:55:c9:09: 83:c8 tools.sh: #428: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #429: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #430: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3e:1c:11:83:fe:e2:8d:22:f5:67:27:24:bc:02:b7:e7 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:d1:ba:05:ea:dc:f7:1c:0e:1c:87:44:c5:e1:f3: ea:26 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #431: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #432: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #433: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: fd:74:af:80:dc:51:cf:47:95:75:4c:93:a1:58:b9:b3 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:83:c9:f7:de:7a:e2:32:69:df:30:c4:4a:d5:45: 84:11 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #434: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #435: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #436: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ab:40:f7:eb:98:d3:03:a7:f9:35:0b:7c:8d:a4:ca:ca Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:8b:5a:7a:32:56:86:ac:ba:07:a1:dc:ca:64:19: 73:36 tools.sh: #437: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #438: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #439: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: f0:97:f6:5f:6a:3b:c3:b6:c9:07:5d:2b:22:45:d6:77 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:bb:5d:18:80:9a:b9:af:27:60:08:6a:e4:d0:c8: e3:03 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #440: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #441: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #442: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 49:68:2d:c5:ae:91:6e:c0:c4:20:9f:6b:4b:92:d3:6a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:52:23:e4:1a:75:a3:2b:43:b1:04:3c:ad:66:7a: c6:6a Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #443: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #444: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #445: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 6e:be:1d:c5:2d:b5:ea:99:60:38:c0:b7:1b:c9:88:05 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:a7:8a:ff:01:d5:e0:b5:00:1a:bd:36:88:05:00: 5b:a5 tools.sh: #446: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #447: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #448: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 1a:2b:db:6f:b8:84:8b:a3:1e:a4:e7:9e:e6:ac:74:06 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:66:8d:03:6a:be:da:3a:b4:8b:92:97:9c:22:eb: bf:b5 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #449: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #450: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #451: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: a4:ce:29:25:37:3f:ef:72:26:22:cd:3d:33:48:05:2b Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:71:a0:b2:69:b9:da:d4:aa:e3:65:ab:f5:00:a5: 63:30 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #452: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #453: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #454: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5a:57:b8:1e:25:94:c8:46:76:14:68:61:4a:64:2f:23 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:c1:97:2f:a1:ad:64:c0:45:25:60:17:26:4f:e4: dc:15 tools.sh: #455: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #456: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #457: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5a:3e:fb:a2:6e:71:78:90:a9:27:ab:15:35:2f:a3:a0 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:0e:aa:5e:2d:b5:2d:40:a2:a7:0a:e1:58:59:b9: 1f:49 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #458: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #459: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #460: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 9b:7d:39:81:04:a8:58:89:19:8f:37:25:7d:e9:37:f7 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:7a:fc:c2:e0:5b:28:b7:ba:c4:ea:9b:da:79:b5: 97:d0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #461: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #462: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #463: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: f0:78:db:c0:17:41:ff:6f:b3:f8:23:d5:01:a7:b6:05 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:ec:31:b9:5a:6b:a2:cd:79:16:7d:e8:57:d0:eb: ac:4f tools.sh: #464: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #465: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #466: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c0:4e:bd:71:2f:dc:0a:b2:d5:ab:fb:70:42:7b:83:a6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:41:3f:7f:89:9b:8c:63:b5:53:ff:ac:7e:d9:5d: 33:a1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #467: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #468: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #469: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 90:5c:d5:72:c5:35:ea:e2:54:8d:a9:27:29:3c:0d:38 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:e5:b8:33:f9:44:a1:8a:37:47:9a:67:58:7a:9a: 95:fe Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #470: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #471: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #472: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 45:26:10:4d:33:69:b5:10:68:c0:a8:ef:a9:22:39:6a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:cc:77:2d:5a:4e:87:12:6e:0e:c6:49:c9:b2:92: b1:3f tools.sh: #473: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #474: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #475: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 59:10:57:29:e3:0e:6a:11:9f:59:e0:e8:29:8e:79:c0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #476: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #477: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #478: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 23:ee:98:f6:d9:40:fd:07:51:4b:86:19:43:ec:6c:9e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #479: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #480: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #481: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: ee:ed:17:87:9b:a1:5e:a2:68:b0:55:99:4c:e6:db:19 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #482: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #483: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #484: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 23:a5:a2:77:28:fa:74:91:ba:a2:c9:06:e1:25:29:e9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #485: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #486: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #487: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: e5:30:1d:0f:c9:87:6c:78:0d:29:dd:2c:3c:a3:dd:63 Iteration Count: 2000 (0x7d0) tools.sh: #488: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #489: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #490: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 09:d7:a6:c1:6e:91:b1:b1:17:13:1e:ef:ab:8c:f4:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #491: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #492: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #493: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 4c:de:13:d6:25:5c:bf:e5:d9:c3:48:86:d2:12:81:f5 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #494: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #495: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #496: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 59:7c:ba:18:f4:79:3d:8a:23:8c:27:38:a2:70:d5:20 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #497: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #498: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #499: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: c8:21:f8:88:1d:72:23:a8:9d:15:34:aa:69:8a:43:f9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #500: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #501: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #502: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 87:01:b0:26:bb:4a:7d:91:5a:da:60:a6:5e:ab:08:79 Iteration Count: 2000 (0x7d0) tools.sh: #503: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #504: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #505: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: fd:0c:8c:af:c8:3f:34:f9:f4:e7:21:7c:9f:96:8b:34 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #506: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #507: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #508: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 5f:9b:f7:9e:27:b9:85:3f:f6:8d:4d:81:ff:26:f5:2b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #509: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #510: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #511: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: fc:ba:ab:4a:54:60:dc:63:d6:ca:2e:1c:cf:d7:fb:bb Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #512: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #513: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #514: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 5d:7b:74:f5:d5:40:df:c0:6c:10:2a:b1:32:c7:b1:6e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #515: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #516: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #517: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 93:8e:ed:5c:35:90:2c:d4:42:9d:02:c5:ce:0a:5a:cb Iteration Count: 2000 (0x7d0) tools.sh: #518: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #519: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #520: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 92:c2:cd:56:6e:a5:c7:2f:2e:ad:9c:28:65:2a:9b:22 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #521: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #522: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #523: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 25:b3:fa:09:12:2e:7b:7f:7b:6b:99:dd:ce:a8:86:b7 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #524: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #525: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #526: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 40:d2:e6:df:57:7c:2a:4f:66:69:e8:7d:9f:9a:93:d3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #527: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #528: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #529: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0b:96:33:4c:57:d5:c9:e2:7d:19:a8:33:0f:2d:c2:3f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #530: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #531: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #532: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a6:63:a9:4b:03:99:02:ff:8f:d5:0d:c8:56:95:25:d7 Iteration Count: 2000 (0x7d0) tools.sh: #533: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #534: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #535: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 4e:47:57:08:49:d0:cd:bb:8b:3c:a2:3f:80:6a:4f:4a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #536: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #537: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #538: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 58:a2:ee:4c:75:f7:65:2a:4f:2b:2a:01:4c:dd:dc:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #539: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #540: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #541: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: e2:8a:32:48:5a:2c:97:cd:1e:c5:be:a0:5a:70:5e:81 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #542: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #543: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #544: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 25:37:7e:08:10:44:57:a9:95:0e:ab:fc:9e:7f:0c:b4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #545: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #546: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #547: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f1:44:7e:3b:b1:d9:1f:12:c3:fe:f2:82:8b:b8:6a:00 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #548: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #549: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #550: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 32:3d:e1:63:a8:18:6c:08:db:d0:8d:80:0a:82:39:ba Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #551: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #552: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #553: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: cb:40:91:c3:c3:74:65:07:61:b0:16:e6:c8:82:f8:e1 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #554: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #555: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #556: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 21:78:dd:59:92:58:09:44:a8:79:cc:ed:e6:39:5f:2d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #557: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #558: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #559: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f3:10:1b:23:5d:32:0e:3e:2f:ed:e1:41:53:7c:81:10 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #560: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #561: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #562: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c5:13:11:16:33:c4:f5:f4:73:f7:1a:f1:07:25:9f:35 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #563: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #564: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #565: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #566: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #567: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #568: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #569: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #570: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #571: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #572: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #573: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Tue May 19 01:47:10 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Tue May 19 01:47:10 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #574: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #575: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #576: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #577: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #578: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #579: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #580: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #581: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #582: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #583: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #584: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #585: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #586: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 FIPS_PUB_140_Test_Certificate fips.sh: #587: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #588: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #589: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #590: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #591: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 FIPS_PUB_140_Test_Certificate fips.sh: #592: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #593: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #594: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/fips/mangle dbtest -r -d ../fips fips.sh: #595: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Tue May 19 01:48:27 EDT 2015 Running tests for sdr TIMESTAMP sdr BEGIN: Tue May 19 01:48:27 EDT 2015 sdr.sh: SDR Tests =============================== sdr.sh: Creating an SDR key/SDR Encrypt - Value 1 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.900 -t "Test1" sdr.sh: #596: Creating SDR Key/Encrypt - Value 1 - PASSED sdr.sh: SDR Encrypt - Value 2 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.900 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #597: Encrypt - Value 2 - PASSED sdr.sh: SDR Encrypt - Value 3 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.900 -t "1234567" sdr.sh: #598: Encrypt - Value 3 - PASSED sdr.sh: SDR Decrypt - Value 1 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.900 -t "Test1" sdr.sh: #599: Decrypt - Value 1 - PASSED sdr.sh: SDR Decrypt - Value 2 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v2.900 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #600: Decrypt - Value 2 - PASSED sdr.sh: SDR Decrypt - Value 3 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.900 -t "1234567" sdr.sh: #601: Decrypt - Value 3 - PASSED TIMESTAMP sdr END: Tue May 19 01:48:30 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Tue May 19 01:48:30 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #602: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #603: CMMF test . - PASSED TIMESTAMP crmf END: Tue May 19 01:48:32 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Tue May 19 01:48:32 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #604: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #605: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #606: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #607: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #608: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #609: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #610: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #611: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #612: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #613: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #614: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #615: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #616: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #617: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #618: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #619: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #620: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #621: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #622: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #623: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #624: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #625: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #626: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #627: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #628: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #629: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #630: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #631: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #632: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #633: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #634: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #635: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #636: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #637: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #638: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #639: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #640: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #641: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #642: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #643: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #644: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #645: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #646: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #647: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #648: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #649: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #650: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #651: Decrypt with a Multiple Email cert . - PASSED smime.sh: #652: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #653: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #654: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #655: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #656: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #657: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #658: Decode Encrypted-Data . - PASSED smime.sh: #659: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #660: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #661: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #662: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #663: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #664: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Tue May 19 01:49:00 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Tue May 19 01:49:00 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Tue May 19 01:49:00 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Tue May 19 01:49:00 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Tue May 19 01:49:00 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Tue May 19 01:49:00 EDT 2015 merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #665: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw merge.sh: #666: Merging Dave - PASSED merge.sh: Merging in new user certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw merge.sh: #667: Merging server - PASSED merge.sh: Merging in new chain certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw merge.sh: #668: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #669: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #670: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:44:30 2015 Not After : Tue May 19 05:44:30 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:04:61:bc:97:4d:e6:b6:bc:c7:e3:9d:27:02:d5:dd: 1f:0e:35:fd:1b:67:78:29:30:a0:4c:99:22:4b:68:57: 02:f9:8a:ea:ab:c6:bb:66:d7:96:7b:68:55:f3:15:56: ef:0d:be:81:0c:54:7d:b8:65:94:54:48:06:d1:30:a3: 95:c9:59:2a:83:01:ab:79:89:53:ca:5c:4c:07:d6:14: 15:16:f8:0f:7f:fe:5d:c6:9a:e4:91:33:d4:90:70:10: 66:26:52:c3:46:7b:45:67:af:70:c0:4a:96:1c:f4:15: c0:e1:2a:ac:63:1f:05:cd:bc:8a:63:c4:a8:e3:01:dd Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 28:fa:cc:0e:9f:af:ab:47:d7:69:d8:78:ab:fd:41:ad: 49:a1:c7:df:a4:cb:fc:20:6c:3b:de:4e:b1:a1:d8:47: 9b:5c:35:52:85:e8:62:bd:f4:76:d4:7e:4c:00:86:65: 1e:76:74:ea:a0:7f:21:4e:25:fe:cf:80:27:93:10:6e: b7:1e:2d:a2:53:ba:d4:92:39:ff:4a:b3:d2:7a:91:39: 7b:98:74:ed:e1:23:c6:c9:8f:38:65:01:d1:7f:bc:97: fe:63:f6:42:8a:be:be:32:1e:27:ea:bf:b4:68:e1:4a: d6:59:c9:0d:34:09:d3:67:26:fc:a1:4c:80:f0:87:d5 Fingerprint (SHA-256): 41:3D:4D:9F:A7:77:CA:0D:B8:EF:4E:14:A6:C9:2D:F6:2C:40:04:D5:CD:E5:2D:1A:94:EE:8D:31:37:90:69:6E Fingerprint (SHA1): E1:E0:EC:D4:B2:7F:4D:26:A5:7F:69:F8:6F:76:A9:75:2C:F6:25:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #671: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:44:36 2015 Not After : Tue May 19 05:44:36 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9e:d1:0b:48:da:c1:f4:4f:46:f6:52:ae:59:8f:f7:50: 48:a1:ed:c8:dc:14:a9:d4:e1:8a:2e:ad:b0:79:a4:dd: ba:4d:af:11:ed:ae:3a:1f:de:82:91:11:1f:e8:a3:fb: 10:a3:56:3b:db:10:e2:68:1f:21:60:38:b6:71:17:2a: 5e:73:bb:dd:09:bf:76:04:82:64:83:1e:5e:2e:db:40: ef:da:04:52:04:37:98:7c:ba:9c:b3:37:4f:c7:d5:1f: 4d:fb:c1:13:fa:31:6f:13:d2:4c:1b:1e:6e:b4:bd:ab: c5:94:f3:7a:cb:ef:59:f6:0d:1d:d5:86:1e:55:38:7b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 39:bd:fc:52:68:d1:c3:ef:92:e2:f0:3d:55:4d:e7:3b: 91:f0:b3:26:3c:78:08:5a:7d:32:1a:24:2b:1a:db:4b: ab:41:dd:86:b7:1b:2e:db:b0:10:c6:7e:f7:af:3e:44: c4:bd:cd:a8:59:09:37:42:c1:be:92:f0:67:c0:66:2e: bf:90:b8:20:4b:57:b8:44:32:e3:a1:af:60:0e:32:65: d3:61:52:43:f6:f0:69:34:92:3c:c5:7d:e7:36:6b:93: 2e:bb:15:0d:28:2f:41:8c:04:ac:19:b3:ff:e5:1b:ca: 90:2e:a1:87:53:15:2b:a9:8e:b3:44:8f:25:0a:77:92 Fingerprint (SHA-256): 66:8D:05:05:79:D1:29:3D:F3:B8:11:15:D0:00:95:4B:95:12:A2:86:3A:18:3A:E2:24:97:A6:CF:E9:5C:54:2A Fingerprint (SHA1): 8B:FF:47:9F:D8:A4:AE:B4:7A:9D:89:05:F5:9C:72:4C:08:59:03:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #672: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw merge.sh: #673: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Alice u,u,u Alice-ec u,u,u Dave u,u,u Dave-ec ,, ExtendedSSLUser-ecmixed ,, chain-2-clientCA-ec ,, chain-2-clientCA ,, Alice #1 ,, Alice #100 ,, localhost.localdomain-ecmixed ,, Alice #99 ,, bob@bogus.com ,, eve@bogus.com ,, bob-ec@bogus.com ,, localhost.localdomain u,u,u localhost.localdomain-ec ,, localhost-sni.localdomain-ecmixed ,, clientCA T,C,C clientCA-ec T,C,C Alice #3 ,, TestCA CT,C,C TestCA-ec CT,C,C Alice-ecmixed u,u,u Dave-ecmixed ,, localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec ,, ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec ,, serverCA-ec C,C,C chain-1-clientCA ,, chain-1-clientCA-ec ,, Alice #2 ,, Alice #4 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #674: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests.v1.900 -t Test1 -f ../tests.pw merge.sh: #675: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #676: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #677: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #678: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Tue May 19 05:45:24 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Tue May 19 05:40:39 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Tue May 19 05:45:21 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #679: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Tue May 19 01:49:13 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Tue May 19 01:49:13 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Tue May 19 01:49:13 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Tue May 19 01:49:13 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #680: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014914 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #681: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #682: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #683: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #684: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #685: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #686: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #687: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #688: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #689: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #690: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #691: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #692: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #693: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #694: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #695: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #696: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #697: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #698: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #699: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #700: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #701: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #702: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #703: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #704: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #705: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #706: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #707: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #708: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #709: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #710: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #711: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #712: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #713: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #714: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #715: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #716: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #717: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #718: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #719: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #720: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #721: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #722: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #723: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #724: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #725: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #726: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #727: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #728: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #729: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #730: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #731: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #732: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #733: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #734: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #735: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #736: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #737: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #738: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #739: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #740: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #741: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #742: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519055002Z nextupdate=20160519055002Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 05:50:02 2015 Next Update: Thu May 19 05:50:02 2016 CRL Extensions: chains.sh: #743: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519055003Z addcert 2 20150519055003Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 05:50:03 2015 Next Update: Thu May 19 05:50:02 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:03 2015 CRL Extensions: chains.sh: #744: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519055004Z nextupdate=20160519055004Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 05:50:04 2015 Next Update: Thu May 19 05:50:04 2016 CRL Extensions: chains.sh: #745: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519055005Z addcert 2 20150519055005Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 05:50:05 2015 Next Update: Thu May 19 05:50:04 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:05 2015 CRL Extensions: chains.sh: #746: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519055006Z addcert 4 20150519055006Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 05:50:06 2015 Next Update: Thu May 19 05:50:04 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:05 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Tue May 19 05:50:06 2015 CRL Extensions: chains.sh: #747: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519055006Z nextupdate=20160519055006Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 05:50:06 2015 Next Update: Thu May 19 05:50:06 2016 CRL Extensions: chains.sh: #748: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519055007Z addcert 2 20150519055007Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 05:50:07 2015 Next Update: Thu May 19 05:50:06 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:07 2015 CRL Extensions: chains.sh: #749: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519055009Z addcert 3 20150519055009Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 05:50:09 2015 Next Update: Thu May 19 05:50:06 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:07 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 05:50:09 2015 CRL Extensions: chains.sh: #750: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519055009Z nextupdate=20160519055009Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 05:50:09 2015 Next Update: Thu May 19 05:50:09 2016 CRL Extensions: chains.sh: #751: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519055010Z addcert 2 20150519055010Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 05:50:10 2015 Next Update: Thu May 19 05:50:09 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:10 2015 CRL Extensions: chains.sh: #752: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519055011Z addcert 3 20150519055011Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 05:50:11 2015 Next Update: Thu May 19 05:50:09 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 05:50:10 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 05:50:11 2015 CRL Extensions: chains.sh: #753: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #754: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #755: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #756: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #757: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #758: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #759: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #760: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #761: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #762: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #763: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #764: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #765: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #766: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #767: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #768: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #769: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #770: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #771: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #772: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #773: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #774: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #775: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #776: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #777: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Tue May 19 01:50:25 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 01:50:25 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 01:50:31 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #778: Waiting for Server - FAILED kill -0 10367 >/dev/null 2>/dev/null httpserv with PID 10367 found at Tue May 19 01:50:31 EDT 2015 httpserv with PID 10367 started at Tue May 19 01:50:31 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #779: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 10367 at Tue May 19 01:50:33 EDT 2015 kill -USR1 10367 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 10367 killed at Tue May 19 01:50:33 EDT 2015 httpserv starting at Tue May 19 01:50:33 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 01:50:33 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 01:50:39 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #780: Waiting for Server - FAILED kill -0 10453 >/dev/null 2>/dev/null httpserv with PID 10453 found at Tue May 19 01:50:39 EDT 2015 httpserv with PID 10453 started at Tue May 19 01:50:39 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #781: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 10453 at Tue May 19 01:50:40 EDT 2015 kill -USR1 10453 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 10453 killed at Tue May 19 01:50:41 EDT 2015 httpserv starting at Tue May 19 01:50:41 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 01:50:41 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 01:50:46 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #782: Waiting for Server - FAILED kill -0 10541 >/dev/null 2>/dev/null httpserv with PID 10541 found at Tue May 19 01:50:47 EDT 2015 httpserv with PID 10541 started at Tue May 19 01:50:47 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #783: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014915 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #784: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #785: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #786: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014916 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #787: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #788: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #789: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #790: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519014917 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #791: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #792: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519014918 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #793: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #794: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #795: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #796: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #797: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519014919 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #798: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #799: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #800: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #801: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #802: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014916 (0x1eef8a04) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:50:52 2015 Not After : Tue May 19 05:50:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:7b:ea:e3:56:2f:7d:ba:06:b6:17:e3:c2:42:fc:44: c0:10:e8:92:fe:98:97:06:28:2c:1c:9a:d0:c6:e8:e0: c7:e8:ae:1b:39:2c:c2:7e:f1:86:86:f5:20:af:d7:2b: e7:63:f0:93:9e:bc:d7:2a:a9:6b:96:48:cb:0a:5d:85: cf:ef:00:45:c6:3d:9f:36:a7:c0:23:7e:26:f6:8f:ed: cf:52:6b:0a:2b:e4:84:19:e1:c9:b4:82:22:2f:c2:fe: 17:20:00:f1:ea:aa:a3:1b:04:31:aa:77:45:1c:31:a5: 98:df:4b:73:82:af:85:ef:94:95:27:30:6f:1c:69:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:39:ef:4f:05:70:44:86:11:28:7e:c2:de:af:35:d0: 77:33:fb:c3:05:ef:02:eb:d5:de:f2:c9:72:46:77:03: d4:36:70:74:34:eb:7e:53:d6:cf:79:43:4c:ca:da:91: a7:09:18:09:dd:a8:87:d0:75:a3:49:22:e9:c5:17:5b: 55:cb:00:58:0b:eb:d7:22:3e:a1:c9:d3:4e:57:2e:5f: 82:50:ad:ba:59:33:ea:4d:15:bf:8e:4f:d8:72:33:6c: 7a:5e:02:33:92:1c:18:9c:a6:0a:b0:4c:98:2b:8b:8d: dd:3a:e5:9a:73:09:34:a0:e8:55:22:e9:40:86:8d:29 Fingerprint (SHA-256): C6:0F:42:CE:48:F8:8D:42:A6:E2:67:FB:3A:F6:E5:2E:5A:D2:62:49:17:F4:37:29:03:A0:7F:C3:F2:92:00:88 Fingerprint (SHA1): A6:B7:A9:4A:03:24:06:E1:7A:10:27:E3:7C:5F:AA:9F:2A:53:83:AF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #803: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014915 (0x1eef8a03) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:50:50 2015 Not After : Tue May 19 05:50:50 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:47:e0:c7:33:ce:f5:2f:33:96:6a:4d:e3:ad:32:b3: 3a:31:c6:15:61:42:67:67:fc:d9:ae:be:d4:58:10:64: 3a:56:e0:b2:6b:2b:e8:6c:2d:e2:df:e0:33:20:30:f2: bb:63:d6:07:de:fb:fe:0a:f5:50:b8:83:55:f6:ac:8a: 85:f2:b7:ba:a3:4f:6d:de:0c:eb:80:f2:8a:b9:22:74: 31:2a:95:67:05:69:67:d1:58:59:40:77:01:3f:94:74: 21:cc:89:70:3f:b6:f4:4c:6c:2b:d3:27:af:1c:3c:70: 54:7f:31:3b:aa:da:98:3c:eb:5e:0d:d8:58:3f:57:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:fe:a9:43:c7:c5:2b:43:c3:64:b3:0a:44:c0:e3:c9: c7:f0:22:96:db:43:f4:dc:bf:69:cb:d8:8e:9a:22:66: 76:9e:1e:6d:62:3b:90:36:00:44:63:93:3f:ec:92:06: 6f:75:49:58:19:78:58:cd:bc:aa:cb:d7:5b:35:68:15: c7:70:02:23:9c:cd:32:a2:4e:32:ea:e6:b4:19:e8:1c: c0:18:87:75:50:55:8f:0a:12:9c:68:98:b6:84:cc:aa: 64:13:74:66:17:00:84:a3:17:83:3a:d0:34:fa:78:f4: 0e:c5:64:dd:df:07:96:95:9a:da:aa:d5:af:97:80:99 Fingerprint (SHA-256): FB:31:DF:C2:79:B9:0E:E8:4E:FE:AF:15:E6:D2:43:EE:BA:6C:40:66:CE:3A:BD:A9:96:94:37:54:4B:86:9B:F1 Fingerprint (SHA1): D1:3A:AF:1F:D6:65:7F:87:68:4A:B1:7F:F4:A4:B8:38:81:66:79:18 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #804: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #805: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #806: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #807: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014915 (0x1eef8a03) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:50:50 2015 Not After : Tue May 19 05:50:50 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:47:e0:c7:33:ce:f5:2f:33:96:6a:4d:e3:ad:32:b3: 3a:31:c6:15:61:42:67:67:fc:d9:ae:be:d4:58:10:64: 3a:56:e0:b2:6b:2b:e8:6c:2d:e2:df:e0:33:20:30:f2: bb:63:d6:07:de:fb:fe:0a:f5:50:b8:83:55:f6:ac:8a: 85:f2:b7:ba:a3:4f:6d:de:0c:eb:80:f2:8a:b9:22:74: 31:2a:95:67:05:69:67:d1:58:59:40:77:01:3f:94:74: 21:cc:89:70:3f:b6:f4:4c:6c:2b:d3:27:af:1c:3c:70: 54:7f:31:3b:aa:da:98:3c:eb:5e:0d:d8:58:3f:57:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:fe:a9:43:c7:c5:2b:43:c3:64:b3:0a:44:c0:e3:c9: c7:f0:22:96:db:43:f4:dc:bf:69:cb:d8:8e:9a:22:66: 76:9e:1e:6d:62:3b:90:36:00:44:63:93:3f:ec:92:06: 6f:75:49:58:19:78:58:cd:bc:aa:cb:d7:5b:35:68:15: c7:70:02:23:9c:cd:32:a2:4e:32:ea:e6:b4:19:e8:1c: c0:18:87:75:50:55:8f:0a:12:9c:68:98:b6:84:cc:aa: 64:13:74:66:17:00:84:a3:17:83:3a:d0:34:fa:78:f4: 0e:c5:64:dd:df:07:96:95:9a:da:aa:d5:af:97:80:99 Fingerprint (SHA-256): FB:31:DF:C2:79:B9:0E:E8:4E:FE:AF:15:E6:D2:43:EE:BA:6C:40:66:CE:3A:BD:A9:96:94:37:54:4B:86:9B:F1 Fingerprint (SHA1): D1:3A:AF:1F:D6:65:7F:87:68:4A:B1:7F:F4:A4:B8:38:81:66:79:18 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #808: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014916 (0x1eef8a04) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:50:52 2015 Not After : Tue May 19 05:50:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:7b:ea:e3:56:2f:7d:ba:06:b6:17:e3:c2:42:fc:44: c0:10:e8:92:fe:98:97:06:28:2c:1c:9a:d0:c6:e8:e0: c7:e8:ae:1b:39:2c:c2:7e:f1:86:86:f5:20:af:d7:2b: e7:63:f0:93:9e:bc:d7:2a:a9:6b:96:48:cb:0a:5d:85: cf:ef:00:45:c6:3d:9f:36:a7:c0:23:7e:26:f6:8f:ed: cf:52:6b:0a:2b:e4:84:19:e1:c9:b4:82:22:2f:c2:fe: 17:20:00:f1:ea:aa:a3:1b:04:31:aa:77:45:1c:31:a5: 98:df:4b:73:82:af:85:ef:94:95:27:30:6f:1c:69:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:39:ef:4f:05:70:44:86:11:28:7e:c2:de:af:35:d0: 77:33:fb:c3:05:ef:02:eb:d5:de:f2:c9:72:46:77:03: d4:36:70:74:34:eb:7e:53:d6:cf:79:43:4c:ca:da:91: a7:09:18:09:dd:a8:87:d0:75:a3:49:22:e9:c5:17:5b: 55:cb:00:58:0b:eb:d7:22:3e:a1:c9:d3:4e:57:2e:5f: 82:50:ad:ba:59:33:ea:4d:15:bf:8e:4f:d8:72:33:6c: 7a:5e:02:33:92:1c:18:9c:a6:0a:b0:4c:98:2b:8b:8d: dd:3a:e5:9a:73:09:34:a0:e8:55:22:e9:40:86:8d:29 Fingerprint (SHA-256): C6:0F:42:CE:48:F8:8D:42:A6:E2:67:FB:3A:F6:E5:2E:5A:D2:62:49:17:F4:37:29:03:A0:7F:C3:F2:92:00:88 Fingerprint (SHA1): A6:B7:A9:4A:03:24:06:E1:7A:10:27:E3:7C:5F:AA:9F:2A:53:83:AF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #809: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #810: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #811: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #812: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #813: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #814: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014916 (0x1eef8a04) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:50:52 2015 Not After : Tue May 19 05:50:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:7b:ea:e3:56:2f:7d:ba:06:b6:17:e3:c2:42:fc:44: c0:10:e8:92:fe:98:97:06:28:2c:1c:9a:d0:c6:e8:e0: c7:e8:ae:1b:39:2c:c2:7e:f1:86:86:f5:20:af:d7:2b: e7:63:f0:93:9e:bc:d7:2a:a9:6b:96:48:cb:0a:5d:85: cf:ef:00:45:c6:3d:9f:36:a7:c0:23:7e:26:f6:8f:ed: cf:52:6b:0a:2b:e4:84:19:e1:c9:b4:82:22:2f:c2:fe: 17:20:00:f1:ea:aa:a3:1b:04:31:aa:77:45:1c:31:a5: 98:df:4b:73:82:af:85:ef:94:95:27:30:6f:1c:69:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:39:ef:4f:05:70:44:86:11:28:7e:c2:de:af:35:d0: 77:33:fb:c3:05:ef:02:eb:d5:de:f2:c9:72:46:77:03: d4:36:70:74:34:eb:7e:53:d6:cf:79:43:4c:ca:da:91: a7:09:18:09:dd:a8:87:d0:75:a3:49:22:e9:c5:17:5b: 55:cb:00:58:0b:eb:d7:22:3e:a1:c9:d3:4e:57:2e:5f: 82:50:ad:ba:59:33:ea:4d:15:bf:8e:4f:d8:72:33:6c: 7a:5e:02:33:92:1c:18:9c:a6:0a:b0:4c:98:2b:8b:8d: dd:3a:e5:9a:73:09:34:a0:e8:55:22:e9:40:86:8d:29 Fingerprint (SHA-256): C6:0F:42:CE:48:F8:8D:42:A6:E2:67:FB:3A:F6:E5:2E:5A:D2:62:49:17:F4:37:29:03:A0:7F:C3:F2:92:00:88 Fingerprint (SHA1): A6:B7:A9:4A:03:24:06:E1:7A:10:27:E3:7C:5F:AA:9F:2A:53:83:AF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #815: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014916 (0x1eef8a04) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:50:52 2015 Not After : Tue May 19 05:50:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:7b:ea:e3:56:2f:7d:ba:06:b6:17:e3:c2:42:fc:44: c0:10:e8:92:fe:98:97:06:28:2c:1c:9a:d0:c6:e8:e0: c7:e8:ae:1b:39:2c:c2:7e:f1:86:86:f5:20:af:d7:2b: e7:63:f0:93:9e:bc:d7:2a:a9:6b:96:48:cb:0a:5d:85: cf:ef:00:45:c6:3d:9f:36:a7:c0:23:7e:26:f6:8f:ed: cf:52:6b:0a:2b:e4:84:19:e1:c9:b4:82:22:2f:c2:fe: 17:20:00:f1:ea:aa:a3:1b:04:31:aa:77:45:1c:31:a5: 98:df:4b:73:82:af:85:ef:94:95:27:30:6f:1c:69:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:39:ef:4f:05:70:44:86:11:28:7e:c2:de:af:35:d0: 77:33:fb:c3:05:ef:02:eb:d5:de:f2:c9:72:46:77:03: d4:36:70:74:34:eb:7e:53:d6:cf:79:43:4c:ca:da:91: a7:09:18:09:dd:a8:87:d0:75:a3:49:22:e9:c5:17:5b: 55:cb:00:58:0b:eb:d7:22:3e:a1:c9:d3:4e:57:2e:5f: 82:50:ad:ba:59:33:ea:4d:15:bf:8e:4f:d8:72:33:6c: 7a:5e:02:33:92:1c:18:9c:a6:0a:b0:4c:98:2b:8b:8d: dd:3a:e5:9a:73:09:34:a0:e8:55:22:e9:40:86:8d:29 Fingerprint (SHA-256): C6:0F:42:CE:48:F8:8D:42:A6:E2:67:FB:3A:F6:E5:2E:5A:D2:62:49:17:F4:37:29:03:A0:7F:C3:F2:92:00:88 Fingerprint (SHA1): A6:B7:A9:4A:03:24:06:E1:7A:10:27:E3:7C:5F:AA:9F:2A:53:83:AF Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #816: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #817: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #818: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #819: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #820: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #821: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014915 (0x1eef8a03) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:50:50 2015 Not After : Tue May 19 05:50:50 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:47:e0:c7:33:ce:f5:2f:33:96:6a:4d:e3:ad:32:b3: 3a:31:c6:15:61:42:67:67:fc:d9:ae:be:d4:58:10:64: 3a:56:e0:b2:6b:2b:e8:6c:2d:e2:df:e0:33:20:30:f2: bb:63:d6:07:de:fb:fe:0a:f5:50:b8:83:55:f6:ac:8a: 85:f2:b7:ba:a3:4f:6d:de:0c:eb:80:f2:8a:b9:22:74: 31:2a:95:67:05:69:67:d1:58:59:40:77:01:3f:94:74: 21:cc:89:70:3f:b6:f4:4c:6c:2b:d3:27:af:1c:3c:70: 54:7f:31:3b:aa:da:98:3c:eb:5e:0d:d8:58:3f:57:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:fe:a9:43:c7:c5:2b:43:c3:64:b3:0a:44:c0:e3:c9: c7:f0:22:96:db:43:f4:dc:bf:69:cb:d8:8e:9a:22:66: 76:9e:1e:6d:62:3b:90:36:00:44:63:93:3f:ec:92:06: 6f:75:49:58:19:78:58:cd:bc:aa:cb:d7:5b:35:68:15: c7:70:02:23:9c:cd:32:a2:4e:32:ea:e6:b4:19:e8:1c: c0:18:87:75:50:55:8f:0a:12:9c:68:98:b6:84:cc:aa: 64:13:74:66:17:00:84:a3:17:83:3a:d0:34:fa:78:f4: 0e:c5:64:dd:df:07:96:95:9a:da:aa:d5:af:97:80:99 Fingerprint (SHA-256): FB:31:DF:C2:79:B9:0E:E8:4E:FE:AF:15:E6:D2:43:EE:BA:6C:40:66:CE:3A:BD:A9:96:94:37:54:4B:86:9B:F1 Fingerprint (SHA1): D1:3A:AF:1F:D6:65:7F:87:68:4A:B1:7F:F4:A4:B8:38:81:66:79:18 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #822: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014915 (0x1eef8a03) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:50:50 2015 Not After : Tue May 19 05:50:50 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:47:e0:c7:33:ce:f5:2f:33:96:6a:4d:e3:ad:32:b3: 3a:31:c6:15:61:42:67:67:fc:d9:ae:be:d4:58:10:64: 3a:56:e0:b2:6b:2b:e8:6c:2d:e2:df:e0:33:20:30:f2: bb:63:d6:07:de:fb:fe:0a:f5:50:b8:83:55:f6:ac:8a: 85:f2:b7:ba:a3:4f:6d:de:0c:eb:80:f2:8a:b9:22:74: 31:2a:95:67:05:69:67:d1:58:59:40:77:01:3f:94:74: 21:cc:89:70:3f:b6:f4:4c:6c:2b:d3:27:af:1c:3c:70: 54:7f:31:3b:aa:da:98:3c:eb:5e:0d:d8:58:3f:57:3b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:fe:a9:43:c7:c5:2b:43:c3:64:b3:0a:44:c0:e3:c9: c7:f0:22:96:db:43:f4:dc:bf:69:cb:d8:8e:9a:22:66: 76:9e:1e:6d:62:3b:90:36:00:44:63:93:3f:ec:92:06: 6f:75:49:58:19:78:58:cd:bc:aa:cb:d7:5b:35:68:15: c7:70:02:23:9c:cd:32:a2:4e:32:ea:e6:b4:19:e8:1c: c0:18:87:75:50:55:8f:0a:12:9c:68:98:b6:84:cc:aa: 64:13:74:66:17:00:84:a3:17:83:3a:d0:34:fa:78:f4: 0e:c5:64:dd:df:07:96:95:9a:da:aa:d5:af:97:80:99 Fingerprint (SHA-256): FB:31:DF:C2:79:B9:0E:E8:4E:FE:AF:15:E6:D2:43:EE:BA:6C:40:66:CE:3A:BD:A9:96:94:37:54:4B:86:9B:F1 Fingerprint (SHA1): D1:3A:AF:1F:D6:65:7F:87:68:4A:B1:7F:F4:A4:B8:38:81:66:79:18 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #823: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #824: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014920 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #825: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #826: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #827: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014921 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #828: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #829: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #830: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014922 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #831: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #832: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #833: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014923 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #834: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #835: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #836: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014924 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #837: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #838: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #839: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014925 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #840: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #841: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #842: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014926 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #843: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #844: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #845: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014927 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #846: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #847: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #848: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014928 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #849: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #850: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #851: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #852: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519014929 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #853: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #854: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519014930 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #855: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #856: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519014931 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #857: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #858: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #859: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #860: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #861: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519014932 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #862: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #863: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519014933 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #864: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #865: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519014934 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #866: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #867: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #868: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #869: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #870: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519014935 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #871: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #872: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519014936 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #873: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #874: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519014937 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #875: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #876: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #877: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #878: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #879: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519014938 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #880: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #881: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519014939 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #882: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #883: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519014940 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #884: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #885: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #886: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #887: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #888: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519014941 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #889: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #890: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #891: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #892: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519014942 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #893: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #894: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014920 (0x1eef8a08) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 05:51:16 2015 Not After : Tue May 19 05:51:16 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e1:2c:e6:e9:e5:9a:1f:cf:48:24:ba:50:7d:f1:97:f8: d0:08:b5:68:f7:1d:aa:3d:a4:44:c7:47:08:d8:7b:9b: b2:ae:d9:da:de:d6:87:8a:19:cb:29:e9:25:69:e5:4c: 94:2d:a5:63:ae:5e:5d:40:cd:77:98:06:a0:3f:b2:0c: dd:23:5b:2e:99:84:20:ee:3e:b3:59:17:b4:d3:0c:19: e2:5b:a8:87:ac:e3:6b:8c:d3:75:4a:50:60:6d:57:e1: 32:d9:53:8b:83:7d:34:77:fc:6e:9e:e2:2d:28:f6:a9: 1d:2f:21:b8:e6:89:7e:f9:bb:f0:c0:2e:82:40:dd:39 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:14:78:76:7b:75:4f:66:89:87:e7:c3:cf:da:10:3d: 8a:6c:47:db:80:7b:5f:e7:23:d9:ab:bc:ad:bf:47:77: db:3b:e5:61:0c:a5:d4:b9:8a:4b:29:ac:3c:fb:30:95: a2:38:04:7b:30:64:f5:ae:30:bd:82:a7:3c:15:5f:71: 9a:77:78:f6:26:47:9f:4d:d0:4c:a9:c3:14:2c:90:5f: d8:22:ca:80:0f:6c:07:4a:de:bd:fd:9b:f8:61:36:fd: 26:3f:9d:4f:c0:50:60:e4:63:9c:e2:da:b3:8d:b0:ea: 04:95:83:93:5e:c3:30:11:bc:94:e4:99:81:e2:00:bf Fingerprint (SHA-256): 9D:55:99:D8:F5:25:9B:4B:5A:06:D4:D5:7B:EF:79:72:B4:5D:D2:47:AA:10:8D:E2:97:59:C8:DB:E4:B0:06:AC Fingerprint (SHA1): 78:CC:24:F6:89:13:FA:C7:70:FE:8D:EB:FB:47:66:4D:BF:8E:14:6B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #895: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014921 (0x1eef8a09) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 05:51:19 2015 Not After : Tue May 19 05:51:19 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:ab:6a:93:ac:c5:7e:91:61:3d:b9:79:3d:e0:b7:5a: 75:24:75:f1:16:62:06:7e:dd:33:56:1b:65:9d:38:b1: 44:2f:d5:06:7c:d5:ef:a3:9e:09:e0:96:c8:db:93:e0: 12:98:dd:28:6c:75:01:76:5a:4c:1f:1e:99:3a:4b:15: 7f:70:78:b1:67:63:9b:16:50:85:95:d4:d4:08:03:92: 65:94:93:e4:8c:4e:58:a2:eb:00:0e:54:43:cd:ea:6f: d1:53:33:b2:d8:aa:9e:27:40:c4:de:74:63:f7:21:10: c6:44:ec:27:ec:7f:c3:d7:18:de:29:49:24:ed:0d:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:aa:54:92:2c:ab:85:de:da:7f:c9:4b:55:ea:e5:46: 38:53:53:1f:ca:5a:26:08:d9:61:21:7b:89:78:c0:a7: 4d:40:9e:b9:49:07:3f:6f:c3:20:80:81:af:76:eb:05: bd:26:f4:a0:5c:69:18:34:53:00:55:eb:67:bf:e4:7a: ab:1e:35:c6:1b:f2:72:66:f2:31:05:2f:b9:44:14:e8: 63:5f:89:fb:f3:ea:d3:10:84:d8:73:ef:9c:48:a9:00: dc:c4:d1:ca:12:c5:28:ca:d8:49:ca:dd:c2:54:1e:19: ad:2c:ef:ce:d3:d1:c5:e5:cd:6c:b2:42:91:f3:30:eb Fingerprint (SHA-256): 68:9F:05:5C:5D:6A:1B:6A:A7:42:D1:1B:B9:CB:00:E1:88:F4:86:40:5E:0A:1C:36:8D:FA:B2:E0:FE:67:04:31 Fingerprint (SHA1): D0:CA:E8:3E:0F:17:E6:D2:A0:A0:2C:13:CB:59:AE:A0:22:05:56:A6 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #896: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014922 (0x1eef8a0a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 05:51:21 2015 Not After : Tue May 19 05:51:21 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:1a:f8:e4:f0:b3:18:5f:33:4e:91:8e:39:7d:17:f5: 5f:84:ec:3f:56:19:48:19:64:a5:46:0c:3c:dc:b5:6a: c4:a9:30:e6:b6:c8:af:21:c6:f4:b3:83:a1:3c:3c:03: 37:4f:8c:a6:51:d5:49:7d:db:c5:46:d3:62:b8:06:83: 1a:44:0e:1c:62:45:a1:cf:9d:e8:53:3f:3b:9d:f6:17: 45:3a:e8:97:f7:a4:7f:44:67:9c:02:04:d2:aa:fd:b6: 76:01:7a:36:c6:70:f3:c3:7e:01:cf:51:b8:46:75:5e: a4:6b:60:fb:e2:15:b2:9c:75:b2:42:8a:ed:ef:57:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:55:0d:69:68:d5:a9:96:ac:28:d6:d5:8d:bf:0c:7a: a0:e3:44:5d:0a:c3:aa:43:73:65:c9:da:6f:1f:ab:97: a7:94:c3:f2:cc:44:8d:6a:45:0b:ff:40:61:a8:70:7f: 46:db:bd:bc:51:5a:39:ba:1e:f8:b5:4b:a4:38:4d:0e: f0:eb:39:30:95:12:f1:1d:1f:e1:08:cc:ea:7f:97:fe: 40:93:81:4d:e0:01:ae:45:61:0b:7c:a2:18:06:ec:a1: 3f:76:f8:d6:ae:66:79:34:07:62:dd:2a:9f:7a:f2:36: c7:a1:75:af:ec:02:6c:84:0c:76:b1:b4:4b:8b:fd:ec Fingerprint (SHA-256): E6:D3:4A:FC:68:30:68:42:D4:F9:C1:C3:6D:D9:0B:24:1A:78:1B:70:39:CB:73:A5:4A:B8:E3:2E:CA:C3:C2:00 Fingerprint (SHA1): 27:3F:44:43:03:08:D7:73:24:A2:68:0B:CD:15:A0:2B:50:F8:C4:E9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #897: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014923 (0x1eef8a0b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 05:51:23 2015 Not After : Tue May 19 05:51:23 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: dd:d8:88:7f:e9:73:a5:22:98:63:54:c1:4e:08:2d:36: 81:ef:58:e6:65:7e:a7:ac:b4:da:10:5c:29:55:9a:86: 3f:87:bb:e4:a6:7c:7e:ef:b6:f1:31:94:e0:56:f5:5b: 18:ad:ce:df:2d:fe:21:a4:a7:c0:91:24:2e:6a:eb:eb: ef:a0:ca:27:36:ab:27:47:73:56:f8:93:95:2c:b5:2d: 9d:c1:c7:9c:d7:b5:ea:fe:21:e7:cd:12:68:cc:c9:c4: e6:af:0f:c1:94:e0:86:2a:ca:81:d9:8c:c0:34:8b:9c: f9:f8:10:f2:23:f6:66:1a:49:79:4a:41:1d:5a:ca:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d1:6b:7e:d0:47:1d:7b:96:66:bb:07:51:3d:bf:ea:69: 5a:57:ab:7b:f8:cc:62:fa:7a:e8:d5:33:25:5a:63:db: 15:d8:25:f7:10:e7:0f:47:32:a1:57:c7:7d:6e:70:e0: 3c:b0:b9:f6:77:a6:dd:04:20:b6:92:95:49:4e:e1:69: 64:f8:a0:d1:39:e5:ea:26:64:59:c6:a7:0d:12:8d:40: 36:f1:4e:84:cc:9c:28:8c:c7:f9:33:37:44:de:c1:09: 5b:05:4d:36:fb:e1:57:d2:7d:32:c4:a1:76:55:c8:4a: 9d:60:a1:99:43:b9:74:97:a1:73:d0:8c:47:fc:a8:22 Fingerprint (SHA-256): E9:2B:F1:FF:C0:9F:6A:2E:70:1E:4E:45:06:3B:B3:EB:8F:A0:4F:9F:36:27:6E:78:24:46:8A:BF:A5:21:E2:77 Fingerprint (SHA1): 44:23:70:CC:31:8E:6B:C0:C0:03:7E:9C:A6:D2:D7:25:F6:3D:85:F2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #898: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014924 (0x1eef8a0c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 05:51:26 2015 Not After : Tue May 19 05:51:26 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:53:40:68:4d:99:91:ba:89:61:a1:6c:99:9f:db:9f: 15:25:2e:13:9f:d7:d0:2f:38:ca:25:27:53:1b:2d:2b: 4d:74:9c:8c:15:ef:df:1c:5d:46:8f:9d:ee:bc:b9:72: 3f:bd:4e:67:a2:bd:10:0b:53:ec:47:c0:b5:65:fc:5a: 4f:dc:e7:05:7e:c5:6d:13:c0:44:9f:53:7a:e5:75:c0: 7a:37:76:b4:6d:6d:9d:53:71:40:c3:0c:d1:8a:27:83: 11:04:22:5b:ec:de:71:e4:d0:68:41:bf:06:8b:f9:3e: f4:5a:9a:17:f0:78:49:aa:58:a5:67:7e:45:4c:4f:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0f:45:de:b9:35:df:e8:34:1c:c4:94:95:64:55:be:12: 23:07:a3:f0:35:9c:a5:b7:53:34:85:e7:c2:bf:c7:89: b1:98:1c:e3:16:e2:15:ac:29:d1:55:2a:5f:48:20:0a: b8:87:38:01:eb:02:a1:44:72:e5:c7:90:6b:0d:29:24: 99:ca:45:02:6a:48:39:69:a8:89:96:9f:41:8e:50:d0: ab:b3:55:b3:92:d2:63:0d:0c:58:09:5d:67:a2:31:1c: f6:95:8b:77:2c:73:0c:54:0f:89:a9:9a:a8:88:31:a1: c4:cb:29:eb:ed:a1:56:36:bf:3a:71:e0:48:2a:af:de Fingerprint (SHA-256): 6C:96:58:97:16:0D:A8:8C:80:CE:C2:F6:C3:AE:5B:7E:7F:04:56:2E:36:93:CB:7B:FD:11:1C:66:96:88:AE:65 Fingerprint (SHA1): AE:D5:9D:9E:04:EC:2D:FA:DB:27:75:BE:4A:77:82:45:30:34:73:DF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #899: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014925 (0x1eef8a0d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 05:51:29 2015 Not After : Tue May 19 05:51:29 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:67:4c:00:79:ee:80:4f:51:51:05:4a:e3:2e:eb:ed: 58:29:88:6e:38:d7:4c:74:72:64:5c:23:75:cc:f3:2c: 51:c1:44:89:64:de:7d:47:27:2c:88:d8:3d:e2:41:97: 11:78:17:47:18:e8:c6:91:30:71:58:29:8b:6f:0c:ad: cb:c0:3f:d8:b2:8a:94:07:61:7a:87:d3:fc:1a:75:09: e8:b4:79:e7:0c:70:66:20:8e:6a:7c:66:b5:ee:9e:8f: ed:52:f4:04:80:de:13:ee:2e:00:f0:a2:ec:b2:2d:ea: b4:4f:9d:1d:73:b6:3c:e0:24:f0:6f:31:54:f9:dc:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 53:d5:5e:ac:7e:64:90:b7:89:ed:59:a1:76:83:e6:76: 0f:b8:e2:6c:28:5b:94:2b:14:2e:95:fe:42:e3:71:4e: ad:a8:77:2f:29:37:d0:93:06:cf:88:96:7b:5a:31:54: 22:f0:81:29:31:20:50:b3:b4:80:3b:2d:96:35:d4:c3: 91:af:55:81:3e:59:31:57:e3:86:ad:ba:17:f7:bf:45: 19:25:c2:2b:e2:0f:d9:4c:36:c6:df:6f:6e:6b:63:a6: ec:2e:93:a7:fe:6f:7a:3a:d6:a9:e4:99:64:1f:b2:f8: e8:8e:25:eb:a8:e5:e6:b9:2d:65:04:f6:02:5a:87:32 Fingerprint (SHA-256): 0B:25:3C:20:6C:DF:21:07:B4:04:16:F6:10:38:8F:2C:82:34:FF:79:42:D4:5E:24:7B:F0:28:22:FB:F5:3B:A6 Fingerprint (SHA1): 04:DC:21:0F:E8:99:CB:0C:9B:3F:D2:90:DF:C6:4F:12:2F:C5:23:AC Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #900: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014926 (0x1eef8a0e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 05:51:32 2015 Not After : Tue May 19 05:51:32 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:77:c7:80:6c:b5:5a:56:c1:0a:d7:5c:e5:a9:88:36: f8:4c:88:83:4d:de:30:20:fd:ad:b9:02:25:2a:b4:0a: 30:53:2a:cc:17:21:f2:96:9e:7a:c6:bc:7c:53:e6:ec: a5:13:ee:39:ad:d0:d8:da:03:47:a5:08:6a:0d:64:86: 76:4c:2e:d9:0e:39:d2:13:57:a1:5e:85:90:f5:a9:a2: e6:d2:fc:78:cc:13:0b:65:f2:d5:2a:0e:4d:6d:0a:da: 26:b0:76:e0:a1:24:3e:fa:a9:a7:c0:54:ea:18:e5:ec: d6:a2:8b:be:4c:49:da:1d:9b:bd:8c:96:99:f6:0f:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a7:3c:09:3b:0e:ff:01:42:b9:8e:24:5c:16:43:56:b5: ea:f5:ea:bb:47:1d:c2:6c:64:f2:c6:5c:07:d0:f9:e5: b6:79:5d:22:5c:25:00:da:5f:8c:4e:5b:85:6b:ee:32: 79:1b:94:07:43:ee:c0:20:64:d8:c4:51:cc:74:b6:0a: da:dd:47:22:4f:ee:b5:fd:51:3d:7e:5c:4d:34:dd:68: 7c:81:c1:fc:f2:bb:35:79:e1:71:86:f8:2c:78:3a:fe: 59:3c:fb:2e:e5:9b:85:2d:95:7b:69:c4:2f:3e:cf:05: 7e:bb:26:fd:f1:c0:46:2c:94:2d:aa:22:7c:0a:f5:6f Fingerprint (SHA-256): 9A:09:CD:45:FC:C6:2A:4F:04:36:27:21:E7:9E:F4:66:9A:35:61:9C:DD:AE:EA:60:30:15:74:AB:AE:E4:0D:9E Fingerprint (SHA1): E4:B8:F0:2B:58:BA:B5:41:97:43:4A:7A:DB:1A:23:B9:DD:D3:E5:E6 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #901: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014927 (0x1eef8a0f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 05:51:35 2015 Not After : Tue May 19 05:51:35 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:5b:bb:b4:04:7c:df:65:fb:98:fa:53:b3:9f:5d:a0: 78:26:90:b3:a6:92:ef:18:42:d2:10:55:9f:28:ee:a3: 8d:8e:ee:03:be:d0:53:76:12:f3:22:f7:d0:95:6f:36: e8:8b:eb:e1:48:8a:eb:47:a6:d0:ae:cf:1f:63:16:3b: 36:8e:e6:28:43:3e:40:fe:04:66:49:06:49:ec:04:ff: 15:78:ba:30:94:2d:b6:6f:d2:ca:64:65:90:e8:13:57: 15:02:32:65:ef:cf:63:20:89:bb:48:1b:8e:73:09:0f: 78:79:3d:5d:2c:e9:71:3d:7a:4d:c9:8f:3d:7b:96:1f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:ef:c4:48:6e:fb:24:93:07:c1:c6:81:db:8f:1d:a5: fd:37:dd:25:a9:75:f1:69:71:ba:2a:aa:f5:06:3c:c2: f4:50:4b:af:61:a3:e5:94:21:8d:e3:50:e4:11:1e:2d: 18:85:2e:07:7c:af:88:36:d0:f0:8f:6d:25:0a:3b:77: 50:c8:26:d7:71:29:95:62:71:62:71:c1:86:9a:b6:4d: 97:8a:81:de:50:c8:71:68:7e:c7:0b:97:9c:90:de:9d: 0b:b4:c1:56:0c:5c:cb:6f:c1:53:83:f6:8d:5b:fe:fc: db:1a:1e:bd:bb:3b:2c:31:68:99:29:0e:99:9d:e9:ee Fingerprint (SHA-256): 51:3F:32:C6:0E:D4:67:69:43:5A:30:79:30:77:E0:C6:11:C3:09:51:F1:C2:E5:3B:22:2D:CF:D3:FB:36:9E:0E Fingerprint (SHA1): F6:5F:74:36:72:3F:71:53:28:51:42:5D:DE:E1:4E:AA:23:DE:05:07 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #902: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014928 (0x1eef8a10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 05:51:37 2015 Not After : Tue May 19 05:51:37 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:c7:e1:96:3f:81:07:98:9c:75:1e:d7:c3:5d:07:19: bc:a3:40:bd:c5:3e:51:51:ea:23:d0:10:1d:c5:06:85: 58:44:7e:5b:1e:50:01:eb:3c:d3:3a:63:43:b3:9b:6d: 71:ce:ca:ae:01:86:88:34:f1:c8:9c:a7:66:14:b5:47: e2:95:e6:47:cb:59:95:82:41:52:d7:28:3f:c3:33:51: ac:11:15:45:d2:4a:75:b2:f1:e5:a9:73:64:28:f0:9a: d6:8a:08:ad:d8:1e:0e:53:0e:ce:2b:11:c9:3d:49:10: 76:a8:e9:0d:fb:af:b2:bf:ea:0d:d5:d2:ac:06:58:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 80:c3:6a:f0:39:25:6c:f9:37:32:8e:e2:cc:0d:cd:e2: 63:57:a3:5a:70:f3:b8:bf:37:1c:af:fe:7d:7a:2b:47: 1b:8f:0d:07:5d:77:8a:8d:63:ca:0b:3e:3c:5d:12:53: 81:b0:17:bf:98:99:36:03:07:47:91:a1:60:d6:cf:f5: 23:8a:e7:72:2b:12:9f:9b:ae:8f:66:d8:43:2a:ca:1d: 02:5b:43:58:4c:78:cf:ff:e9:3f:32:cc:43:62:10:95: 88:3d:10:d2:b8:47:a4:be:77:f8:79:cd:a1:c9:89:6c: 53:5d:78:3f:86:3a:2e:ed:0a:6f:fd:97:e6:b0:78:3b Fingerprint (SHA-256): 21:D2:84:7B:EC:48:37:BF:97:B1:C9:3E:B8:85:03:06:39:C9:DC:61:90:2A:0B:04:75:83:51:DF:1A:95:9E:17 Fingerprint (SHA1): 10:03:AB:C9:64:AA:BF:77:9C:E1:E1:27:D4:83:98:24:AA:A8:6F:11 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #903: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #904: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014943 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #905: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #906: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #907: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #908: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519014944 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #909: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #910: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #911: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #912: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519014945 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #913: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #914: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #915: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #916: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519014946 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #917: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #918: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #919: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014943 (0x1eef8a1f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:15 2015 Not After : Tue May 19 05:52:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:c8:70:ae:d3:56:21:49:b5:41:71:9c:10:2c:85:75: cb:e4:3f:c5:36:fa:f8:05:3a:48:d0:10:66:87:f6:1c: 27:55:1f:8a:fa:0c:bb:d8:82:ea:1e:8f:08:7c:17:68: d9:9a:7e:8a:a2:d2:b6:9a:49:ce:d5:3a:4b:0e:9e:74: 66:88:72:1d:08:32:e2:eb:9e:04:68:96:2a:f4:8e:af: a4:17:f6:90:61:29:70:96:5e:b9:e5:fc:e0:57:58:6b: 3c:b0:37:ed:03:60:ee:44:03:fd:2a:0d:a5:c0:89:41: 5a:ce:2e:5e:cf:13:16:13:1d:29:ba:bc:af:8b:96:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d5:d4:75:f0:96:71:f2:85:e8:65:95:84:ac:32:92:3b: f3:d0:b5:92:b0:ec:77:14:9c:67:bc:a8:35:fd:28:c1: 9a:c8:8e:96:e9:85:80:0c:df:b8:41:3e:6f:8a:5d:6b: b5:82:99:ab:50:d5:00:f2:fe:94:14:31:87:9e:40:1c: 6e:b9:86:d4:4c:2e:e0:03:1a:0a:da:55:e2:9a:89:ce: d0:99:65:fc:c7:3a:92:e6:d6:25:91:ff:66:53:e5:49: ea:9d:ea:65:e9:99:d5:9b:8f:bf:be:69:a4:8e:d9:f5: 10:de:14:67:6e:98:aa:56:42:58:94:2e:1f:e3:3b:b3 Fingerprint (SHA-256): 66:39:EB:F0:FE:41:13:F6:E9:D0:D7:C7:07:BB:CB:A5:6D:A8:35:A9:7B:A6:54:07:1E:07:6F:A6:A8:F3:41:1E Fingerprint (SHA1): DD:EE:6F:54:F1:35:56:D3:03:83:C5:9C:7E:82:7A:7A:ED:D1:05:55 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #920: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #921: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014944 (0x1eef8a20) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:18 2015 Not After : Tue May 19 05:52:18 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:86:e7:ca:9f:39:a3:33:52:32:9f:ef:85:26:ad:fe: bc:71:3c:75:94:7e:f5:ee:0f:c0:b3:99:35:68:16:6a: 84:da:dc:c1:7b:1b:a2:9a:ae:e6:7b:d2:22:69:37:5b: a3:73:07:96:ac:36:92:d6:65:f9:3b:f9:40:51:6b:cd: 49:b5:e6:c8:9b:6b:02:31:c5:63:84:df:09:27:89:ff: 37:ed:53:44:f2:c1:b9:92:82:15:1f:92:7c:6a:ac:09: b2:5f:7f:3e:61:2d:d5:b8:f6:65:01:20:07:fe:da:0c: df:e2:42:7c:59:b1:0c:27:58:93:ea:c5:c9:dd:8f:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:14:c1:a1:b3:6a:d8:73:a5:a2:2f:72:25:6c:42:0e: 67:20:a6:f7:e0:49:17:94:55:7d:ba:e5:cb:46:e2:8b: c9:cd:a0:dd:79:ef:b0:0c:b2:f5:8e:96:4e:61:d7:68: fa:9d:67:50:76:4e:42:a4:52:ec:92:7d:e1:ff:08:25: bc:4d:29:de:31:68:ea:8b:a6:66:82:ba:7c:e1:bf:91: ca:4b:3a:e4:85:92:68:c4:a6:f6:9c:59:6b:a6:4a:91: 1e:ab:e2:25:17:f9:6d:31:06:05:3a:cd:17:b2:14:0a: 99:46:8e:e5:aa:df:fa:7e:56:d4:7a:22:0f:ad:a8:8b Fingerprint (SHA-256): BC:BD:9B:B0:05:32:7D:24:3F:3A:21:7B:0A:B0:10:F3:8E:35:FB:72:CB:08:96:B3:A6:6F:9F:43:FA:DE:46:A0 Fingerprint (SHA1): 2A:BD:57:42:62:A5:3A:07:2B:7E:69:6C:4B:F1:2E:96:47:D5:F8:00 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #922: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #923: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014945 (0x1eef8a21) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:21 2015 Not After : Tue May 19 05:52:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:c5:f3:d6:fd:47:03:d2:95:43:fb:78:11:5f:96:8b: 25:3f:ea:88:a8:4f:64:7a:ab:0b:80:a3:e5:98:31:7d: 7d:1b:8b:24:40:3e:ee:41:d1:3c:70:a8:a8:c5:49:35: ad:89:2e:88:ff:d4:72:c1:ed:4a:f9:8d:da:f6:39:9b: 83:46:0e:00:23:36:28:42:3f:c3:82:e2:27:55:d1:da: fa:2f:e3:47:dd:a0:96:a8:be:82:44:e4:44:0f:98:da: 4a:7e:13:89:4e:4f:c0:70:c6:15:00:68:fd:6a:6a:05: 45:a9:b7:ac:c0:dc:1b:c0:a9:b8:34:0c:6f:7f:af:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: cf:9f:c3:f4:5e:1b:7f:c3:2c:6f:0f:53:92:17:69:a6: 0a:60:44:47:58:9e:3e:fc:f6:5b:9c:31:69:3e:08:f3: 11:2f:bf:5c:4e:5b:11:ac:f8:ab:db:a6:db:49:c5:b3: 74:11:f8:85:f2:c7:9f:c5:a4:66:79:59:1f:4f:3b:56: c9:fb:8d:bc:50:e9:e4:c2:1f:5e:53:65:11:9a:9e:ab: bf:d6:c7:f5:72:05:c2:1e:f2:13:2b:81:87:12:48:f7: b3:f7:f3:f3:99:0c:68:52:e8:a4:6f:50:05:e8:f8:13: 3f:86:1a:4f:87:d5:cc:0b:7e:49:d1:c0:04:5e:14:fd Fingerprint (SHA-256): 93:7F:9F:59:C2:6A:DF:D8:C1:31:E1:9D:93:4E:08:0C:A7:0D:5E:F2:A5:D4:CC:A8:2B:CC:73:54:72:84:1F:FC Fingerprint (SHA1): A8:6B:03:EC:D8:D2:D4:84:1B:26:65:F2:53:66:C2:80:5B:F5:ED:AD Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #924: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #925: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #926: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #927: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #928: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014943 (0x1eef8a1f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:15 2015 Not After : Tue May 19 05:52:15 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:c8:70:ae:d3:56:21:49:b5:41:71:9c:10:2c:85:75: cb:e4:3f:c5:36:fa:f8:05:3a:48:d0:10:66:87:f6:1c: 27:55:1f:8a:fa:0c:bb:d8:82:ea:1e:8f:08:7c:17:68: d9:9a:7e:8a:a2:d2:b6:9a:49:ce:d5:3a:4b:0e:9e:74: 66:88:72:1d:08:32:e2:eb:9e:04:68:96:2a:f4:8e:af: a4:17:f6:90:61:29:70:96:5e:b9:e5:fc:e0:57:58:6b: 3c:b0:37:ed:03:60:ee:44:03:fd:2a:0d:a5:c0:89:41: 5a:ce:2e:5e:cf:13:16:13:1d:29:ba:bc:af:8b:96:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d5:d4:75:f0:96:71:f2:85:e8:65:95:84:ac:32:92:3b: f3:d0:b5:92:b0:ec:77:14:9c:67:bc:a8:35:fd:28:c1: 9a:c8:8e:96:e9:85:80:0c:df:b8:41:3e:6f:8a:5d:6b: b5:82:99:ab:50:d5:00:f2:fe:94:14:31:87:9e:40:1c: 6e:b9:86:d4:4c:2e:e0:03:1a:0a:da:55:e2:9a:89:ce: d0:99:65:fc:c7:3a:92:e6:d6:25:91:ff:66:53:e5:49: ea:9d:ea:65:e9:99:d5:9b:8f:bf:be:69:a4:8e:d9:f5: 10:de:14:67:6e:98:aa:56:42:58:94:2e:1f:e3:3b:b3 Fingerprint (SHA-256): 66:39:EB:F0:FE:41:13:F6:E9:D0:D7:C7:07:BB:CB:A5:6D:A8:35:A9:7B:A6:54:07:1E:07:6F:A6:A8:F3:41:1E Fingerprint (SHA1): DD:EE:6F:54:F1:35:56:D3:03:83:C5:9C:7E:82:7A:7A:ED:D1:05:55 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #929: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #930: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014944 (0x1eef8a20) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:18 2015 Not After : Tue May 19 05:52:18 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:86:e7:ca:9f:39:a3:33:52:32:9f:ef:85:26:ad:fe: bc:71:3c:75:94:7e:f5:ee:0f:c0:b3:99:35:68:16:6a: 84:da:dc:c1:7b:1b:a2:9a:ae:e6:7b:d2:22:69:37:5b: a3:73:07:96:ac:36:92:d6:65:f9:3b:f9:40:51:6b:cd: 49:b5:e6:c8:9b:6b:02:31:c5:63:84:df:09:27:89:ff: 37:ed:53:44:f2:c1:b9:92:82:15:1f:92:7c:6a:ac:09: b2:5f:7f:3e:61:2d:d5:b8:f6:65:01:20:07:fe:da:0c: df:e2:42:7c:59:b1:0c:27:58:93:ea:c5:c9:dd:8f:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ce:14:c1:a1:b3:6a:d8:73:a5:a2:2f:72:25:6c:42:0e: 67:20:a6:f7:e0:49:17:94:55:7d:ba:e5:cb:46:e2:8b: c9:cd:a0:dd:79:ef:b0:0c:b2:f5:8e:96:4e:61:d7:68: fa:9d:67:50:76:4e:42:a4:52:ec:92:7d:e1:ff:08:25: bc:4d:29:de:31:68:ea:8b:a6:66:82:ba:7c:e1:bf:91: ca:4b:3a:e4:85:92:68:c4:a6:f6:9c:59:6b:a6:4a:91: 1e:ab:e2:25:17:f9:6d:31:06:05:3a:cd:17:b2:14:0a: 99:46:8e:e5:aa:df:fa:7e:56:d4:7a:22:0f:ad:a8:8b Fingerprint (SHA-256): BC:BD:9B:B0:05:32:7D:24:3F:3A:21:7B:0A:B0:10:F3:8E:35:FB:72:CB:08:96:B3:A6:6F:9F:43:FA:DE:46:A0 Fingerprint (SHA1): 2A:BD:57:42:62:A5:3A:07:2B:7E:69:6C:4B:F1:2E:96:47:D5:F8:00 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #931: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #932: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014945 (0x1eef8a21) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:21 2015 Not After : Tue May 19 05:52:21 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d6:c5:f3:d6:fd:47:03:d2:95:43:fb:78:11:5f:96:8b: 25:3f:ea:88:a8:4f:64:7a:ab:0b:80:a3:e5:98:31:7d: 7d:1b:8b:24:40:3e:ee:41:d1:3c:70:a8:a8:c5:49:35: ad:89:2e:88:ff:d4:72:c1:ed:4a:f9:8d:da:f6:39:9b: 83:46:0e:00:23:36:28:42:3f:c3:82:e2:27:55:d1:da: fa:2f:e3:47:dd:a0:96:a8:be:82:44:e4:44:0f:98:da: 4a:7e:13:89:4e:4f:c0:70:c6:15:00:68:fd:6a:6a:05: 45:a9:b7:ac:c0:dc:1b:c0:a9:b8:34:0c:6f:7f:af:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: cf:9f:c3:f4:5e:1b:7f:c3:2c:6f:0f:53:92:17:69:a6: 0a:60:44:47:58:9e:3e:fc:f6:5b:9c:31:69:3e:08:f3: 11:2f:bf:5c:4e:5b:11:ac:f8:ab:db:a6:db:49:c5:b3: 74:11:f8:85:f2:c7:9f:c5:a4:66:79:59:1f:4f:3b:56: c9:fb:8d:bc:50:e9:e4:c2:1f:5e:53:65:11:9a:9e:ab: bf:d6:c7:f5:72:05:c2:1e:f2:13:2b:81:87:12:48:f7: b3:f7:f3:f3:99:0c:68:52:e8:a4:6f:50:05:e8:f8:13: 3f:86:1a:4f:87:d5:cc:0b:7e:49:d1:c0:04:5e:14:fd Fingerprint (SHA-256): 93:7F:9F:59:C2:6A:DF:D8:C1:31:E1:9D:93:4E:08:0C:A7:0D:5E:F2:A5:D4:CC:A8:2B:CC:73:54:72:84:1F:FC Fingerprint (SHA1): A8:6B:03:EC:D8:D2:D4:84:1B:26:65:F2:53:66:C2:80:5B:F5:ED:AD Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #933: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #934: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #935: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014947 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #936: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #937: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #938: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #939: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519014948 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #940: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #941: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #942: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #943: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519014949 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #944: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #945: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #946: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #947: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519014950 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #948: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #949: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #950: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #951: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519014951 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #952: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #953: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #954: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014947 (0x1eef8a23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:37 2015 Not After : Tue May 19 05:52:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:d3:67:5d:3f:ac:3c:c9:f1:43:07:ae:20:94:9d:55: a6:98:c6:fc:87:b1:58:63:21:81:fd:8d:68:d9:62:a6: 69:56:ee:9f:b8:5f:5b:11:14:ba:5a:d2:c7:b7:28:93: 0d:2d:56:cf:5d:21:fa:bb:c3:eb:0c:4b:59:f4:72:da: 98:4a:bb:38:76:98:81:75:99:92:5b:68:86:ed:32:a2: 70:b4:be:33:09:39:e5:c9:91:36:d6:af:de:82:6c:df: 20:71:ca:35:b5:aa:d5:3c:9b:0c:eb:df:f5:a6:0e:d1: ed:81:c2:d4:69:b0:83:f4:d8:64:f0:ec:0d:36:a8:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:65:0c:db:ae:0e:bc:5e:22:00:c2:cd:75:e7:d1:42: c7:27:2a:e0:0a:c8:55:59:d8:67:7d:69:00:90:22:06: e2:e1:69:b0:7b:4b:20:2d:39:fc:27:a1:46:c0:2f:d4: af:f7:d9:e4:a5:5f:e3:ef:b4:9f:b2:8c:b7:f1:7f:92: 2c:3b:9a:e7:c5:ee:26:eb:26:4f:44:35:83:bb:3b:34: de:d5:e9:84:17:fb:43:4d:58:d7:5c:67:bc:db:45:14: 0f:07:93:a0:9f:5e:16:e2:94:f6:62:3f:1b:54:51:74: d5:94:e2:54:2c:35:cc:8f:ad:1f:29:b4:70:f4:54:0d Fingerprint (SHA-256): A7:33:6C:19:44:E2:65:30:D9:AD:B5:83:00:95:26:2A:B0:2C:96:52:11:8F:28:00:B8:38:6C:4E:64:70:E4:6E Fingerprint (SHA1): 58:CC:A2:C9:41:BC:B2:17:7B:B8:7A:9F:3C:A8:98:97:89:73:B8:CD Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #955: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #956: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014948 (0x1eef8a24) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:40 2015 Not After : Tue May 19 05:52:40 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:27:f8:92:5e:03:0a:15:60:20:ec:66:c4:70:fb:3f: d6:22:5f:22:db:a2:1a:bf:be:f5:f6:34:53:9a:a6:69: 4e:d6:a5:3d:14:c3:61:30:44:61:c3:fb:c3:ed:21:32: bb:7a:f7:4b:d2:69:88:b8:2a:bd:4d:52:34:ea:56:61: 65:86:c8:b2:2f:93:ab:26:59:2f:f2:60:d6:c2:82:8d: c2:ac:4a:6a:e1:70:56:a1:09:62:84:ea:ba:73:75:93: 37:e2:ff:df:3f:bd:32:4a:99:3b:f7:4a:ac:8f:2c:18: 19:97:3e:33:51:06:6f:e3:50:b3:8b:95:ec:91:4c:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:65:14:70:0d:b2:ca:b8:47:c1:e1:cc:f3:40:ba:17: d9:11:6c:4d:f8:7f:99:d1:4d:e7:b8:b8:61:f1:14:46: 6a:59:87:5e:a2:63:bc:fe:80:29:22:3c:46:83:4c:01: 2d:fa:4c:42:7e:4a:49:7e:59:28:c2:ff:03:07:2f:9e: 6d:fd:e8:13:f8:df:26:a9:04:fa:73:d8:23:e7:47:61: 26:00:c6:38:3f:46:41:8b:ca:e8:9c:21:fc:b0:f9:55: ff:24:71:46:cf:0c:5e:90:fa:4a:67:1d:96:26:f8:c0: 8e:c7:7e:23:f7:c0:6f:a5:0d:07:94:3e:15:92:9c:7d Fingerprint (SHA-256): 9D:C8:E5:57:4C:AF:41:AD:35:F0:40:D6:78:E0:A9:C0:0E:7D:E0:B3:7D:F1:42:38:6C:34:3E:A9:ED:D5:98:EE Fingerprint (SHA1): 7C:ED:28:E6:35:0E:49:0F:00:16:CB:12:4C:86:B7:55:CF:15:78:D4 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #957: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #958: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014949 (0x1eef8a25) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:43 2015 Not After : Tue May 19 05:52:43 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:8c:e4:93:80:5e:82:f0:ca:9b:b1:06:ba:e6:d2:02: 08:b8:4e:cc:c3:8d:e2:a9:8c:2e:88:b3:e4:5e:a2:05: 30:6c:7b:aa:92:0a:3b:b5:25:ea:15:a2:63:16:a2:01: b8:18:24:20:3f:85:71:b9:3b:3b:8d:f0:eb:bb:86:0f: 09:e3:42:66:8c:b8:ce:01:94:b3:94:33:e4:15:0b:19: ee:2a:6d:a6:5e:07:c9:3e:93:62:3d:c6:c0:e0:50:31: 57:e0:4a:d3:76:29:76:9a:5a:ac:04:ab:18:41:80:ad: 8a:8a:00:d7:07:65:64:9e:0a:93:77:17:35:07:fb:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 13:0c:fa:1c:1c:bd:4a:e4:8c:c7:f4:89:3f:3f:7e:20: 7b:be:0d:96:42:ad:33:ea:6f:44:15:1f:f8:e5:f5:86: ce:a2:76:2f:61:c4:5e:5f:3b:33:ed:b0:ed:5d:83:fa: 8e:d5:81:f5:e4:d3:c9:e8:aa:d9:1d:4f:c7:6b:2d:dd: 33:70:88:11:27:2b:48:0c:44:1d:a5:f5:06:c9:a6:0f: fd:c9:39:61:25:16:1d:64:c1:b2:bc:99:c2:02:da:9b: 7e:dc:43:62:e3:6f:83:72:4d:b2:cd:02:cf:e6:ac:20: c2:13:f4:03:83:da:5b:53:44:36:d7:2b:53:8a:27:bc Fingerprint (SHA-256): E5:CA:A4:A6:24:D6:1A:2D:34:44:99:5B:08:06:3D:02:78:0C:69:8A:58:D2:4B:FA:6C:47:87:03:EF:E1:6C:9A Fingerprint (SHA1): EF:0C:FF:8A:92:57:6C:36:E4:2B:A5:56:B3:9F:EC:9A:F9:BF:40:71 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #959: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #960: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #961: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #962: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #963: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014947 (0x1eef8a23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:37 2015 Not After : Tue May 19 05:52:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:d3:67:5d:3f:ac:3c:c9:f1:43:07:ae:20:94:9d:55: a6:98:c6:fc:87:b1:58:63:21:81:fd:8d:68:d9:62:a6: 69:56:ee:9f:b8:5f:5b:11:14:ba:5a:d2:c7:b7:28:93: 0d:2d:56:cf:5d:21:fa:bb:c3:eb:0c:4b:59:f4:72:da: 98:4a:bb:38:76:98:81:75:99:92:5b:68:86:ed:32:a2: 70:b4:be:33:09:39:e5:c9:91:36:d6:af:de:82:6c:df: 20:71:ca:35:b5:aa:d5:3c:9b:0c:eb:df:f5:a6:0e:d1: ed:81:c2:d4:69:b0:83:f4:d8:64:f0:ec:0d:36:a8:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:65:0c:db:ae:0e:bc:5e:22:00:c2:cd:75:e7:d1:42: c7:27:2a:e0:0a:c8:55:59:d8:67:7d:69:00:90:22:06: e2:e1:69:b0:7b:4b:20:2d:39:fc:27:a1:46:c0:2f:d4: af:f7:d9:e4:a5:5f:e3:ef:b4:9f:b2:8c:b7:f1:7f:92: 2c:3b:9a:e7:c5:ee:26:eb:26:4f:44:35:83:bb:3b:34: de:d5:e9:84:17:fb:43:4d:58:d7:5c:67:bc:db:45:14: 0f:07:93:a0:9f:5e:16:e2:94:f6:62:3f:1b:54:51:74: d5:94:e2:54:2c:35:cc:8f:ad:1f:29:b4:70:f4:54:0d Fingerprint (SHA-256): A7:33:6C:19:44:E2:65:30:D9:AD:B5:83:00:95:26:2A:B0:2C:96:52:11:8F:28:00:B8:38:6C:4E:64:70:E4:6E Fingerprint (SHA1): 58:CC:A2:C9:41:BC:B2:17:7B:B8:7A:9F:3C:A8:98:97:89:73:B8:CD Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #964: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #965: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014948 (0x1eef8a24) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:40 2015 Not After : Tue May 19 05:52:40 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:27:f8:92:5e:03:0a:15:60:20:ec:66:c4:70:fb:3f: d6:22:5f:22:db:a2:1a:bf:be:f5:f6:34:53:9a:a6:69: 4e:d6:a5:3d:14:c3:61:30:44:61:c3:fb:c3:ed:21:32: bb:7a:f7:4b:d2:69:88:b8:2a:bd:4d:52:34:ea:56:61: 65:86:c8:b2:2f:93:ab:26:59:2f:f2:60:d6:c2:82:8d: c2:ac:4a:6a:e1:70:56:a1:09:62:84:ea:ba:73:75:93: 37:e2:ff:df:3f:bd:32:4a:99:3b:f7:4a:ac:8f:2c:18: 19:97:3e:33:51:06:6f:e3:50:b3:8b:95:ec:91:4c:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:65:14:70:0d:b2:ca:b8:47:c1:e1:cc:f3:40:ba:17: d9:11:6c:4d:f8:7f:99:d1:4d:e7:b8:b8:61:f1:14:46: 6a:59:87:5e:a2:63:bc:fe:80:29:22:3c:46:83:4c:01: 2d:fa:4c:42:7e:4a:49:7e:59:28:c2:ff:03:07:2f:9e: 6d:fd:e8:13:f8:df:26:a9:04:fa:73:d8:23:e7:47:61: 26:00:c6:38:3f:46:41:8b:ca:e8:9c:21:fc:b0:f9:55: ff:24:71:46:cf:0c:5e:90:fa:4a:67:1d:96:26:f8:c0: 8e:c7:7e:23:f7:c0:6f:a5:0d:07:94:3e:15:92:9c:7d Fingerprint (SHA-256): 9D:C8:E5:57:4C:AF:41:AD:35:F0:40:D6:78:E0:A9:C0:0E:7D:E0:B3:7D:F1:42:38:6C:34:3E:A9:ED:D5:98:EE Fingerprint (SHA1): 7C:ED:28:E6:35:0E:49:0F:00:16:CB:12:4C:86:B7:55:CF:15:78:D4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #966: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #967: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014949 (0x1eef8a25) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:43 2015 Not After : Tue May 19 05:52:43 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:8c:e4:93:80:5e:82:f0:ca:9b:b1:06:ba:e6:d2:02: 08:b8:4e:cc:c3:8d:e2:a9:8c:2e:88:b3:e4:5e:a2:05: 30:6c:7b:aa:92:0a:3b:b5:25:ea:15:a2:63:16:a2:01: b8:18:24:20:3f:85:71:b9:3b:3b:8d:f0:eb:bb:86:0f: 09:e3:42:66:8c:b8:ce:01:94:b3:94:33:e4:15:0b:19: ee:2a:6d:a6:5e:07:c9:3e:93:62:3d:c6:c0:e0:50:31: 57:e0:4a:d3:76:29:76:9a:5a:ac:04:ab:18:41:80:ad: 8a:8a:00:d7:07:65:64:9e:0a:93:77:17:35:07:fb:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 13:0c:fa:1c:1c:bd:4a:e4:8c:c7:f4:89:3f:3f:7e:20: 7b:be:0d:96:42:ad:33:ea:6f:44:15:1f:f8:e5:f5:86: ce:a2:76:2f:61:c4:5e:5f:3b:33:ed:b0:ed:5d:83:fa: 8e:d5:81:f5:e4:d3:c9:e8:aa:d9:1d:4f:c7:6b:2d:dd: 33:70:88:11:27:2b:48:0c:44:1d:a5:f5:06:c9:a6:0f: fd:c9:39:61:25:16:1d:64:c1:b2:bc:99:c2:02:da:9b: 7e:dc:43:62:e3:6f:83:72:4d:b2:cd:02:cf:e6:ac:20: c2:13:f4:03:83:da:5b:53:44:36:d7:2b:53:8a:27:bc Fingerprint (SHA-256): E5:CA:A4:A6:24:D6:1A:2D:34:44:99:5B:08:06:3D:02:78:0C:69:8A:58:D2:4B:FA:6C:47:87:03:EF:E1:6C:9A Fingerprint (SHA1): EF:0C:FF:8A:92:57:6C:36:E4:2B:A5:56:B3:9F:EC:9A:F9:BF:40:71 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #968: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #969: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014947 (0x1eef8a23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:37 2015 Not After : Tue May 19 05:52:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:d3:67:5d:3f:ac:3c:c9:f1:43:07:ae:20:94:9d:55: a6:98:c6:fc:87:b1:58:63:21:81:fd:8d:68:d9:62:a6: 69:56:ee:9f:b8:5f:5b:11:14:ba:5a:d2:c7:b7:28:93: 0d:2d:56:cf:5d:21:fa:bb:c3:eb:0c:4b:59:f4:72:da: 98:4a:bb:38:76:98:81:75:99:92:5b:68:86:ed:32:a2: 70:b4:be:33:09:39:e5:c9:91:36:d6:af:de:82:6c:df: 20:71:ca:35:b5:aa:d5:3c:9b:0c:eb:df:f5:a6:0e:d1: ed:81:c2:d4:69:b0:83:f4:d8:64:f0:ec:0d:36:a8:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:65:0c:db:ae:0e:bc:5e:22:00:c2:cd:75:e7:d1:42: c7:27:2a:e0:0a:c8:55:59:d8:67:7d:69:00:90:22:06: e2:e1:69:b0:7b:4b:20:2d:39:fc:27:a1:46:c0:2f:d4: af:f7:d9:e4:a5:5f:e3:ef:b4:9f:b2:8c:b7:f1:7f:92: 2c:3b:9a:e7:c5:ee:26:eb:26:4f:44:35:83:bb:3b:34: de:d5:e9:84:17:fb:43:4d:58:d7:5c:67:bc:db:45:14: 0f:07:93:a0:9f:5e:16:e2:94:f6:62:3f:1b:54:51:74: d5:94:e2:54:2c:35:cc:8f:ad:1f:29:b4:70:f4:54:0d Fingerprint (SHA-256): A7:33:6C:19:44:E2:65:30:D9:AD:B5:83:00:95:26:2A:B0:2C:96:52:11:8F:28:00:B8:38:6C:4E:64:70:E4:6E Fingerprint (SHA1): 58:CC:A2:C9:41:BC:B2:17:7B:B8:7A:9F:3C:A8:98:97:89:73:B8:CD Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #970: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014947 (0x1eef8a23) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:37 2015 Not After : Tue May 19 05:52:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: eb:d3:67:5d:3f:ac:3c:c9:f1:43:07:ae:20:94:9d:55: a6:98:c6:fc:87:b1:58:63:21:81:fd:8d:68:d9:62:a6: 69:56:ee:9f:b8:5f:5b:11:14:ba:5a:d2:c7:b7:28:93: 0d:2d:56:cf:5d:21:fa:bb:c3:eb:0c:4b:59:f4:72:da: 98:4a:bb:38:76:98:81:75:99:92:5b:68:86:ed:32:a2: 70:b4:be:33:09:39:e5:c9:91:36:d6:af:de:82:6c:df: 20:71:ca:35:b5:aa:d5:3c:9b:0c:eb:df:f5:a6:0e:d1: ed:81:c2:d4:69:b0:83:f4:d8:64:f0:ec:0d:36:a8:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:65:0c:db:ae:0e:bc:5e:22:00:c2:cd:75:e7:d1:42: c7:27:2a:e0:0a:c8:55:59:d8:67:7d:69:00:90:22:06: e2:e1:69:b0:7b:4b:20:2d:39:fc:27:a1:46:c0:2f:d4: af:f7:d9:e4:a5:5f:e3:ef:b4:9f:b2:8c:b7:f1:7f:92: 2c:3b:9a:e7:c5:ee:26:eb:26:4f:44:35:83:bb:3b:34: de:d5:e9:84:17:fb:43:4d:58:d7:5c:67:bc:db:45:14: 0f:07:93:a0:9f:5e:16:e2:94:f6:62:3f:1b:54:51:74: d5:94:e2:54:2c:35:cc:8f:ad:1f:29:b4:70:f4:54:0d Fingerprint (SHA-256): A7:33:6C:19:44:E2:65:30:D9:AD:B5:83:00:95:26:2A:B0:2C:96:52:11:8F:28:00:B8:38:6C:4E:64:70:E4:6E Fingerprint (SHA1): 58:CC:A2:C9:41:BC:B2:17:7B:B8:7A:9F:3C:A8:98:97:89:73:B8:CD Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #971: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014948 (0x1eef8a24) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:40 2015 Not After : Tue May 19 05:52:40 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:27:f8:92:5e:03:0a:15:60:20:ec:66:c4:70:fb:3f: d6:22:5f:22:db:a2:1a:bf:be:f5:f6:34:53:9a:a6:69: 4e:d6:a5:3d:14:c3:61:30:44:61:c3:fb:c3:ed:21:32: bb:7a:f7:4b:d2:69:88:b8:2a:bd:4d:52:34:ea:56:61: 65:86:c8:b2:2f:93:ab:26:59:2f:f2:60:d6:c2:82:8d: c2:ac:4a:6a:e1:70:56:a1:09:62:84:ea:ba:73:75:93: 37:e2:ff:df:3f:bd:32:4a:99:3b:f7:4a:ac:8f:2c:18: 19:97:3e:33:51:06:6f:e3:50:b3:8b:95:ec:91:4c:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:65:14:70:0d:b2:ca:b8:47:c1:e1:cc:f3:40:ba:17: d9:11:6c:4d:f8:7f:99:d1:4d:e7:b8:b8:61:f1:14:46: 6a:59:87:5e:a2:63:bc:fe:80:29:22:3c:46:83:4c:01: 2d:fa:4c:42:7e:4a:49:7e:59:28:c2:ff:03:07:2f:9e: 6d:fd:e8:13:f8:df:26:a9:04:fa:73:d8:23:e7:47:61: 26:00:c6:38:3f:46:41:8b:ca:e8:9c:21:fc:b0:f9:55: ff:24:71:46:cf:0c:5e:90:fa:4a:67:1d:96:26:f8:c0: 8e:c7:7e:23:f7:c0:6f:a5:0d:07:94:3e:15:92:9c:7d Fingerprint (SHA-256): 9D:C8:E5:57:4C:AF:41:AD:35:F0:40:D6:78:E0:A9:C0:0E:7D:E0:B3:7D:F1:42:38:6C:34:3E:A9:ED:D5:98:EE Fingerprint (SHA1): 7C:ED:28:E6:35:0E:49:0F:00:16:CB:12:4C:86:B7:55:CF:15:78:D4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #972: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014948 (0x1eef8a24) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:52:40 2015 Not After : Tue May 19 05:52:40 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:27:f8:92:5e:03:0a:15:60:20:ec:66:c4:70:fb:3f: d6:22:5f:22:db:a2:1a:bf:be:f5:f6:34:53:9a:a6:69: 4e:d6:a5:3d:14:c3:61:30:44:61:c3:fb:c3:ed:21:32: bb:7a:f7:4b:d2:69:88:b8:2a:bd:4d:52:34:ea:56:61: 65:86:c8:b2:2f:93:ab:26:59:2f:f2:60:d6:c2:82:8d: c2:ac:4a:6a:e1:70:56:a1:09:62:84:ea:ba:73:75:93: 37:e2:ff:df:3f:bd:32:4a:99:3b:f7:4a:ac:8f:2c:18: 19:97:3e:33:51:06:6f:e3:50:b3:8b:95:ec:91:4c:d5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:65:14:70:0d:b2:ca:b8:47:c1:e1:cc:f3:40:ba:17: d9:11:6c:4d:f8:7f:99:d1:4d:e7:b8:b8:61:f1:14:46: 6a:59:87:5e:a2:63:bc:fe:80:29:22:3c:46:83:4c:01: 2d:fa:4c:42:7e:4a:49:7e:59:28:c2:ff:03:07:2f:9e: 6d:fd:e8:13:f8:df:26:a9:04:fa:73:d8:23:e7:47:61: 26:00:c6:38:3f:46:41:8b:ca:e8:9c:21:fc:b0:f9:55: ff:24:71:46:cf:0c:5e:90:fa:4a:67:1d:96:26:f8:c0: 8e:c7:7e:23:f7:c0:6f:a5:0d:07:94:3e:15:92:9c:7d Fingerprint (SHA-256): 9D:C8:E5:57:4C:AF:41:AD:35:F0:40:D6:78:E0:A9:C0:0E:7D:E0:B3:7D:F1:42:38:6C:34:3E:A9:ED:D5:98:EE Fingerprint (SHA1): 7C:ED:28:E6:35:0E:49:0F:00:16:CB:12:4C:86:B7:55:CF:15:78:D4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #973: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014949 (0x1eef8a25) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:43 2015 Not After : Tue May 19 05:52:43 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:8c:e4:93:80:5e:82:f0:ca:9b:b1:06:ba:e6:d2:02: 08:b8:4e:cc:c3:8d:e2:a9:8c:2e:88:b3:e4:5e:a2:05: 30:6c:7b:aa:92:0a:3b:b5:25:ea:15:a2:63:16:a2:01: b8:18:24:20:3f:85:71:b9:3b:3b:8d:f0:eb:bb:86:0f: 09:e3:42:66:8c:b8:ce:01:94:b3:94:33:e4:15:0b:19: ee:2a:6d:a6:5e:07:c9:3e:93:62:3d:c6:c0:e0:50:31: 57:e0:4a:d3:76:29:76:9a:5a:ac:04:ab:18:41:80:ad: 8a:8a:00:d7:07:65:64:9e:0a:93:77:17:35:07:fb:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 13:0c:fa:1c:1c:bd:4a:e4:8c:c7:f4:89:3f:3f:7e:20: 7b:be:0d:96:42:ad:33:ea:6f:44:15:1f:f8:e5:f5:86: ce:a2:76:2f:61:c4:5e:5f:3b:33:ed:b0:ed:5d:83:fa: 8e:d5:81:f5:e4:d3:c9:e8:aa:d9:1d:4f:c7:6b:2d:dd: 33:70:88:11:27:2b:48:0c:44:1d:a5:f5:06:c9:a6:0f: fd:c9:39:61:25:16:1d:64:c1:b2:bc:99:c2:02:da:9b: 7e:dc:43:62:e3:6f:83:72:4d:b2:cd:02:cf:e6:ac:20: c2:13:f4:03:83:da:5b:53:44:36:d7:2b:53:8a:27:bc Fingerprint (SHA-256): E5:CA:A4:A6:24:D6:1A:2D:34:44:99:5B:08:06:3D:02:78:0C:69:8A:58:D2:4B:FA:6C:47:87:03:EF:E1:6C:9A Fingerprint (SHA1): EF:0C:FF:8A:92:57:6C:36:E4:2B:A5:56:B3:9F:EC:9A:F9:BF:40:71 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #974: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014949 (0x1eef8a25) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:52:43 2015 Not After : Tue May 19 05:52:43 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:8c:e4:93:80:5e:82:f0:ca:9b:b1:06:ba:e6:d2:02: 08:b8:4e:cc:c3:8d:e2:a9:8c:2e:88:b3:e4:5e:a2:05: 30:6c:7b:aa:92:0a:3b:b5:25:ea:15:a2:63:16:a2:01: b8:18:24:20:3f:85:71:b9:3b:3b:8d:f0:eb:bb:86:0f: 09:e3:42:66:8c:b8:ce:01:94:b3:94:33:e4:15:0b:19: ee:2a:6d:a6:5e:07:c9:3e:93:62:3d:c6:c0:e0:50:31: 57:e0:4a:d3:76:29:76:9a:5a:ac:04:ab:18:41:80:ad: 8a:8a:00:d7:07:65:64:9e:0a:93:77:17:35:07:fb:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 13:0c:fa:1c:1c:bd:4a:e4:8c:c7:f4:89:3f:3f:7e:20: 7b:be:0d:96:42:ad:33:ea:6f:44:15:1f:f8:e5:f5:86: ce:a2:76:2f:61:c4:5e:5f:3b:33:ed:b0:ed:5d:83:fa: 8e:d5:81:f5:e4:d3:c9:e8:aa:d9:1d:4f:c7:6b:2d:dd: 33:70:88:11:27:2b:48:0c:44:1d:a5:f5:06:c9:a6:0f: fd:c9:39:61:25:16:1d:64:c1:b2:bc:99:c2:02:da:9b: 7e:dc:43:62:e3:6f:83:72:4d:b2:cd:02:cf:e6:ac:20: c2:13:f4:03:83:da:5b:53:44:36:d7:2b:53:8a:27:bc Fingerprint (SHA-256): E5:CA:A4:A6:24:D6:1A:2D:34:44:99:5B:08:06:3D:02:78:0C:69:8A:58:D2:4B:FA:6C:47:87:03:EF:E1:6C:9A Fingerprint (SHA1): EF:0C:FF:8A:92:57:6C:36:E4:2B:A5:56:B3:9F:EC:9A:F9:BF:40:71 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #975: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #976: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014952 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #977: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #978: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #979: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #980: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519014953 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #981: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #982: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #983: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #984: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519014954 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #985: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #986: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #987: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #988: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519014955 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #989: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #990: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #991: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #992: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519014956 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #993: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #994: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #995: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #996: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519014957 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #997: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #998: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #999: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1000: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519014958 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1001: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1002: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1003: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1004: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1005: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1006: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1007: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014952 (0x1eef8a28) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:06 2015 Not After : Tue May 19 05:53:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:80:d8:48:51:e6:b2:05:17:8a:1f:d7:a8:93:aa:6d: 4a:78:4a:a1:34:5a:5e:3c:4d:42:33:f6:4a:66:22:6d: 18:37:5c:d7:eb:f0:af:dc:95:83:58:47:db:19:77:f1: 88:d0:4c:aa:49:15:6b:63:10:f3:d5:fb:bd:36:a1:c1: ed:b2:fe:92:a2:3f:f6:7b:1f:da:e2:c8:8b:38:34:09: 93:bc:08:c9:17:e5:c8:e1:af:b3:82:29:1a:17:04:f6: c4:36:2f:87:1a:fc:db:6e:0b:db:41:d2:39:c8:24:56: 80:60:19:58:a3:05:ac:49:4a:00:53:00:e2:34:bc:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:fc:d8:63:67:eb:41:ab:4d:31:71:54:23:bb:bc:1d: a0:6e:4a:d2:2f:56:1a:34:84:19:f5:68:4e:4a:e9:44: 67:17:07:d3:a3:c8:35:bd:d6:de:5e:12:83:2e:14:ad: 59:73:b9:b4:2f:57:13:84:d2:f7:c5:d6:13:ea:8c:8d: 7f:f8:82:af:c2:98:26:70:e4:c0:8e:cb:a0:c9:34:fc: c4:f0:f1:36:40:72:11:bc:b9:a1:f7:8a:80:a9:f7:75: bb:b0:e3:db:ec:ee:d3:85:9e:42:e0:f9:2a:73:f7:f3: 8f:19:b0:40:b3:bc:04:2e:75:1f:c1:7a:e3:29:83:6f Fingerprint (SHA-256): F4:94:8D:A7:B4:7F:58:46:8B:26:1D:AB:D9:51:2A:BD:9C:BA:69:C3:DA:26:DC:10:50:12:A3:0D:43:68:B5:15 Fingerprint (SHA1): E7:94:B8:54:E2:EB:14:45:04:56:C0:C3:5D:5F:DE:14:15:60:D9:1F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1008: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1009: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1010: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1011: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014952 (0x1eef8a28) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:06 2015 Not After : Tue May 19 05:53:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:80:d8:48:51:e6:b2:05:17:8a:1f:d7:a8:93:aa:6d: 4a:78:4a:a1:34:5a:5e:3c:4d:42:33:f6:4a:66:22:6d: 18:37:5c:d7:eb:f0:af:dc:95:83:58:47:db:19:77:f1: 88:d0:4c:aa:49:15:6b:63:10:f3:d5:fb:bd:36:a1:c1: ed:b2:fe:92:a2:3f:f6:7b:1f:da:e2:c8:8b:38:34:09: 93:bc:08:c9:17:e5:c8:e1:af:b3:82:29:1a:17:04:f6: c4:36:2f:87:1a:fc:db:6e:0b:db:41:d2:39:c8:24:56: 80:60:19:58:a3:05:ac:49:4a:00:53:00:e2:34:bc:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:fc:d8:63:67:eb:41:ab:4d:31:71:54:23:bb:bc:1d: a0:6e:4a:d2:2f:56:1a:34:84:19:f5:68:4e:4a:e9:44: 67:17:07:d3:a3:c8:35:bd:d6:de:5e:12:83:2e:14:ad: 59:73:b9:b4:2f:57:13:84:d2:f7:c5:d6:13:ea:8c:8d: 7f:f8:82:af:c2:98:26:70:e4:c0:8e:cb:a0:c9:34:fc: c4:f0:f1:36:40:72:11:bc:b9:a1:f7:8a:80:a9:f7:75: bb:b0:e3:db:ec:ee:d3:85:9e:42:e0:f9:2a:73:f7:f3: 8f:19:b0:40:b3:bc:04:2e:75:1f:c1:7a:e3:29:83:6f Fingerprint (SHA-256): F4:94:8D:A7:B4:7F:58:46:8B:26:1D:AB:D9:51:2A:BD:9C:BA:69:C3:DA:26:DC:10:50:12:A3:0D:43:68:B5:15 Fingerprint (SHA1): E7:94:B8:54:E2:EB:14:45:04:56:C0:C3:5D:5F:DE:14:15:60:D9:1F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1012: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1013: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1014: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014959 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1015: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1016: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1017: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1018: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519014960 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1019: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1020: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1021: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1022: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519014961 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1023: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1024: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1025: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1026: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519014962 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1027: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1028: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1029: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1030: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519014963 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1031: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1032: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1033: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1034: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519014964 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1035: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1036: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1037: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1038: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519014965 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1039: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1040: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1041: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1042: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519014966 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1043: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1044: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1045: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1046: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519014967 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1047: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1048: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1049: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1050: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519014968 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1051: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1052: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1053: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1054: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519014969 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1055: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1056: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1057: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1058: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519014970 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1059: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1060: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1061: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1062: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519014971 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1063: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1064: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1065: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1066: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519014972 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1067: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1068: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1069: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1070: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519014973 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1071: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1072: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1073: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1074: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519014974 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1075: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1076: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1077: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1078: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519014975 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1079: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1080: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1081: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1082: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519014976 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1083: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1084: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1085: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1086: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519014977 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1087: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1088: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1089: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1090: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519014978 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1091: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1092: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1093: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1094: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519014979 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1095: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1096: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1097: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1098: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519014980 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1099: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1100: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1101: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1102: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519014981 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1103: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1104: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1105: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1106: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519014982 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1107: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1108: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1109: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1110: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519014983 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1111: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1112: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1113: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1114: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519014984 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1115: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1116: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1117: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1118: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519014985 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1119: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1120: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1121: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1122: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519014986 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1123: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1124: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1125: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1126: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519014987 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1127: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1128: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1129: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1130: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519014988 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1131: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1132: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1133: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1134: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1135: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1136: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1137: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1138: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1139: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1140: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1141: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1142: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1143: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1144: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1145: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1146: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1147: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1148: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1149: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1150: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1151: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1152: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1153: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1154: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1155: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014959 (0x1eef8a2f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 05:53:37 2015 Not After : Tue May 19 05:53:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:f1:7e:3e:7f:97:c6:69:01:4b:45:0a:0c:22:e0:3d: da:56:ea:5f:f0:a5:09:14:47:92:fe:5d:98:9d:ab:a0: 09:2c:e0:0c:45:b1:55:bc:14:b0:f7:ae:3e:8d:b2:bb: 78:88:9a:cb:b8:2b:b2:bc:f0:bb:66:7c:2e:27:7f:11: 9f:45:c4:99:4c:32:5c:9d:a5:6f:3c:35:a7:ed:0b:51: 93:87:e1:1e:00:7d:45:cc:31:8f:9c:ed:83:92:d2:8d: 03:e3:e0:4c:dd:87:76:a5:0b:ca:ca:86:39:a9:da:75: 0e:0f:56:64:ca:86:ba:a2:dd:ff:95:cc:b7:67:67:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:9b:58:d9:5f:f3:85:8c:e3:ba:a1:41:16:00:bc:71: 9f:9d:ae:20:f0:72:a5:9d:5a:09:39:67:dc:3e:c7:4b: d8:ae:84:7b:06:5a:d5:54:47:6b:44:e8:5b:fd:68:d6: 0b:3e:e5:29:26:6b:84:ab:34:c1:b3:8b:bf:0b:0f:2e: 72:bf:4b:3a:38:0a:c9:44:8f:97:c2:a4:ff:18:12:de: c8:2e:f7:09:95:f3:c3:0e:9f:98:e5:0e:ba:9b:cc:ff: 01:0f:8e:31:02:ae:3d:99:42:c8:09:af:ed:6d:e1:0b: da:81:89:06:05:2e:b2:78:30:28:5c:2c:13:b0:ac:24 Fingerprint (SHA-256): F1:CA:51:D5:6A:AF:F6:62:E9:6D:D3:61:9F:1B:80:09:FD:A2:FD:22:EB:65:05:D3:80:22:AD:DC:2D:07:F1:5A Fingerprint (SHA1): 44:66:94:02:D1:51:8E:00:89:28:7D:3F:88:F0:D1:AA:C3:F9:ED:D9 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1156: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1157: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1158: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014989 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1159: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1160: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1161: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1162: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519014990 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1163: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1164: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1165: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1166: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519014991 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1167: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1168: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1169: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1170: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519014992 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1171: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1172: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1173: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1174: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519014993 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1175: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1176: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1177: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1178: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519014994 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1179: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1180: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1181: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1182: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519014995 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1183: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1184: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1185: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014989 (0x1eef8a4d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:55:29 2015 Not After : Tue May 19 05:55:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:2c:b5:d6:df:72:b7:a3:03:b7:03:73:0c:17:34:69: f7:02:4b:e9:e6:15:a7:28:17:b6:9a:ac:ea:f0:fa:75: aa:8c:f4:a4:fb:c1:4f:69:bc:dd:9a:32:11:14:f9:a4: 52:fd:86:65:9f:3d:e8:5c:bb:6e:56:12:08:71:45:1c: 14:dd:47:23:7e:a1:cc:00:23:e3:a5:d1:8d:e2:91:a6: 18:00:9c:09:2a:77:47:15:fb:da:da:34:c5:dd:dc:e7: dc:dd:b9:91:1e:94:ca:fc:7d:cd:b3:48:c1:bc:d9:d9: 5e:fd:a8:ff:92:71:63:dd:6e:55:e3:df:9f:46:5c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c5:7a:95:2f:cd:60:8b:25:e6:17:a7:d1:fb:c4:62:af: 81:73:df:9c:2c:0a:ee:dc:e0:50:20:2b:0d:54:69:a1: 2d:ee:6f:00:12:72:66:93:6d:85:d8:c0:60:0c:24:9e: 4d:45:54:d4:a5:60:ea:e4:6d:94:2c:b6:26:76:1b:2e: 68:e2:71:66:b3:f9:2c:ab:9f:d2:28:76:40:62:97:bf: 7a:7b:d9:b1:d3:0f:c5:ed:66:8b:e3:e4:9d:d4:0d:97: 1b:06:16:a1:7a:28:11:25:47:3d:84:32:d7:cf:44:03: 6d:14:e9:fb:4a:f6:db:d0:f2:ca:bb:60:32:2f:f6:78 Fingerprint (SHA-256): 7A:1F:29:C0:50:FD:CA:50:BF:02:50:AA:EE:E5:3A:84:8A:51:97:E6:C6:8D:B0:21:1F:1B:99:D2:C3:BA:96:C1 Fingerprint (SHA1): 1B:54:7F:BB:57:4E:FD:10:02:9E:D1:E6:91:53:AA:AB:D9:96:A8:17 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1186: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1187: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1188: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1189: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014989 (0x1eef8a4d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:55:29 2015 Not After : Tue May 19 05:55:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:2c:b5:d6:df:72:b7:a3:03:b7:03:73:0c:17:34:69: f7:02:4b:e9:e6:15:a7:28:17:b6:9a:ac:ea:f0:fa:75: aa:8c:f4:a4:fb:c1:4f:69:bc:dd:9a:32:11:14:f9:a4: 52:fd:86:65:9f:3d:e8:5c:bb:6e:56:12:08:71:45:1c: 14:dd:47:23:7e:a1:cc:00:23:e3:a5:d1:8d:e2:91:a6: 18:00:9c:09:2a:77:47:15:fb:da:da:34:c5:dd:dc:e7: dc:dd:b9:91:1e:94:ca:fc:7d:cd:b3:48:c1:bc:d9:d9: 5e:fd:a8:ff:92:71:63:dd:6e:55:e3:df:9f:46:5c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c5:7a:95:2f:cd:60:8b:25:e6:17:a7:d1:fb:c4:62:af: 81:73:df:9c:2c:0a:ee:dc:e0:50:20:2b:0d:54:69:a1: 2d:ee:6f:00:12:72:66:93:6d:85:d8:c0:60:0c:24:9e: 4d:45:54:d4:a5:60:ea:e4:6d:94:2c:b6:26:76:1b:2e: 68:e2:71:66:b3:f9:2c:ab:9f:d2:28:76:40:62:97:bf: 7a:7b:d9:b1:d3:0f:c5:ed:66:8b:e3:e4:9d:d4:0d:97: 1b:06:16:a1:7a:28:11:25:47:3d:84:32:d7:cf:44:03: 6d:14:e9:fb:4a:f6:db:d0:f2:ca:bb:60:32:2f:f6:78 Fingerprint (SHA-256): 7A:1F:29:C0:50:FD:CA:50:BF:02:50:AA:EE:E5:3A:84:8A:51:97:E6:C6:8D:B0:21:1F:1B:99:D2:C3:BA:96:C1 Fingerprint (SHA1): 1B:54:7F:BB:57:4E:FD:10:02:9E:D1:E6:91:53:AA:AB:D9:96:A8:17 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1190: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1191: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1192: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1193: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519014996 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1194: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1195: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1196: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1197: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519014997 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1198: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1199: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1200: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1201: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519014998 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1202: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1203: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1204: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1205: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519014999 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1206: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1207: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1208: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1209: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1210: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1211: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014996 (0x1eef8a54) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:55:54 2015 Not After : Tue May 19 05:55:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:85:03:b5:3f:0f:33:09:e3:62:22:ef:c3:fa:37:a7: 00:67:6c:30:79:c6:e2:86:9e:cc:ca:36:dd:2f:c4:3f: cc:c5:8a:43:99:97:ff:b3:57:42:cb:89:d8:b0:a4:44: 0f:a6:93:75:d9:31:c5:87:26:92:dd:7e:d6:d5:7e:35: 21:8b:52:be:9d:c8:cb:e7:8a:42:77:eb:fe:23:89:9a: 1b:7f:b4:57:31:db:77:8e:1a:ba:cc:9e:ee:45:fb:a6: ee:1b:32:29:ca:a6:22:fd:db:00:b4:d7:39:0b:90:3d: cb:28:3b:13:f3:a8:72:66:98:15:ac:fd:44:13:3b:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 48:c0:6a:8f:60:d5:68:1d:71:0f:4d:a3:7a:a6:79:f6: d8:90:b5:f8:36:90:23:ce:8b:14:07:7b:c3:17:6f:33: 13:09:1d:92:4a:ce:86:86:17:9d:3c:b1:36:cf:17:5a: 40:21:04:b5:e4:01:f6:7f:79:7a:62:e5:13:21:cc:7d: c9:05:ee:45:31:3d:a9:d7:82:97:d7:93:a2:f9:aa:62: c2:2c:54:ff:f5:f0:9f:26:74:62:93:fa:7a:13:c0:7d: 34:74:07:c0:29:06:cc:55:f5:bc:ab:8c:80:5e:b9:55: 51:0e:3f:98:c4:a9:b5:e9:d1:1a:bb:67:15:56:2e:0c Fingerprint (SHA-256): 42:8E:F3:29:43:82:15:08:49:AC:D4:B0:3D:3C:E5:27:17:AA:BC:36:EA:44:A0:D0:69:19:38:3D:AB:78:76:2C Fingerprint (SHA1): 95:91:C7:FE:8A:69:FC:92:4F:99:59:49:13:AF:81:65:8A:2B:58:63 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1212: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1213: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1214: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014997 (0x1eef8a55) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:55:57 2015 Not After : Tue May 19 05:55:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:fb:76:f6:6e:81:ed:5e:7e:59:5b:ad:73:f7:9e:c4: 9a:32:76:f5:67:a5:0f:f5:ae:aa:46:df:ed:04:07:e3: 94:61:4c:b8:3e:c7:b8:f5:1d:a9:57:eb:b8:11:c9:ea: 4c:86:1d:d7:f5:64:8e:23:8a:d0:28:4c:86:0c:cf:3b: 37:87:54:12:23:42:c2:cc:0b:62:57:00:e6:a4:e4:37: d9:57:31:75:a3:3f:ce:da:02:e8:2a:69:57:be:19:6b: b2:29:68:8b:2e:6d:1b:96:c5:9b:20:a1:10:73:f2:c1: db:56:4d:d8:0a:89:df:91:12:d6:6c:28:4e:4a:49:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:da:47:8b:8b:d0:fa:27:58:b2:1b:8a:3e:8b:58:8d: 7a:80:57:07:7c:06:bb:bd:08:5d:17:d2:15:b4:78:e6: 6e:fb:89:30:34:14:b4:ad:85:7a:ff:32:6d:3c:5b:d2: 6a:c4:34:49:1a:94:d9:ed:31:71:26:5c:8f:35:1c:f1: 73:a0:13:d2:54:58:17:c2:86:87:28:71:35:90:35:b8: 08:fe:2f:56:92:72:5d:e9:c2:dd:5d:e5:6d:bb:42:e1: 25:d7:09:5a:2d:db:bb:c9:be:3e:b4:73:bf:86:04:e3: 3f:55:36:9f:52:8b:a3:44:9f:1d:37:f7:8a:0b:88:ca Fingerprint (SHA-256): 7C:60:53:67:E0:77:8A:12:B8:AB:30:1A:CB:10:F2:2A:B7:F6:98:60:49:23:E4:6C:80:54:BA:B1:3F:FE:F8:EB Fingerprint (SHA1): D7:83:54:4C:79:74:E2:1F:A6:AB:08:88:16:40:CA:47:0C:FE:CC:8C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1215: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1216: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519014998 (0x1eef8a56) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:56:01 2015 Not After : Tue May 19 05:56:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:7d:3c:eb:94:c9:a5:dc:69:62:05:c8:cc:fc:79:9a: a7:58:fb:fd:ae:a5:1c:4e:69:a8:12:37:2e:8d:3b:dd: 1c:1a:52:80:27:cc:fe:c3:41:5d:85:69:9c:37:28:80: b1:6f:c4:fb:b0:47:ef:42:52:92:4f:de:0b:b2:f3:2e: a2:78:a6:7e:0b:0f:b7:5b:09:cb:b9:a7:e6:70:aa:ac: bf:ea:1e:d2:72:28:bd:12:c3:ed:1d:15:0f:24:e3:26: ca:9c:18:cc:52:9f:4e:3b:61:1d:19:a7:9b:78:2b:c4: 3d:f7:ea:fe:e1:a1:d2:53:b4:4f:8f:5c:e1:51:da:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ae:27:9b:85:ce:c7:9d:31:5f:d2:be:cd:f5:e1:06:1c: 6f:75:67:d7:80:88:87:e2:ca:b4:ef:90:a6:9d:a4:3a: 16:76:90:73:a7:1d:a6:c1:af:64:83:37:56:7c:fc:8d: d8:88:96:78:a9:2c:aa:49:5d:f0:d7:53:31:96:03:ae: 56:6d:6e:27:aa:6a:b7:d3:5d:c1:f1:25:2b:09:97:6b: 4e:6b:e3:8f:3f:71:dd:f1:3b:2a:2c:f8:97:c3:a1:68: 2c:17:6f:b1:52:58:39:16:bc:22:2d:db:b8:2a:52:ef: 73:40:00:3f:2b:53:bf:9d:09:da:d5:c8:d8:78:ed:af Fingerprint (SHA-256): 1F:9A:79:2D:C4:11:DE:3E:B5:F7:8E:18:05:62:2A:B5:B4:16:1A:1B:79:A6:62:62:61:AF:58:EB:55:0C:16:83 Fingerprint (SHA1): A4:26:BD:F7:0E:D7:AC:8B:8D:22:6D:9E:98:22:F5:1E:BE:EF:EB:28 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1217: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1218: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015000 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1219: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1220: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1221: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1222: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015001 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1223: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1224: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1225: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1226: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015002 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1227: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1228: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1229: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1230: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519015003 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1231: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1232: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1233: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1234: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519015004 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1235: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1236: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1237: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1238: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1239: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1240: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #1241: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015000 (0x1eef8a58) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:56:13 2015 Not After : Tue May 19 05:56:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:0b:ae:68:60:e5:c7:40:d4:1b:2f:39:dd:c3:ea:b6: 9f:14:bd:b3:9f:22:10:62:b9:e6:c7:28:f6:d4:cf:6d: 80:65:63:19:53:5b:99:c8:54:40:dc:f6:34:3a:54:6b: b6:47:60:2e:cc:9a:e3:18:ee:9e:d7:18:1a:b9:72:35: 96:f2:7b:de:b7:db:d0:14:77:1b:06:69:ea:1e:42:f2: a8:f0:b5:0d:bd:3c:63:60:95:8b:0a:f5:2d:96:92:da: b1:95:7a:d0:9f:5b:2c:e1:03:e5:45:a6:04:24:55:8d: 3f:a7:51:a0:25:5c:1a:8b:a6:f5:1e:2d:08:3f:1e:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:8f:f1:e9:61:f1:cc:20:4b:c3:03:5a:14:96:ef:13: b8:5b:0d:42:8b:83:0c:d8:a3:5a:8b:46:cf:f6:66:9d: 9c:df:fd:19:82:71:cc:c6:60:c4:88:cc:97:b6:50:c4: 0b:53:cd:74:1f:08:07:2b:37:18:a3:08:b1:a3:ff:49: d0:ed:2d:28:08:2d:76:26:6b:a4:7a:f4:f6:76:45:6e: 55:37:9b:e8:b2:41:6f:ae:c1:6c:c7:53:3e:63:ca:74: 0d:bc:5a:3f:fe:09:6e:1b:e0:b8:12:35:35:cc:3e:5e: 09:ee:67:bd:a5:ea:c4:95:a2:50:18:65:a1:ab:ba:7c Fingerprint (SHA-256): 36:1F:63:EE:C4:40:81:8F:26:3F:7C:27:2E:C1:50:0C:32:5D:1B:72:14:4B:18:43:DA:7A:24:F6:CB:45:8B:F4 Fingerprint (SHA1): 42:1F:B5:53:9B:9B:18:D4:26:7B:24:CA:0E:B7:38:2F:C2:D6:12:D9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1242: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1243: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015001 (0x1eef8a59) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:56:17 2015 Not After : Tue May 19 05:56:17 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:9a:7e:aa:69:ac:b1:15:52:b1:44:e2:65:26:e4:83: 4e:b7:1c:45:08:df:b1:5d:f5:00:fb:b2:c1:d8:e4:00: fd:fc:96:db:9c:5a:a6:91:09:a8:b2:76:ef:71:8d:cf: 4b:31:a9:0c:06:fc:01:62:f1:e7:2a:1e:32:11:e6:51: de:26:65:37:e3:3b:27:03:e8:e7:4e:78:57:25:61:7c: e1:ca:d7:ce:c4:68:c5:c1:46:e3:a5:e5:1e:19:06:d5: cd:cb:a0:05:3f:76:13:58:8e:cc:c2:da:77:b6:b8:d0: c6:9c:b6:cf:b1:69:12:af:76:15:95:52:8d:c2:1e:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 98:4e:a8:e4:f2:c5:b0:55:fe:3e:51:a6:ce:92:39:41: 55:76:98:46:33:66:61:67:f8:a3:3c:e6:82:85:48:11: 81:ec:33:da:ce:4e:17:9e:7c:ef:3c:f5:10:f8:58:19: 1b:d2:d8:fd:77:da:f8:57:57:71:90:cf:1e:ab:d3:93: 69:40:fa:cb:af:94:12:92:60:35:26:2f:bb:29:ff:52: 58:c8:3e:dc:f6:b7:1c:24:a6:f7:cb:a4:22:65:7d:be: 10:2c:d8:04:e7:9c:da:b0:a7:0a:cf:9e:fb:8a:f3:b5: a9:d0:4f:ab:b5:ef:de:d0:c2:b8:54:65:c2:be:41:a3 Fingerprint (SHA-256): 54:8B:B1:75:B6:F4:85:83:EA:43:80:95:3A:22:8D:D4:80:0A:DA:0D:32:3A:79:1C:A9:5D:0A:0C:E2:55:86:87 Fingerprint (SHA1): 55:FB:81:1D:D9:EF:F3:49:AC:40:CB:B6:55:F7:F3:ED:D7:7C:B6:23 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1244: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1245: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1246: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015002 (0x1eef8a5a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 05:56:19 2015 Not After : Tue May 19 05:56:19 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:9f:66:30:52:4d:9e:10:bc:ff:66:2e:85:1a:1a:80: 99:5c:93:f5:45:b0:be:b6:e2:04:a3:9b:50:32:d4:94: e9:c1:66:7b:69:41:76:cb:10:1a:69:f5:53:50:f6:f2: 83:32:7a:19:3f:cb:47:df:05:47:7b:13:ab:a3:96:13: 08:92:6e:ed:49:7b:46:e9:1f:e2:50:b8:45:9c:0c:a6: 2d:01:32:ab:f4:29:24:27:b3:1a:9f:2a:64:c6:37:c8: 8d:47:6b:35:2a:86:d2:44:b2:0f:f8:b3:17:8c:e6:d8: c0:39:57:cd:43:ea:3d:80:3c:8e:2f:32:65:1e:e4:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:51:0a:39:64:0a:e7:30:95:0b:f7:10:a9:dd:59:e1: ab:ef:96:4a:77:09:73:87:10:2d:92:6b:53:cf:a3:31: 3a:71:1d:ec:bf:a7:8e:b9:b5:08:3f:1b:a2:03:7d:52: b6:f5:02:ca:ae:10:0a:cb:17:79:d5:39:00:88:1c:a1: 97:9e:9e:99:41:3d:a5:ad:95:79:6d:56:ee:82:69:c1: 5e:a4:11:f7:a1:58:ab:8d:30:02:8c:29:87:74:b0:4c: 14:4f:bf:ee:b6:d4:f6:5a:db:49:de:87:7a:5a:22:4c: bd:af:29:d8:e1:5c:48:c5:d1:5a:23:06:8a:50:71:3c Fingerprint (SHA-256): 85:D4:3D:66:16:44:F9:57:37:1F:39:A6:25:61:57:90:FC:AC:08:C7:C3:1C:BD:A3:D3:20:7B:AC:FC:CB:1E:FF Fingerprint (SHA1): E3:AF:8A:CD:E0:22:0D:9A:87:E3:D0:8E:6D:A4:49:4A:74:FF:03:00 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1247: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1248: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015005 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1249: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1250: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1251: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1252: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015006 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1253: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1254: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1255: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1256: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015007 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519014914.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1257: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1258: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1259: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1260: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519015008 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1261: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1262: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #1263: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015005 (0x1eef8a5d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:56:34 2015 Not After : Tue May 19 05:56:34 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:c1:eb:cf:84:11:21:3c:62:47:50:79:fd:2d:64:e2: df:dd:cb:12:c4:ef:f3:65:41:4f:94:29:81:30:03:05: e4:62:17:c8:b4:b7:da:09:13:6f:84:94:ae:5f:30:7e: b4:26:34:e2:6e:46:4d:f2:77:32:f0:fb:7f:ff:b6:7d: fe:41:4a:eb:9c:06:2c:61:38:37:91:6e:c8:60:6c:21: b0:83:80:9d:e0:83:5b:a7:4a:e1:10:32:ea:7c:32:ce: df:09:45:71:26:be:f8:ef:4b:a2:f0:f7:e6:85:11:89: 3a:89:49:1f:59:bd:5b:6f:bd:95:03:1f:1c:46:68:8b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:4d:86:eb:37:6f:e1:c0:ae:ad:ed:50:e2:73:fb:86: 04:58:87:1e:61:51:c6:77:d3:b8:1e:08:9b:64:45:d1: 6e:05:9d:d3:f6:5d:3c:a5:fb:3e:d7:aa:52:41:db:52: 64:05:d6:76:a6:1e:97:83:3c:0a:ef:e8:e7:50:43:16: a0:1b:72:0d:dd:b4:a5:37:8a:4b:09:79:86:7f:68:5d: 89:ca:42:63:3a:ce:c6:e8:46:4a:dc:b7:6f:4b:b5:0e: 28:3c:ed:29:d8:26:52:c6:3a:41:8d:2d:fc:ae:77:68: a0:ea:67:4a:6a:5e:40:52:6d:cd:d2:7c:e1:8b:fc:63 Fingerprint (SHA-256): E8:11:8F:1F:72:D3:94:3D:2E:57:25:71:54:D9:FA:4E:D1:82:45:B6:C8:AC:1E:21:47:68:B7:F6:50:61:CF:AE Fingerprint (SHA1): FF:60:BF:8C:A8:96:9F:3F:F1:CC:CA:0B:32:8D:C1:79:63:89:7E:5A Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1264: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1265: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015009 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1266: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1267: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1268: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015010 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1269: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1270: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1271: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1272: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519015011 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1273: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1274: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519015012 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1275: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1276: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1277: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1278: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1279: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015013 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519014915.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1280: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1281: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1282: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1283: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015014 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1284: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1285: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1286: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1287: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015010 (0x1eef8a62) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:56:52 2015 Not After : Tue May 19 05:56:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:0c:86:98:52:88:a8:9a:4f:b7:59:e1:0b:b7:f1:b1: d5:5f:9e:cb:30:a2:90:12:04:b7:df:aa:a8:6b:85:77: eb:46:2a:93:e0:ff:89:56:64:00:be:fc:fe:7e:10:12: 41:7f:6b:dd:31:47:0c:d0:70:e8:78:15:9e:3b:62:8f: 97:dc:d5:de:16:bb:71:88:d1:1f:15:a2:ed:c9:19:f9: ad:bf:13:85:85:6c:a5:86:cc:78:0d:1e:57:8a:9e:09: 79:39:ae:6e:4f:4e:17:52:73:0f:97:d1:5c:1c:5a:9a: 5c:ce:a1:50:e7:a2:dd:ac:16:bb:60:de:35:8b:a9:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:b3:05:c0:e4:6e:10:b7:dd:52:e1:7d:e4:71:6f:e2: fa:70:54:cb:d2:a0:f3:7c:a2:b8:65:2d:a9:e5:3e:27: 98:52:64:ce:74:49:b1:49:91:21:5f:e1:c4:28:6f:ee: ad:a8:d2:b9:4e:fb:f5:fa:48:a0:65:48:3c:b7:32:c6: 8f:02:1a:a9:d1:09:9f:24:0d:01:ba:63:64:5e:24:a1: 1a:b5:fd:18:86:56:be:25:a3:6a:47:20:39:18:fd:f1: 46:42:ad:7b:ad:81:ac:c8:58:20:6a:79:d9:59:45:c0: f8:a8:97:58:fd:b5:73:bb:e0:4f:77:16:6d:3a:4b:dc Fingerprint (SHA-256): 89:A5:1D:5E:87:08:23:A8:ED:46:46:F3:CD:58:79:AC:A0:C2:49:D6:42:F4:60:80:6F:55:BE:C7:A8:59:9E:34 Fingerprint (SHA1): 44:74:E4:D3:B6:3F:32:95:BF:47:DB:7B:0D:C8:B2:E6:EB:D5:EE:D2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1288: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015010 (0x1eef8a62) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:56:52 2015 Not After : Tue May 19 05:56:52 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:0c:86:98:52:88:a8:9a:4f:b7:59:e1:0b:b7:f1:b1: d5:5f:9e:cb:30:a2:90:12:04:b7:df:aa:a8:6b:85:77: eb:46:2a:93:e0:ff:89:56:64:00:be:fc:fe:7e:10:12: 41:7f:6b:dd:31:47:0c:d0:70:e8:78:15:9e:3b:62:8f: 97:dc:d5:de:16:bb:71:88:d1:1f:15:a2:ed:c9:19:f9: ad:bf:13:85:85:6c:a5:86:cc:78:0d:1e:57:8a:9e:09: 79:39:ae:6e:4f:4e:17:52:73:0f:97:d1:5c:1c:5a:9a: 5c:ce:a1:50:e7:a2:dd:ac:16:bb:60:de:35:8b:a9:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:b3:05:c0:e4:6e:10:b7:dd:52:e1:7d:e4:71:6f:e2: fa:70:54:cb:d2:a0:f3:7c:a2:b8:65:2d:a9:e5:3e:27: 98:52:64:ce:74:49:b1:49:91:21:5f:e1:c4:28:6f:ee: ad:a8:d2:b9:4e:fb:f5:fa:48:a0:65:48:3c:b7:32:c6: 8f:02:1a:a9:d1:09:9f:24:0d:01:ba:63:64:5e:24:a1: 1a:b5:fd:18:86:56:be:25:a3:6a:47:20:39:18:fd:f1: 46:42:ad:7b:ad:81:ac:c8:58:20:6a:79:d9:59:45:c0: f8:a8:97:58:fd:b5:73:bb:e0:4f:77:16:6d:3a:4b:dc Fingerprint (SHA-256): 89:A5:1D:5E:87:08:23:A8:ED:46:46:F3:CD:58:79:AC:A0:C2:49:D6:42:F4:60:80:6F:55:BE:C7:A8:59:9E:34 Fingerprint (SHA1): 44:74:E4:D3:B6:3F:32:95:BF:47:DB:7B:0D:C8:B2:E6:EB:D5:EE:D2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1289: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1290: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015015 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1291: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1292: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1293: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015016 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1294: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1295: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1296: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1297: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519015017 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1298: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1299: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519015018 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1300: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1301: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1302: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1303: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1304: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015019 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519014916.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1305: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1306: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1307: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1308: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015020 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1309: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1310: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1311: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1312: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519015021 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519014917.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1313: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1314: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1315: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1316: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015022 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1317: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1318: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1319: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1320: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015016 (0x1eef8a68) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:57:15 2015 Not After : Tue May 19 05:57:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:2c:cc:a8:85:2a:03:51:73:8a:b5:28:e0:a5:8c:99: 78:85:da:e6:d1:65:5f:2f:4f:40:64:41:bd:73:00:95: d8:62:a0:f3:33:c3:86:d4:a6:27:e4:34:05:5b:b4:bd: 96:a6:e4:2b:e8:d3:f1:a5:62:24:44:c4:83:8d:28:54: bd:f7:07:c5:16:cc:fc:7f:40:94:33:46:a8:a1:99:97: 92:e1:97:cb:29:89:e8:39:86:0a:92:2f:cd:d6:53:c7: 11:1f:4c:60:4d:43:70:a7:7a:d7:6d:5b:f9:71:36:91: 96:7a:3a:2e:c2:93:65:9d:90:9f:5e:09:9a:a1:a7:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:b3:1c:fe:95:cc:19:a7:cd:a3:4d:e5:e1:55:b5:cc: 23:a4:f6:0a:13:c7:18:c7:1e:e1:4b:03:64:d3:20:f8: 4e:16:e4:ff:2f:ae:88:8b:4a:9b:55:6d:0d:08:9b:5f: 0f:13:a8:94:68:18:35:db:41:51:d0:05:e4:16:4d:c1: f5:3d:54:cb:dd:49:15:6d:0c:dd:8a:d1:2e:94:e1:b9: a1:3e:6c:68:76:c6:67:f0:5c:b4:ee:de:9d:82:85:da: 75:e0:8f:70:d4:91:87:e8:09:d4:fe:ec:43:2d:da:5f: f5:21:99:0e:48:c0:34:8e:71:26:e4:b4:49:4d:84:d1 Fingerprint (SHA-256): AB:AD:AB:2D:B8:3B:F5:21:F8:7B:C2:84:57:D8:7A:0E:EA:73:AC:02:3D:F7:DA:CA:EA:99:9C:31:D6:FA:36:08 Fingerprint (SHA1): E0:27:EC:DE:AA:3B:27:04:71:68:C0:9B:6E:F4:2A:D2:D0:BD:F4:1C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1321: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015016 (0x1eef8a68) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:57:15 2015 Not After : Tue May 19 05:57:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:2c:cc:a8:85:2a:03:51:73:8a:b5:28:e0:a5:8c:99: 78:85:da:e6:d1:65:5f:2f:4f:40:64:41:bd:73:00:95: d8:62:a0:f3:33:c3:86:d4:a6:27:e4:34:05:5b:b4:bd: 96:a6:e4:2b:e8:d3:f1:a5:62:24:44:c4:83:8d:28:54: bd:f7:07:c5:16:cc:fc:7f:40:94:33:46:a8:a1:99:97: 92:e1:97:cb:29:89:e8:39:86:0a:92:2f:cd:d6:53:c7: 11:1f:4c:60:4d:43:70:a7:7a:d7:6d:5b:f9:71:36:91: 96:7a:3a:2e:c2:93:65:9d:90:9f:5e:09:9a:a1:a7:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:b3:1c:fe:95:cc:19:a7:cd:a3:4d:e5:e1:55:b5:cc: 23:a4:f6:0a:13:c7:18:c7:1e:e1:4b:03:64:d3:20:f8: 4e:16:e4:ff:2f:ae:88:8b:4a:9b:55:6d:0d:08:9b:5f: 0f:13:a8:94:68:18:35:db:41:51:d0:05:e4:16:4d:c1: f5:3d:54:cb:dd:49:15:6d:0c:dd:8a:d1:2e:94:e1:b9: a1:3e:6c:68:76:c6:67:f0:5c:b4:ee:de:9d:82:85:da: 75:e0:8f:70:d4:91:87:e8:09:d4:fe:ec:43:2d:da:5f: f5:21:99:0e:48:c0:34:8e:71:26:e4:b4:49:4d:84:d1 Fingerprint (SHA-256): AB:AD:AB:2D:B8:3B:F5:21:F8:7B:C2:84:57:D8:7A:0E:EA:73:AC:02:3D:F7:DA:CA:EA:99:9C:31:D6:FA:36:08 Fingerprint (SHA1): E0:27:EC:DE:AA:3B:27:04:71:68:C0:9B:6E:F4:2A:D2:D0:BD:F4:1C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1322: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #1323: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015015 (0x1eef8a67) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:57:12 2015 Not After : Tue May 19 05:57:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:dc:4d:c1:8c:f6:09:20:a3:e3:f4:60:33:5c:1e:84: 1f:ce:1c:f6:dd:ef:01:96:16:cc:cd:92:c0:46:21:a6: f1:a1:24:ac:9c:f5:40:e1:55:b2:93:b5:b0:fd:de:78: 05:c1:f6:4b:f1:eb:0b:2f:30:1d:96:e9:63:b7:74:5d: a6:a8:98:d4:29:fa:04:db:94:52:2d:c2:c7:10:fc:3b: 21:98:99:cf:80:dd:57:31:57:59:0f:0a:5b:aa:f2:25: 29:35:38:4d:c9:89:a2:17:e5:78:22:f2:df:09:4f:7e: 13:53:c3:14:84:ab:a5:76:e2:74:c5:8c:dc:4c:dc:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a6:ef:eb:a7:32:1e:a1:1c:11:bf:21:6b:03:a9:02:8c: f7:3b:fd:ce:dd:a5:1e:53:8e:49:4c:75:c9:9c:46:b1: 38:f5:90:32:92:07:88:44:78:c9:5c:61:c8:ff:c1:04: 15:54:ce:56:a1:8c:41:f9:dc:f9:a0:78:aa:92:e8:1f: 79:a2:b7:6f:b8:25:38:76:ca:42:d1:2e:e1:44:9c:af: 4f:15:68:cc:2c:d0:09:30:b1:63:e3:40:42:21:bc:fc: 8c:a4:72:7c:bd:cf:a8:d8:ed:80:af:52:c6:63:15:e6: 18:3a:93:73:92:82:fb:54:19:76:66:17:71:f4:da:1c Fingerprint (SHA-256): 22:DA:F8:AE:2B:BB:74:78:C2:19:0B:8C:0E:0E:15:79:8B:0F:5A:99:27:D5:D3:86:EE:5B:3E:2A:CC:D5:7E:D5 Fingerprint (SHA1): DB:A5:FB:E7:1D:BD:8D:F1:8B:D7:FF:8E:22:32:BE:43:DD:DB:B5:CD Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1324: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015016 (0x1eef8a68) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:57:15 2015 Not After : Tue May 19 05:57:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:2c:cc:a8:85:2a:03:51:73:8a:b5:28:e0:a5:8c:99: 78:85:da:e6:d1:65:5f:2f:4f:40:64:41:bd:73:00:95: d8:62:a0:f3:33:c3:86:d4:a6:27:e4:34:05:5b:b4:bd: 96:a6:e4:2b:e8:d3:f1:a5:62:24:44:c4:83:8d:28:54: bd:f7:07:c5:16:cc:fc:7f:40:94:33:46:a8:a1:99:97: 92:e1:97:cb:29:89:e8:39:86:0a:92:2f:cd:d6:53:c7: 11:1f:4c:60:4d:43:70:a7:7a:d7:6d:5b:f9:71:36:91: 96:7a:3a:2e:c2:93:65:9d:90:9f:5e:09:9a:a1:a7:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:b3:1c:fe:95:cc:19:a7:cd:a3:4d:e5:e1:55:b5:cc: 23:a4:f6:0a:13:c7:18:c7:1e:e1:4b:03:64:d3:20:f8: 4e:16:e4:ff:2f:ae:88:8b:4a:9b:55:6d:0d:08:9b:5f: 0f:13:a8:94:68:18:35:db:41:51:d0:05:e4:16:4d:c1: f5:3d:54:cb:dd:49:15:6d:0c:dd:8a:d1:2e:94:e1:b9: a1:3e:6c:68:76:c6:67:f0:5c:b4:ee:de:9d:82:85:da: 75:e0:8f:70:d4:91:87:e8:09:d4:fe:ec:43:2d:da:5f: f5:21:99:0e:48:c0:34:8e:71:26:e4:b4:49:4d:84:d1 Fingerprint (SHA-256): AB:AD:AB:2D:B8:3B:F5:21:F8:7B:C2:84:57:D8:7A:0E:EA:73:AC:02:3D:F7:DA:CA:EA:99:9C:31:D6:FA:36:08 Fingerprint (SHA1): E0:27:EC:DE:AA:3B:27:04:71:68:C0:9B:6E:F4:2A:D2:D0:BD:F4:1C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1325: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015016 (0x1eef8a68) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:57:15 2015 Not After : Tue May 19 05:57:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:2c:cc:a8:85:2a:03:51:73:8a:b5:28:e0:a5:8c:99: 78:85:da:e6:d1:65:5f:2f:4f:40:64:41:bd:73:00:95: d8:62:a0:f3:33:c3:86:d4:a6:27:e4:34:05:5b:b4:bd: 96:a6:e4:2b:e8:d3:f1:a5:62:24:44:c4:83:8d:28:54: bd:f7:07:c5:16:cc:fc:7f:40:94:33:46:a8:a1:99:97: 92:e1:97:cb:29:89:e8:39:86:0a:92:2f:cd:d6:53:c7: 11:1f:4c:60:4d:43:70:a7:7a:d7:6d:5b:f9:71:36:91: 96:7a:3a:2e:c2:93:65:9d:90:9f:5e:09:9a:a1:a7:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:b3:1c:fe:95:cc:19:a7:cd:a3:4d:e5:e1:55:b5:cc: 23:a4:f6:0a:13:c7:18:c7:1e:e1:4b:03:64:d3:20:f8: 4e:16:e4:ff:2f:ae:88:8b:4a:9b:55:6d:0d:08:9b:5f: 0f:13:a8:94:68:18:35:db:41:51:d0:05:e4:16:4d:c1: f5:3d:54:cb:dd:49:15:6d:0c:dd:8a:d1:2e:94:e1:b9: a1:3e:6c:68:76:c6:67:f0:5c:b4:ee:de:9d:82:85:da: 75:e0:8f:70:d4:91:87:e8:09:d4:fe:ec:43:2d:da:5f: f5:21:99:0e:48:c0:34:8e:71:26:e4:b4:49:4d:84:d1 Fingerprint (SHA-256): AB:AD:AB:2D:B8:3B:F5:21:F8:7B:C2:84:57:D8:7A:0E:EA:73:AC:02:3D:F7:DA:CA:EA:99:9C:31:D6:FA:36:08 Fingerprint (SHA1): E0:27:EC:DE:AA:3B:27:04:71:68:C0:9B:6E:F4:2A:D2:D0:BD:F4:1C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1326: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1327: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015023 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1328: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1329: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1330: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015024 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1331: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1332: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #1333: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1334: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519015025 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1335: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1336: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #1337: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1338: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519015026 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1339: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1340: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1341: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1342: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519015027 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1343: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1344: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519015028 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #1345: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1346: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #1347: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1348: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1349: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015029 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1350: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1351: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1352: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1353: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519015030 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1354: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1355: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1356: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1357: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015031 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1358: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1359: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1360: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1361: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015032 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1362: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1363: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1364: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015023 (0x1eef8a6f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 05:57:42 2015 Not After : Tue May 19 05:57:42 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:76:ee:a7:70:71:66:76:73:8e:30:b0:e0:c2:15:ad: f6:45:dc:93:0c:1c:4e:bb:0d:9c:8b:30:e3:b7:8b:36: 6f:c9:6f:cc:4d:44:8b:10:8c:33:bf:ba:25:5c:ad:d8: 22:7e:40:73:99:cb:96:a1:6b:df:0f:ef:42:91:39:a1: 26:a5:c9:a8:90:ad:69:9b:9a:08:42:6f:4d:51:93:c0: 2d:b3:96:07:d9:40:41:b4:3d:e9:9e:d9:33:d4:7c:15: 5f:04:17:a0:a4:96:e5:3b:86:11:9b:d0:c3:19:5b:9a: 66:dc:9d:97:48:89:43:0c:b6:56:c9:86:05:7e:8a:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5f:a3:52:80:e9:03:b6:75:73:f4:47:c6:3a:ad:0d:26: d1:5d:7c:a7:ce:8a:c9:ca:83:dd:04:b7:7f:ec:63:1a: 77:49:e9:ed:d1:67:97:65:68:6a:c1:9c:83:7b:9a:c1: 23:d8:d0:ae:d1:ce:b4:87:f4:86:3a:ed:ea:11:71:39: 57:d0:ca:0c:a6:c3:0b:70:cd:54:55:6a:52:ac:97:a5: 31:57:7c:99:8c:81:f0:7d:48:1a:8e:b8:cd:d6:60:83: e5:8f:ca:c8:68:42:11:a1:06:80:7d:ba:a1:94:24:05: 15:ea:96:7f:a2:e6:35:12:be:84:26:2a:41:21:7e:7b Fingerprint (SHA-256): E3:F8:65:14:9C:7A:5B:11:80:6F:CB:0E:5A:D7:57:1A:81:F0:31:EC:B6:78:EA:EC:1F:AA:E8:E4:EA:D2:5F:37 Fingerprint (SHA1): 92:A5:54:46:9D:37:F5:5D:16:14:0E:8B:79:8D:EB:70:E6:52:C2:61 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #1365: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1366: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1367: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1368: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1369: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1370: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1371: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1372: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1373: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015024 (0x1eef8a70) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 05:57:44 2015 Not After : Tue May 19 05:57:44 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:9a:34:4d:fe:a8:4a:f4:18:bc:63:26:18:1d:ca:2a: 9b:25:0f:66:6a:a8:7a:8a:2f:be:68:10:91:61:d6:3f: 80:32:fd:85:56:77:5a:6f:9b:6d:97:af:b5:80:32:27: 83:11:5f:26:66:cf:2b:2b:f6:f6:c9:93:68:15:9e:cb: a5:ae:98:f2:cb:02:f7:4e:ee:b1:9f:16:af:44:5e:bf: 63:b9:e5:4a:cc:cb:a5:88:cf:fd:1d:0a:60:83:bd:31: 61:9a:42:d6:1e:0a:8d:1d:dd:f7:13:34:d1:06:9e:b9: d0:7e:36:3f:8f:a8:a7:64:af:ae:57:3e:0b:23:7b:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 53:d7:1e:df:08:1d:fc:5f:1b:d0:eb:43:0f:1d:95:6a: 95:1c:49:d3:b2:26:c1:e7:3b:7f:56:a1:57:11:ea:f1: 15:d7:c7:c3:04:ed:c3:db:6e:7d:94:85:35:b3:d0:34: 01:80:44:d1:0b:e3:84:7a:fd:7d:42:f9:03:bb:ba:37: 99:fa:00:51:88:72:88:45:77:d5:17:5f:ab:51:36:6b: 62:bd:6f:90:93:e7:60:87:c5:f2:00:31:32:de:91:e4: a5:00:23:55:e8:21:d4:c1:99:00:33:99:95:85:c0:35: ef:dc:4a:ff:9b:d9:c3:78:18:f8:e7:e6:62:ee:c5:d2 Fingerprint (SHA-256): B4:C1:9C:9F:C8:60:6E:F5:09:73:0C:22:A2:D0:1F:59:D6:F0:CC:15:93:47:27:C1:D5:19:B2:4B:4F:D1:B2:3C Fingerprint (SHA1): 17:74:F2:11:6B:37:68:D6:60:10:5E:30:75:CA:8C:E3:5C:33:70:B5 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #1374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1380: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #1381: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #1382: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #1383: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #1384: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #1385: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #1386: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #1387: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1388: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #1389: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1390: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #1391: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1392: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015033 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1393: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1394: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1395: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1396: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015034 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1397: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1398: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1399: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1400: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015035 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1401: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1402: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1403: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1404: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519015036 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1405: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1406: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1407: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1408: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015037 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1409: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1410: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1411: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1412: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519015038 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1413: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1414: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1415: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1416: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519015039 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1417: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1418: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #1419: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1420: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519015040 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1421: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1422: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1423: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1424: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519015041 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1425: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1426: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1427: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015033 (0x1eef8a79) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:27 2015 Not After : Tue May 19 05:58:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 32:65:0f:44:83:b2:ab:e5:40:14:50:46:2a:a8:4f:7e: 69:10:49:8c:fa:db:93:71:6a:7c:d2:8d:4d:22:aa:ae: 88:db:ac:9e:a8:df:1a:db:8e:5d:e0:80:b3:af:77:69: 49:6c:9e:27:74:26:fc:4c:62:8f:7f:d9:29:44:be:f0: 97:c0:d5:29:f6:92:70:b3:8f:c0:a1:a5:26:43:75:d9: 04:98:cd:df:16:b0:cc:5a:a4:9b:75:3a:ed:43:b1:79: 45:cd:ee:ee:5c:1e:48:fb:3b:b2:9d:f3:4c:06:f8:35: aa:1a:ad:eb:12:ab:7c:27:23:f4:f3:d3:68:8e:c6:15 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:44:36:da:46:70:cd:08:db:e0:b5:97:c3: eb:88:9d:6b:04:7b:b0:2c:02:14:43:b1:68:45:39:c4: 36:d6:29:50:c6:d8:b4:d0:fe:bd:e2:d1:af:32 Fingerprint (SHA-256): 16:85:7D:C3:DE:AA:75:19:18:85:DD:95:E3:8D:50:F8:A7:A8:CB:B0:C4:74:20:B3:A5:4B:CB:4E:FE:15:BD:56 Fingerprint (SHA1): B4:F1:48:60:BC:42:E7:CD:5F:1B:41:A5:A3:34:80:EB:2A:7A:65:B0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1428: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015033 (0x1eef8a79) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:27 2015 Not After : Tue May 19 05:58:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 32:65:0f:44:83:b2:ab:e5:40:14:50:46:2a:a8:4f:7e: 69:10:49:8c:fa:db:93:71:6a:7c:d2:8d:4d:22:aa:ae: 88:db:ac:9e:a8:df:1a:db:8e:5d:e0:80:b3:af:77:69: 49:6c:9e:27:74:26:fc:4c:62:8f:7f:d9:29:44:be:f0: 97:c0:d5:29:f6:92:70:b3:8f:c0:a1:a5:26:43:75:d9: 04:98:cd:df:16:b0:cc:5a:a4:9b:75:3a:ed:43:b1:79: 45:cd:ee:ee:5c:1e:48:fb:3b:b2:9d:f3:4c:06:f8:35: aa:1a:ad:eb:12:ab:7c:27:23:f4:f3:d3:68:8e:c6:15 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:44:36:da:46:70:cd:08:db:e0:b5:97:c3: eb:88:9d:6b:04:7b:b0:2c:02:14:43:b1:68:45:39:c4: 36:d6:29:50:c6:d8:b4:d0:fe:bd:e2:d1:af:32 Fingerprint (SHA-256): 16:85:7D:C3:DE:AA:75:19:18:85:DD:95:E3:8D:50:F8:A7:A8:CB:B0:C4:74:20:B3:A5:4B:CB:4E:FE:15:BD:56 Fingerprint (SHA1): B4:F1:48:60:BC:42:E7:CD:5F:1B:41:A5:A3:34:80:EB:2A:7A:65:B0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1429: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015033 (0x1eef8a79) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:27 2015 Not After : Tue May 19 05:58:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 32:65:0f:44:83:b2:ab:e5:40:14:50:46:2a:a8:4f:7e: 69:10:49:8c:fa:db:93:71:6a:7c:d2:8d:4d:22:aa:ae: 88:db:ac:9e:a8:df:1a:db:8e:5d:e0:80:b3:af:77:69: 49:6c:9e:27:74:26:fc:4c:62:8f:7f:d9:29:44:be:f0: 97:c0:d5:29:f6:92:70:b3:8f:c0:a1:a5:26:43:75:d9: 04:98:cd:df:16:b0:cc:5a:a4:9b:75:3a:ed:43:b1:79: 45:cd:ee:ee:5c:1e:48:fb:3b:b2:9d:f3:4c:06:f8:35: aa:1a:ad:eb:12:ab:7c:27:23:f4:f3:d3:68:8e:c6:15 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:44:36:da:46:70:cd:08:db:e0:b5:97:c3: eb:88:9d:6b:04:7b:b0:2c:02:14:43:b1:68:45:39:c4: 36:d6:29:50:c6:d8:b4:d0:fe:bd:e2:d1:af:32 Fingerprint (SHA-256): 16:85:7D:C3:DE:AA:75:19:18:85:DD:95:E3:8D:50:F8:A7:A8:CB:B0:C4:74:20:B3:A5:4B:CB:4E:FE:15:BD:56 Fingerprint (SHA1): B4:F1:48:60:BC:42:E7:CD:5F:1B:41:A5:A3:34:80:EB:2A:7A:65:B0 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #1430: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015033 (0x1eef8a79) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:27 2015 Not After : Tue May 19 05:58:27 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 32:65:0f:44:83:b2:ab:e5:40:14:50:46:2a:a8:4f:7e: 69:10:49:8c:fa:db:93:71:6a:7c:d2:8d:4d:22:aa:ae: 88:db:ac:9e:a8:df:1a:db:8e:5d:e0:80:b3:af:77:69: 49:6c:9e:27:74:26:fc:4c:62:8f:7f:d9:29:44:be:f0: 97:c0:d5:29:f6:92:70:b3:8f:c0:a1:a5:26:43:75:d9: 04:98:cd:df:16:b0:cc:5a:a4:9b:75:3a:ed:43:b1:79: 45:cd:ee:ee:5c:1e:48:fb:3b:b2:9d:f3:4c:06:f8:35: aa:1a:ad:eb:12:ab:7c:27:23:f4:f3:d3:68:8e:c6:15 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:44:36:da:46:70:cd:08:db:e0:b5:97:c3: eb:88:9d:6b:04:7b:b0:2c:02:14:43:b1:68:45:39:c4: 36:d6:29:50:c6:d8:b4:d0:fe:bd:e2:d1:af:32 Fingerprint (SHA-256): 16:85:7D:C3:DE:AA:75:19:18:85:DD:95:E3:8D:50:F8:A7:A8:CB:B0:C4:74:20:B3:A5:4B:CB:4E:FE:15:BD:56 Fingerprint (SHA1): B4:F1:48:60:BC:42:E7:CD:5F:1B:41:A5:A3:34:80:EB:2A:7A:65:B0 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #1431: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1432: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1433: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1434: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1435: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1436: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1437: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1438: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1439: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1440: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1441: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1442: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1443: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1444: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1445: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1446: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #1447: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1448: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1449: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1450: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1451: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1452: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1453: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1454: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1455: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1456: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1457: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1458: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519055914Z nextupdate=20160519055914Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 05:59:14 2015 Next Update: Thu May 19 05:59:14 2016 CRL Extensions: chains.sh: #1459: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519055915Z nextupdate=20160519055915Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 05:59:15 2015 Next Update: Thu May 19 05:59:15 2016 CRL Extensions: chains.sh: #1460: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519055915Z nextupdate=20160519055916Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 05:59:15 2015 Next Update: Thu May 19 05:59:16 2016 CRL Extensions: chains.sh: #1461: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519055916Z nextupdate=20160519055916Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 05:59:16 2015 Next Update: Thu May 19 05:59:16 2016 CRL Extensions: chains.sh: #1462: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519055917Z addcert 14 20150519055917Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 05:59:17 2015 Next Update: Thu May 19 05:59:16 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 05:59:17 2015 CRL Extensions: chains.sh: #1463: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519055918Z addcert 15 20150519055918Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 05:59:18 2015 Next Update: Thu May 19 05:59:15 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 05:59:18 2015 CRL Extensions: chains.sh: #1464: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1465: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1466: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1467: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #1468: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #1469: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #1470: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #1471: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #1472: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #1473: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:54 2015 Not After : Tue May 19 05:58:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:1a:dd:b8:7c:33:4c:27:67:0d:dc:6a:18:09:6a:c5: 50:6b:40:68:98:04:a9:9d:cc:c3:71:c2:2b:61:17:c0: 65:4e:3b:6f:5a:ae:75:c6:3b:ec:f5:8a:8b:d4:a2:84: db:7c:7d:8d:c6:f9:68:27:c3:52:fa:82:92:09:d8:ff: a1:43:7f:f2:79:71:97:ed:d5:40:3e:9d:c9:0e:57:30: ee:ee:c1:18:d3:16:a1:f9:0f:09:31:e3:5f:af:fe:5c: 0a:08:50:5b:cd:3f:55:a6:88:12:6a:05:47:95:bc:0b: 3f:b1:29:a5:55:d7:0c:40:97:08:3e:02:7d:17:8c:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:2f:b5:2d:d3:c1:bc:98:99:23:e3:7b:fa:16:f9:36: 9d:e6:0e:37:49:05:21:a6:74:7e:b7:f3:95:23:35:01: fe:48:3b:d7:26:3e:64:10:6d:b5:3b:53:f9:fa:a7:68: 6d:cc:21:d5:2a:fb:22:7c:94:2d:12:eb:44:17:ad:63: 2b:af:fa:b3:31:95:1b:21:cf:95:74:de:e2:43:44:5e: d0:e1:cb:10:d4:91:ac:b0:14:94:3d:f3:dc:ee:7e:b7: 9c:5d:80:5b:c2:70:3a:99:39:d9:fa:43:ff:9a:9f:ae: ea:26:48:fc:da:0b:c2:e8:a0:d8:5f:73:a3:ae:8f:0d Fingerprint (SHA-256): B3:A4:BA:27:76:2D:35:4A:22:CA:A9:41:10:DC:9B:16:CB:8E:66:BF:30:25:85:1E:5B:F8:4A:55:D9:B0:D7:94 Fingerprint (SHA1): 4A:12:1E:E3:33:BB:F6:08:16:F7:38:BE:A4:91:7E:D3:7F:30:C9:E4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1474: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1475: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:58:54 2015 Not After : Tue May 19 05:58:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:1a:dd:b8:7c:33:4c:27:67:0d:dc:6a:18:09:6a:c5: 50:6b:40:68:98:04:a9:9d:cc:c3:71:c2:2b:61:17:c0: 65:4e:3b:6f:5a:ae:75:c6:3b:ec:f5:8a:8b:d4:a2:84: db:7c:7d:8d:c6:f9:68:27:c3:52:fa:82:92:09:d8:ff: a1:43:7f:f2:79:71:97:ed:d5:40:3e:9d:c9:0e:57:30: ee:ee:c1:18:d3:16:a1:f9:0f:09:31:e3:5f:af:fe:5c: 0a:08:50:5b:cd:3f:55:a6:88:12:6a:05:47:95:bc:0b: 3f:b1:29:a5:55:d7:0c:40:97:08:3e:02:7d:17:8c:b5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:2f:b5:2d:d3:c1:bc:98:99:23:e3:7b:fa:16:f9:36: 9d:e6:0e:37:49:05:21:a6:74:7e:b7:f3:95:23:35:01: fe:48:3b:d7:26:3e:64:10:6d:b5:3b:53:f9:fa:a7:68: 6d:cc:21:d5:2a:fb:22:7c:94:2d:12:eb:44:17:ad:63: 2b:af:fa:b3:31:95:1b:21:cf:95:74:de:e2:43:44:5e: d0:e1:cb:10:d4:91:ac:b0:14:94:3d:f3:dc:ee:7e:b7: 9c:5d:80:5b:c2:70:3a:99:39:d9:fa:43:ff:9a:9f:ae: ea:26:48:fc:da:0b:c2:e8:a0:d8:5f:73:a3:ae:8f:0d Fingerprint (SHA-256): B3:A4:BA:27:76:2D:35:4A:22:CA:A9:41:10:DC:9B:16:CB:8E:66:BF:30:25:85:1E:5B:F8:4A:55:D9:B0:D7:94 Fingerprint (SHA1): 4A:12:1E:E3:33:BB:F6:08:16:F7:38:BE:A4:91:7E:D3:7F:30:C9:E4 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1476: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1477: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1478: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015042 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1479: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1480: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #1481: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1482: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519015043 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1483: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1484: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1485: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014933.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1486: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014918.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1487: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1488: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #1489: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014933.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1490: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519015044 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1491: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1492: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1493: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014933.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1494: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014919.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1495: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1496: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #1497: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1498: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519015045 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1499: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1500: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1501: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014933.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1502: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014920.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1503: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1504: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1505: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014933.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #1506: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014921.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #1507: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1508: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519055951Z nextupdate=20160519055951Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 05:59:51 2015 Next Update: Thu May 19 05:59:51 2016 CRL Extensions: chains.sh: #1509: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519055951Z nextupdate=20160519055951Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 05:59:51 2015 Next Update: Thu May 19 05:59:51 2016 CRL Extensions: chains.sh: #1510: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519055952Z nextupdate=20160519055952Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 05:59:52 2015 Next Update: Thu May 19 05:59:52 2016 CRL Extensions: chains.sh: #1511: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519055953Z nextupdate=20160519055953Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 05:59:53 2015 Next Update: Thu May 19 05:59:53 2016 CRL Extensions: chains.sh: #1512: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519055954Z addcert 20 20150519055954Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 05:59:54 2015 Next Update: Thu May 19 05:59:51 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 05:59:54 2015 CRL Extensions: chains.sh: #1513: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519055955Z addcert 40 20150519055955Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 05:59:55 2015 Next Update: Thu May 19 05:59:51 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 05:59:54 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 05:59:55 2015 CRL Extensions: chains.sh: #1514: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1515: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1516: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #1517: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015042 (0x1eef8a82) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:59:29 2015 Not After : Tue May 19 05:59:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:1f:44:46:9f:25:e3:76:56:7e:67:9f:d6:00:5b:2a: 10:b5:9c:fd:77:8c:fd:76:6a:60:81:68:c5:f7:89:c8: 7c:99:74:99:cf:76:de:bf:1e:59:82:b6:54:25:0f:4f: 2e:4d:27:70:71:8e:ee:91:a2:9b:c7:ff:8d:ac:aa:d8: 8c:ac:64:ee:3d:31:16:68:92:36:8b:17:43:d3:9f:2c: fd:4e:7f:26:4c:93:d2:b8:e1:b7:a5:70:bf:65:00:37: 4e:2b:e0:fa:02:1f:b9:de:45:06:bd:60:b9:82:04:31: 14:bc:d3:80:23:83:e0:f6:b1:45:fd:d1:6c:b8:45:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:67:3a:ed:a3:57:27:a9:ee:35:81:d6:75:c2:74:41: f8:da:2f:99:81:10:36:12:74:14:43:7d:4d:7e:2e:a9: 82:91:74:13:33:c1:69:e3:88:3d:71:6b:8f:3e:dc:36: c2:c7:a3:05:9b:cd:a5:74:1c:ef:a3:bb:a0:88:22:85: dd:85:e8:b5:47:7d:ba:cb:e9:fb:d5:6a:9a:6a:c6:84: 77:86:40:d5:ac:51:5c:54:9b:12:c0:a1:90:fd:c6:39: 31:d1:e9:d5:40:81:69:ba:79:47:0b:10:11:66:02:25: b4:67:f2:31:dc:5b:2d:ec:1a:b4:cd:d7:8b:aa:ac:13 Fingerprint (SHA-256): 50:1C:63:25:E5:48:C3:0D:7F:AB:B7:0C:50:84:68:3F:69:6E:B1:83:B5:38:E1:E2:00:62:44:9A:1D:AC:E7:AA Fingerprint (SHA1): 37:23:17:05:9E:17:D7:89:81:1D:54:5E:05:27:80:EA:C2:94:12:1B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1518: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1519: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015042 (0x1eef8a82) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 05:59:29 2015 Not After : Tue May 19 05:59:29 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:1f:44:46:9f:25:e3:76:56:7e:67:9f:d6:00:5b:2a: 10:b5:9c:fd:77:8c:fd:76:6a:60:81:68:c5:f7:89:c8: 7c:99:74:99:cf:76:de:bf:1e:59:82:b6:54:25:0f:4f: 2e:4d:27:70:71:8e:ee:91:a2:9b:c7:ff:8d:ac:aa:d8: 8c:ac:64:ee:3d:31:16:68:92:36:8b:17:43:d3:9f:2c: fd:4e:7f:26:4c:93:d2:b8:e1:b7:a5:70:bf:65:00:37: 4e:2b:e0:fa:02:1f:b9:de:45:06:bd:60:b9:82:04:31: 14:bc:d3:80:23:83:e0:f6:b1:45:fd:d1:6c:b8:45:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2b:67:3a:ed:a3:57:27:a9:ee:35:81:d6:75:c2:74:41: f8:da:2f:99:81:10:36:12:74:14:43:7d:4d:7e:2e:a9: 82:91:74:13:33:c1:69:e3:88:3d:71:6b:8f:3e:dc:36: c2:c7:a3:05:9b:cd:a5:74:1c:ef:a3:bb:a0:88:22:85: dd:85:e8:b5:47:7d:ba:cb:e9:fb:d5:6a:9a:6a:c6:84: 77:86:40:d5:ac:51:5c:54:9b:12:c0:a1:90:fd:c6:39: 31:d1:e9:d5:40:81:69:ba:79:47:0b:10:11:66:02:25: b4:67:f2:31:dc:5b:2d:ec:1a:b4:cd:d7:8b:aa:ac:13 Fingerprint (SHA-256): 50:1C:63:25:E5:48:C3:0D:7F:AB:B7:0C:50:84:68:3F:69:6E:B1:83:B5:38:E1:E2:00:62:44:9A:1D:AC:E7:AA Fingerprint (SHA1): 37:23:17:05:9E:17:D7:89:81:1D:54:5E:05:27:80:EA:C2:94:12:1B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #1520: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #1521: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1522: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015046 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1523: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1524: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1525: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1526: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519015047 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1527: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1528: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1529: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1530: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015048 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1531: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1532: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1533: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1534: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519015049 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1535: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1536: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #1537: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015050 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1538: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #1539: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #1540: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1541: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519015051 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1542: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1543: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1544: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1545: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519015052 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1546: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1547: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #1548: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #1549: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #1550: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015046 (0x1eef8a86) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:00:01 2015 Not After : Tue May 19 06:00:01 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:b4:fc:07:8f:07:cf:0a:8a:51:0b:05:0d:ea:e1:c2: 2f:fe:31:0d:c9:78:b6:56:74:b7:77:3f:2a:e0:66:98: 47:f4:f3:6f:3d:4f:d4:9f:f5:08:41:76:75:72:49:c3: 77:4f:33:94:9b:c4:58:af:22:fc:aa:9e:96:21:2a:f5: a2:fa:d3:ea:08:08:1e:a6:86:10:fc:6f:9e:28:e4:6d: b9:31:60:70:02:51:50:6f:72:47:b1:77:15:da:8f:90: 76:fa:ce:85:14:2f:10:88:b1:1e:e2:f9:4a:79:dc:f4: e1:ec:47:49:d2:db:8c:20:57:8c:f5:7d:0a:d7:fe:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:b8:3f:11:51:ac:5d:84:99:44:fd:a1:d0:f4:ad:20: 16:d8:40:69:4c:8e:42:34:b5:7a:28:64:02:87:f3:55: 0a:3e:29:a6:81:c8:8b:30:74:8a:48:e4:03:28:5e:85: 24:3f:3a:a3:09:d6:93:a1:2a:69:1b:68:0b:66:5d:6b: d1:ee:df:2c:d1:bf:27:97:9e:70:39:9c:d2:40:6c:ad: f6:a5:13:d7:dc:e5:37:63:85:dc:e4:ee:a5:23:20:e4: a5:86:4d:0e:fd:cd:9f:35:f6:38:ee:36:44:d6:e4:62: 64:5e:96:56:2e:eb:2c:a1:6b:98:30:e2:75:30:31:46 Fingerprint (SHA-256): A3:2B:A7:0F:DF:C1:DF:E3:A3:D3:07:55:E2:1F:B7:96:68:8D:67:3A:79:C5:83:07:5C:56:B5:08:2E:A9:D1:C3 Fingerprint (SHA1): 46:48:DE:6F:99:71:10:5F:48:35:3E:A5:DD:23:34:B0:51:2A:A0:4D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1551: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015048 (0x1eef8a88) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:00:08 2015 Not After : Tue May 19 06:00:08 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:a2:8e:d4:72:79:d9:21:16:4b:8c:b3:0d:e2:cb:b7: bb:2a:88:cf:3a:dd:25:20:56:4a:bc:8e:9f:ed:1c:32: 3d:ef:fe:ab:37:94:3d:ac:36:00:fb:85:95:8f:19:07: a2:09:34:44:87:89:a2:d4:57:63:71:b5:06:01:1a:5e: ca:19:a9:9d:fb:f2:f9:fc:5a:7f:ce:ff:d4:e8:f4:46: a1:4b:ce:d6:5e:40:9e:22:47:7f:55:3b:01:53:09:cc: 0f:10:bc:c7:99:ac:c7:21:1c:37:12:5e:45:70:fd:29: 0e:e2:1e:01:28:b0:4d:56:27:32:f9:d5:e0:2e:fa:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:1f:27:c8:f1:73:f6:f1:3b:37:b5:f8:43:d3:e4:78: 42:a0:d7:a6:73:b6:f7:43:27:d7:44:a7:9f:c0:d4:ba: 58:73:ab:e4:9a:98:01:ca:3d:d1:0a:cd:23:c1:5d:53: de:e5:6c:c3:20:af:aa:5c:5d:a7:29:77:36:8e:5a:10: 4c:5c:45:5f:3f:b0:ee:82:4e:b4:cc:f9:10:d4:aa:9c: 86:56:c2:00:64:cb:b9:fa:54:7a:d1:98:76:5e:63:e1: 70:ce:c8:6b:5c:6c:3c:ab:f8:76:b4:78:de:60:8b:c9: 21:06:ed:71:a7:f5:58:e8:22:ba:47:0a:16:48:cc:73 Fingerprint (SHA-256): D0:EB:0E:48:EA:84:C1:4F:10:BA:DF:87:1A:B3:33:34:41:EF:D5:06:A6:65:F7:B7:43:D5:19:D9:20:B3:A1:68 Fingerprint (SHA1): 2A:A2:53:A4:8A:ED:82:35:7F:22:04:9C:90:B1:DB:0B:03:72:E0:A5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1552: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015046 (0x1eef8a86) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:00:01 2015 Not After : Tue May 19 06:00:01 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:b4:fc:07:8f:07:cf:0a:8a:51:0b:05:0d:ea:e1:c2: 2f:fe:31:0d:c9:78:b6:56:74:b7:77:3f:2a:e0:66:98: 47:f4:f3:6f:3d:4f:d4:9f:f5:08:41:76:75:72:49:c3: 77:4f:33:94:9b:c4:58:af:22:fc:aa:9e:96:21:2a:f5: a2:fa:d3:ea:08:08:1e:a6:86:10:fc:6f:9e:28:e4:6d: b9:31:60:70:02:51:50:6f:72:47:b1:77:15:da:8f:90: 76:fa:ce:85:14:2f:10:88:b1:1e:e2:f9:4a:79:dc:f4: e1:ec:47:49:d2:db:8c:20:57:8c:f5:7d:0a:d7:fe:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:b8:3f:11:51:ac:5d:84:99:44:fd:a1:d0:f4:ad:20: 16:d8:40:69:4c:8e:42:34:b5:7a:28:64:02:87:f3:55: 0a:3e:29:a6:81:c8:8b:30:74:8a:48:e4:03:28:5e:85: 24:3f:3a:a3:09:d6:93:a1:2a:69:1b:68:0b:66:5d:6b: d1:ee:df:2c:d1:bf:27:97:9e:70:39:9c:d2:40:6c:ad: f6:a5:13:d7:dc:e5:37:63:85:dc:e4:ee:a5:23:20:e4: a5:86:4d:0e:fd:cd:9f:35:f6:38:ee:36:44:d6:e4:62: 64:5e:96:56:2e:eb:2c:a1:6b:98:30:e2:75:30:31:46 Fingerprint (SHA-256): A3:2B:A7:0F:DF:C1:DF:E3:A3:D3:07:55:E2:1F:B7:96:68:8D:67:3A:79:C5:83:07:5C:56:B5:08:2E:A9:D1:C3 Fingerprint (SHA1): 46:48:DE:6F:99:71:10:5F:48:35:3E:A5:DD:23:34:B0:51:2A:A0:4D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1553: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #1554: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015046 (0x1eef8a86) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:00:01 2015 Not After : Tue May 19 06:00:01 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:b4:fc:07:8f:07:cf:0a:8a:51:0b:05:0d:ea:e1:c2: 2f:fe:31:0d:c9:78:b6:56:74:b7:77:3f:2a:e0:66:98: 47:f4:f3:6f:3d:4f:d4:9f:f5:08:41:76:75:72:49:c3: 77:4f:33:94:9b:c4:58:af:22:fc:aa:9e:96:21:2a:f5: a2:fa:d3:ea:08:08:1e:a6:86:10:fc:6f:9e:28:e4:6d: b9:31:60:70:02:51:50:6f:72:47:b1:77:15:da:8f:90: 76:fa:ce:85:14:2f:10:88:b1:1e:e2:f9:4a:79:dc:f4: e1:ec:47:49:d2:db:8c:20:57:8c:f5:7d:0a:d7:fe:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:b8:3f:11:51:ac:5d:84:99:44:fd:a1:d0:f4:ad:20: 16:d8:40:69:4c:8e:42:34:b5:7a:28:64:02:87:f3:55: 0a:3e:29:a6:81:c8:8b:30:74:8a:48:e4:03:28:5e:85: 24:3f:3a:a3:09:d6:93:a1:2a:69:1b:68:0b:66:5d:6b: d1:ee:df:2c:d1:bf:27:97:9e:70:39:9c:d2:40:6c:ad: f6:a5:13:d7:dc:e5:37:63:85:dc:e4:ee:a5:23:20:e4: a5:86:4d:0e:fd:cd:9f:35:f6:38:ee:36:44:d6:e4:62: 64:5e:96:56:2e:eb:2c:a1:6b:98:30:e2:75:30:31:46 Fingerprint (SHA-256): A3:2B:A7:0F:DF:C1:DF:E3:A3:D3:07:55:E2:1F:B7:96:68:8D:67:3A:79:C5:83:07:5C:56:B5:08:2E:A9:D1:C3 Fingerprint (SHA1): 46:48:DE:6F:99:71:10:5F:48:35:3E:A5:DD:23:34:B0:51:2A:A0:4D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1555: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015048 (0x1eef8a88) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:00:08 2015 Not After : Tue May 19 06:00:08 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:a2:8e:d4:72:79:d9:21:16:4b:8c:b3:0d:e2:cb:b7: bb:2a:88:cf:3a:dd:25:20:56:4a:bc:8e:9f:ed:1c:32: 3d:ef:fe:ab:37:94:3d:ac:36:00:fb:85:95:8f:19:07: a2:09:34:44:87:89:a2:d4:57:63:71:b5:06:01:1a:5e: ca:19:a9:9d:fb:f2:f9:fc:5a:7f:ce:ff:d4:e8:f4:46: a1:4b:ce:d6:5e:40:9e:22:47:7f:55:3b:01:53:09:cc: 0f:10:bc:c7:99:ac:c7:21:1c:37:12:5e:45:70:fd:29: 0e:e2:1e:01:28:b0:4d:56:27:32:f9:d5:e0:2e:fa:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:1f:27:c8:f1:73:f6:f1:3b:37:b5:f8:43:d3:e4:78: 42:a0:d7:a6:73:b6:f7:43:27:d7:44:a7:9f:c0:d4:ba: 58:73:ab:e4:9a:98:01:ca:3d:d1:0a:cd:23:c1:5d:53: de:e5:6c:c3:20:af:aa:5c:5d:a7:29:77:36:8e:5a:10: 4c:5c:45:5f:3f:b0:ee:82:4e:b4:cc:f9:10:d4:aa:9c: 86:56:c2:00:64:cb:b9:fa:54:7a:d1:98:76:5e:63:e1: 70:ce:c8:6b:5c:6c:3c:ab:f8:76:b4:78:de:60:8b:c9: 21:06:ed:71:a7:f5:58:e8:22:ba:47:0a:16:48:cc:73 Fingerprint (SHA-256): D0:EB:0E:48:EA:84:C1:4F:10:BA:DF:87:1A:B3:33:34:41:EF:D5:06:A6:65:F7:B7:43:D5:19:D9:20:B3:A1:68 Fingerprint (SHA1): 2A:A2:53:A4:8A:ED:82:35:7F:22:04:9C:90:B1:DB:0B:03:72:E0:A5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #1556: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #1557: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #1558: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #1559: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015046 (0x1eef8a86) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:00:01 2015 Not After : Tue May 19 06:00:01 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:b4:fc:07:8f:07:cf:0a:8a:51:0b:05:0d:ea:e1:c2: 2f:fe:31:0d:c9:78:b6:56:74:b7:77:3f:2a:e0:66:98: 47:f4:f3:6f:3d:4f:d4:9f:f5:08:41:76:75:72:49:c3: 77:4f:33:94:9b:c4:58:af:22:fc:aa:9e:96:21:2a:f5: a2:fa:d3:ea:08:08:1e:a6:86:10:fc:6f:9e:28:e4:6d: b9:31:60:70:02:51:50:6f:72:47:b1:77:15:da:8f:90: 76:fa:ce:85:14:2f:10:88:b1:1e:e2:f9:4a:79:dc:f4: e1:ec:47:49:d2:db:8c:20:57:8c:f5:7d:0a:d7:fe:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:b8:3f:11:51:ac:5d:84:99:44:fd:a1:d0:f4:ad:20: 16:d8:40:69:4c:8e:42:34:b5:7a:28:64:02:87:f3:55: 0a:3e:29:a6:81:c8:8b:30:74:8a:48:e4:03:28:5e:85: 24:3f:3a:a3:09:d6:93:a1:2a:69:1b:68:0b:66:5d:6b: d1:ee:df:2c:d1:bf:27:97:9e:70:39:9c:d2:40:6c:ad: f6:a5:13:d7:dc:e5:37:63:85:dc:e4:ee:a5:23:20:e4: a5:86:4d:0e:fd:cd:9f:35:f6:38:ee:36:44:d6:e4:62: 64:5e:96:56:2e:eb:2c:a1:6b:98:30:e2:75:30:31:46 Fingerprint (SHA-256): A3:2B:A7:0F:DF:C1:DF:E3:A3:D3:07:55:E2:1F:B7:96:68:8D:67:3A:79:C5:83:07:5C:56:B5:08:2E:A9:D1:C3 Fingerprint (SHA1): 46:48:DE:6F:99:71:10:5F:48:35:3E:A5:DD:23:34:B0:51:2A:A0:4D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1560: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015050 (0x1eef8a8a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:00:14 2015 Not After : Tue May 19 06:00:14 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:48:97:9b:d4:94:dc:05:6b:5f:93:3e:bb:92:a1:9d: 0c:e2:ed:4b:55:ef:36:a8:c8:63:34:a5:44:9f:49:fa: b6:21:de:4b:eb:3d:cf:b7:8a:2d:82:81:40:bd:2a:bc: 91:99:d6:51:ba:7f:03:1e:c4:17:03:ad:97:1d:60:9c: d8:9e:34:c9:70:cc:66:08:f8:97:b2:74:08:2e:d3:38: e2:3a:b7:98:3d:a6:5c:0b:8e:40:5e:9d:e8:29:73:85: 44:c8:5e:07:c8:22:1e:93:55:b5:4a:5d:8c:08:da:f1: b3:5b:69:a1:cf:2e:67:e8:ac:9c:e8:de:bd:d3:11:e5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 17:2f:6d:0d:0d:54:f6:ca:0e:22:df:ff:45:6b:73:39: 8f:68:f6:48:a2:20:26:75:5c:1f:fa:95:5b:ba:d4:89: 18:10:3c:6e:4d:a0:89:26:aa:f4:f3:35:e6:c4:94:0e: 6c:d0:9b:5d:39:b4:e5:b5:c7:7b:db:82:0b:b1:60:c9: 4f:5b:b4:47:3f:27:03:1c:3a:6d:49:73:98:04:a4:9f: f1:f3:75:a4:1d:fe:20:b4:77:4f:3a:a8:fc:94:74:84: 51:10:5b:09:3c:0f:33:32:4e:12:37:59:de:dd:24:3f: a5:a5:83:f9:29:60:35:59:e1:05:db:45:04:4c:1c:77 Fingerprint (SHA-256): 04:77:7B:C7:9A:17:B1:3B:89:C0:C8:B1:5C:0C:7E:AC:60:85:9B:97:2D:5D:AB:F5:3D:F5:11:68:E4:9F:35:46 Fingerprint (SHA1): C0:53:8E:00:B8:85:BF:B8:00:E7:C9:B9:D0:16:15:76:8F:00:06:65 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #1561: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015046 (0x1eef8a86) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:00:01 2015 Not After : Tue May 19 06:00:01 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:b4:fc:07:8f:07:cf:0a:8a:51:0b:05:0d:ea:e1:c2: 2f:fe:31:0d:c9:78:b6:56:74:b7:77:3f:2a:e0:66:98: 47:f4:f3:6f:3d:4f:d4:9f:f5:08:41:76:75:72:49:c3: 77:4f:33:94:9b:c4:58:af:22:fc:aa:9e:96:21:2a:f5: a2:fa:d3:ea:08:08:1e:a6:86:10:fc:6f:9e:28:e4:6d: b9:31:60:70:02:51:50:6f:72:47:b1:77:15:da:8f:90: 76:fa:ce:85:14:2f:10:88:b1:1e:e2:f9:4a:79:dc:f4: e1:ec:47:49:d2:db:8c:20:57:8c:f5:7d:0a:d7:fe:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a0:b8:3f:11:51:ac:5d:84:99:44:fd:a1:d0:f4:ad:20: 16:d8:40:69:4c:8e:42:34:b5:7a:28:64:02:87:f3:55: 0a:3e:29:a6:81:c8:8b:30:74:8a:48:e4:03:28:5e:85: 24:3f:3a:a3:09:d6:93:a1:2a:69:1b:68:0b:66:5d:6b: d1:ee:df:2c:d1:bf:27:97:9e:70:39:9c:d2:40:6c:ad: f6:a5:13:d7:dc:e5:37:63:85:dc:e4:ee:a5:23:20:e4: a5:86:4d:0e:fd:cd:9f:35:f6:38:ee:36:44:d6:e4:62: 64:5e:96:56:2e:eb:2c:a1:6b:98:30:e2:75:30:31:46 Fingerprint (SHA-256): A3:2B:A7:0F:DF:C1:DF:E3:A3:D3:07:55:E2:1F:B7:96:68:8D:67:3A:79:C5:83:07:5C:56:B5:08:2E:A9:D1:C3 Fingerprint (SHA1): 46:48:DE:6F:99:71:10:5F:48:35:3E:A5:DD:23:34:B0:51:2A:A0:4D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1562: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #1563: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #1564: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #1565: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #1566: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #1567: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015051 (0x1eef8a8b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:00:17 2015 Not After : Tue May 19 06:00:17 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:68:9c:a6:43:e9:40:bc:09:da:e5:2c:66:75:0d:c6: 8b:bd:9f:a9:d2:54:31:48:a4:3a:29:6f:3a:af:02:a1: d0:03:d3:c5:7b:f7:1b:61:f5:cb:66:88:6f:00:e2:27: 45:7f:19:d2:c2:2f:06:90:22:89:82:d2:98:01:5f:78: dc:17:57:67:f3:c3:99:f6:31:7f:4e:66:ae:f9:12:df: ad:e9:96:66:82:9e:6c:cc:58:4c:78:80:ee:42:56:13: aa:ee:d2:60:18:1c:19:cb:a6:92:29:82:b4:89:87:f0: d5:f4:04:05:0d:7b:39:83:11:6c:63:48:12:a0:e3:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:c3:52:63:88:74:06:4c:b7:30:17:95:42:46:ff:b3: 54:21:d6:cd:d8:d7:b0:6b:c5:c2:5a:40:76:76:4f:89: 1f:11:c7:8c:07:1d:e6:f7:2e:ee:e9:2b:a8:a2:2e:58: 8f:64:8a:3b:ff:98:01:8b:dc:7c:97:e1:25:cb:37:1b: 3b:12:e7:49:9a:0f:f5:21:b3:d3:c9:2d:38:6b:63:61: 82:73:02:1b:9f:2b:62:46:4d:1d:61:0e:8b:3d:9d:a5: 7d:39:18:87:6f:a2:88:8f:31:e4:2e:c6:0d:79:f7:07: ae:52:22:8e:d9:94:91:9b:21:d4:a5:30:92:9a:69:d1 Fingerprint (SHA-256): F9:1E:05:25:62:35:32:9A:0D:8A:2B:C5:0A:7E:E5:D8:42:EF:EE:D5:B0:B2:91:53:29:60:8D:D6:01:45:AF:34 Fingerprint (SHA1): 28:1D:B0:99:B8:F5:FB:CA:5C:41:4B:08:6D:B9:29:0A:78:7A:A5:C9 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #1568: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #1569: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #1570: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #1571: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #1572: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1573: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1574: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1575: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1576: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1577: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #1578: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1579: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1580: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1581: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1582: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #1583: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1584: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #1585: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1586: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #1587: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1588: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1589: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #1590: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #1591: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 10541 at Tue May 19 02:00:48 EDT 2015 kill -USR1 10541 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 10541 killed at Tue May 19 02:00:48 EDT 2015 httpserv starting at Tue May 19 02:00:48 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:00:48 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:00:54 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #1592: Waiting for Server - FAILED kill -0 26167 >/dev/null 2>/dev/null httpserv with PID 26167 found at Tue May 19 02:00:54 EDT 2015 httpserv with PID 26167 started at Tue May 19 02:00:54 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #1593: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015053 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1594: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #1595: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #1596: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015054 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1597: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #1598: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #1599: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1600: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519015055 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1601: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1602: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519015056 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1603: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1604: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #1605: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1606: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1607: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519015057 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1608: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1609: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1610: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #1611: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #1612: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015054 (0x1eef8a8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:00:59 2015 Not After : Tue May 19 06:00:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:21:84:25:5c:07:5e:81:29:6a:2f:41:05:b1:f9:2e: 7b:2e:23:e7:d6:b6:8a:5d:51:76:9b:6b:6f:6e:7b:f5: 71:b1:a8:19:90:98:fc:df:04:be:37:99:22:27:20:1d: cd:d2:b4:ca:83:4f:99:0a:bd:48:f5:0f:ab:6b:af:7e: ec:e0:b2:41:7b:dc:df:07:24:bf:96:82:5f:7d:76:a9: 56:4e:1a:0e:19:65:80:63:c8:3e:b1:9a:f3:0b:7d:e1: 72:41:f8:c7:9f:4f:14:6d:95:e3:7d:37:99:bc:e1:14: 12:42:dc:03:3b:7e:0a:75:d2:08:a0:1f:0b:9e:04:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:89:1e:75:6c:5c:ad:00:db:6b:ba:00:3f:c9:b1:0f: 77:37:5e:9b:aa:a5:61:25:27:22:d2:64:af:49:f5:f7: e1:fd:fb:4a:aa:b3:eb:d7:74:54:75:60:56:14:1e:19: 33:dd:39:35:03:c0:14:0f:a3:5f:91:d1:6b:fb:96:17: c2:94:6e:30:61:d4:54:7e:35:e3:5d:8b:d8:3c:80:e2: 09:de:ec:b1:e0:a3:4a:d3:9c:73:fa:a2:f1:aa:9c:bb: 50:4a:ce:6e:e3:f4:51:50:02:3f:25:9e:4e:b9:37:fd: 04:6b:b3:75:ee:48:4c:8a:af:e1:0b:41:22:d9:91:68 Fingerprint (SHA-256): E6:F9:89:66:0C:9A:AD:52:89:96:BA:FA:BE:4E:3D:72:8B:15:42:06:2F:25:C7:7B:EB:A0:A0:4D:C0:E4:A3:3D Fingerprint (SHA1): 2E:9F:36:2D:FF:AC:0E:22:25:FF:52:BB:76:08:95:BD:0D:6D:37:F1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1613: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015053 (0x1eef8a8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:00:57 2015 Not After : Tue May 19 06:00:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:ce:f3:4a:37:e6:5f:44:f3:1b:b0:ad:f3:60:c3:8a: a4:01:2f:6e:a8:12:57:a4:3b:d2:d2:b5:d3:1b:93:8e: c8:b9:b3:5e:49:c5:a9:27:e0:33:bc:60:fa:58:6c:ef: e3:b9:d4:1e:ef:44:ca:90:76:00:e3:6c:c9:91:90:82: 5d:33:de:1f:80:d3:04:b4:1b:8b:e4:09:2c:25:bb:64: 03:aa:70:55:f9:a8:22:ac:13:9b:f5:92:f3:30:35:e1: 1c:aa:e6:85:71:b9:50:59:3d:fd:57:80:74:0d:19:91: 5b:75:e6:45:42:15:99:75:ea:20:f8:31:f8:71:10:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:7c:d5:2b:81:92:9f:30:fa:fa:98:41:fc:4d:99:62: 2c:02:22:b9:26:c1:63:6d:77:de:2e:f0:d8:6f:75:94: 3f:ab:c8:2f:9e:8f:7c:c5:d2:da:83:40:68:1e:ca:42: fe:11:f0:30:c7:df:15:27:1d:4b:6e:ce:0f:da:cc:d2: 6b:e0:fc:aa:7f:1d:a1:5c:76:b7:34:a5:73:e6:a2:7e: 72:49:22:c2:f0:b7:3b:f7:81:2a:42:ae:46:9d:90:32: db:ba:13:e7:1d:f1:90:fc:6f:72:2a:50:bb:a6:1b:1e: 41:19:72:e7:aa:49:e1:14:b5:3a:75:93:ae:d0:9d:22 Fingerprint (SHA-256): BB:A8:BD:98:83:39:8A:3A:94:B6:6D:C5:D1:A1:5B:B1:D0:35:B0:00:01:08:68:B2:CE:48:1E:F7:CD:DB:ED:2D Fingerprint (SHA1): D5:CB:FB:85:91:14:F3:22:31:51:73:D0:DC:34:4D:4E:F3:8E:24:0D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1614: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1615: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #1616: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #1617: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015053 (0x1eef8a8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:00:57 2015 Not After : Tue May 19 06:00:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:ce:f3:4a:37:e6:5f:44:f3:1b:b0:ad:f3:60:c3:8a: a4:01:2f:6e:a8:12:57:a4:3b:d2:d2:b5:d3:1b:93:8e: c8:b9:b3:5e:49:c5:a9:27:e0:33:bc:60:fa:58:6c:ef: e3:b9:d4:1e:ef:44:ca:90:76:00:e3:6c:c9:91:90:82: 5d:33:de:1f:80:d3:04:b4:1b:8b:e4:09:2c:25:bb:64: 03:aa:70:55:f9:a8:22:ac:13:9b:f5:92:f3:30:35:e1: 1c:aa:e6:85:71:b9:50:59:3d:fd:57:80:74:0d:19:91: 5b:75:e6:45:42:15:99:75:ea:20:f8:31:f8:71:10:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:7c:d5:2b:81:92:9f:30:fa:fa:98:41:fc:4d:99:62: 2c:02:22:b9:26:c1:63:6d:77:de:2e:f0:d8:6f:75:94: 3f:ab:c8:2f:9e:8f:7c:c5:d2:da:83:40:68:1e:ca:42: fe:11:f0:30:c7:df:15:27:1d:4b:6e:ce:0f:da:cc:d2: 6b:e0:fc:aa:7f:1d:a1:5c:76:b7:34:a5:73:e6:a2:7e: 72:49:22:c2:f0:b7:3b:f7:81:2a:42:ae:46:9d:90:32: db:ba:13:e7:1d:f1:90:fc:6f:72:2a:50:bb:a6:1b:1e: 41:19:72:e7:aa:49:e1:14:b5:3a:75:93:ae:d0:9d:22 Fingerprint (SHA-256): BB:A8:BD:98:83:39:8A:3A:94:B6:6D:C5:D1:A1:5B:B1:D0:35:B0:00:01:08:68:B2:CE:48:1E:F7:CD:DB:ED:2D Fingerprint (SHA1): D5:CB:FB:85:91:14:F3:22:31:51:73:D0:DC:34:4D:4E:F3:8E:24:0D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1618: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015054 (0x1eef8a8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:00:59 2015 Not After : Tue May 19 06:00:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:21:84:25:5c:07:5e:81:29:6a:2f:41:05:b1:f9:2e: 7b:2e:23:e7:d6:b6:8a:5d:51:76:9b:6b:6f:6e:7b:f5: 71:b1:a8:19:90:98:fc:df:04:be:37:99:22:27:20:1d: cd:d2:b4:ca:83:4f:99:0a:bd:48:f5:0f:ab:6b:af:7e: ec:e0:b2:41:7b:dc:df:07:24:bf:96:82:5f:7d:76:a9: 56:4e:1a:0e:19:65:80:63:c8:3e:b1:9a:f3:0b:7d:e1: 72:41:f8:c7:9f:4f:14:6d:95:e3:7d:37:99:bc:e1:14: 12:42:dc:03:3b:7e:0a:75:d2:08:a0:1f:0b:9e:04:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:89:1e:75:6c:5c:ad:00:db:6b:ba:00:3f:c9:b1:0f: 77:37:5e:9b:aa:a5:61:25:27:22:d2:64:af:49:f5:f7: e1:fd:fb:4a:aa:b3:eb:d7:74:54:75:60:56:14:1e:19: 33:dd:39:35:03:c0:14:0f:a3:5f:91:d1:6b:fb:96:17: c2:94:6e:30:61:d4:54:7e:35:e3:5d:8b:d8:3c:80:e2: 09:de:ec:b1:e0:a3:4a:d3:9c:73:fa:a2:f1:aa:9c:bb: 50:4a:ce:6e:e3:f4:51:50:02:3f:25:9e:4e:b9:37:fd: 04:6b:b3:75:ee:48:4c:8a:af:e1:0b:41:22:d9:91:68 Fingerprint (SHA-256): E6:F9:89:66:0C:9A:AD:52:89:96:BA:FA:BE:4E:3D:72:8B:15:42:06:2F:25:C7:7B:EB:A0:A0:4D:C0:E4:A3:3D Fingerprint (SHA1): 2E:9F:36:2D:FF:AC:0E:22:25:FF:52:BB:76:08:95:BD:0D:6D:37:F1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1619: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #1620: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #1621: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1622: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1623: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #1624: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015054 (0x1eef8a8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:00:59 2015 Not After : Tue May 19 06:00:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:21:84:25:5c:07:5e:81:29:6a:2f:41:05:b1:f9:2e: 7b:2e:23:e7:d6:b6:8a:5d:51:76:9b:6b:6f:6e:7b:f5: 71:b1:a8:19:90:98:fc:df:04:be:37:99:22:27:20:1d: cd:d2:b4:ca:83:4f:99:0a:bd:48:f5:0f:ab:6b:af:7e: ec:e0:b2:41:7b:dc:df:07:24:bf:96:82:5f:7d:76:a9: 56:4e:1a:0e:19:65:80:63:c8:3e:b1:9a:f3:0b:7d:e1: 72:41:f8:c7:9f:4f:14:6d:95:e3:7d:37:99:bc:e1:14: 12:42:dc:03:3b:7e:0a:75:d2:08:a0:1f:0b:9e:04:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:89:1e:75:6c:5c:ad:00:db:6b:ba:00:3f:c9:b1:0f: 77:37:5e:9b:aa:a5:61:25:27:22:d2:64:af:49:f5:f7: e1:fd:fb:4a:aa:b3:eb:d7:74:54:75:60:56:14:1e:19: 33:dd:39:35:03:c0:14:0f:a3:5f:91:d1:6b:fb:96:17: c2:94:6e:30:61:d4:54:7e:35:e3:5d:8b:d8:3c:80:e2: 09:de:ec:b1:e0:a3:4a:d3:9c:73:fa:a2:f1:aa:9c:bb: 50:4a:ce:6e:e3:f4:51:50:02:3f:25:9e:4e:b9:37:fd: 04:6b:b3:75:ee:48:4c:8a:af:e1:0b:41:22:d9:91:68 Fingerprint (SHA-256): E6:F9:89:66:0C:9A:AD:52:89:96:BA:FA:BE:4E:3D:72:8B:15:42:06:2F:25:C7:7B:EB:A0:A0:4D:C0:E4:A3:3D Fingerprint (SHA1): 2E:9F:36:2D:FF:AC:0E:22:25:FF:52:BB:76:08:95:BD:0D:6D:37:F1 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1625: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015054 (0x1eef8a8e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:00:59 2015 Not After : Tue May 19 06:00:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d2:21:84:25:5c:07:5e:81:29:6a:2f:41:05:b1:f9:2e: 7b:2e:23:e7:d6:b6:8a:5d:51:76:9b:6b:6f:6e:7b:f5: 71:b1:a8:19:90:98:fc:df:04:be:37:99:22:27:20:1d: cd:d2:b4:ca:83:4f:99:0a:bd:48:f5:0f:ab:6b:af:7e: ec:e0:b2:41:7b:dc:df:07:24:bf:96:82:5f:7d:76:a9: 56:4e:1a:0e:19:65:80:63:c8:3e:b1:9a:f3:0b:7d:e1: 72:41:f8:c7:9f:4f:14:6d:95:e3:7d:37:99:bc:e1:14: 12:42:dc:03:3b:7e:0a:75:d2:08:a0:1f:0b:9e:04:4b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:89:1e:75:6c:5c:ad:00:db:6b:ba:00:3f:c9:b1:0f: 77:37:5e:9b:aa:a5:61:25:27:22:d2:64:af:49:f5:f7: e1:fd:fb:4a:aa:b3:eb:d7:74:54:75:60:56:14:1e:19: 33:dd:39:35:03:c0:14:0f:a3:5f:91:d1:6b:fb:96:17: c2:94:6e:30:61:d4:54:7e:35:e3:5d:8b:d8:3c:80:e2: 09:de:ec:b1:e0:a3:4a:d3:9c:73:fa:a2:f1:aa:9c:bb: 50:4a:ce:6e:e3:f4:51:50:02:3f:25:9e:4e:b9:37:fd: 04:6b:b3:75:ee:48:4c:8a:af:e1:0b:41:22:d9:91:68 Fingerprint (SHA-256): E6:F9:89:66:0C:9A:AD:52:89:96:BA:FA:BE:4E:3D:72:8B:15:42:06:2F:25:C7:7B:EB:A0:A0:4D:C0:E4:A3:3D Fingerprint (SHA1): 2E:9F:36:2D:FF:AC:0E:22:25:FF:52:BB:76:08:95:BD:0D:6D:37:F1 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1626: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #1627: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #1628: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #1629: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1630: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #1631: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015053 (0x1eef8a8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:00:57 2015 Not After : Tue May 19 06:00:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:ce:f3:4a:37:e6:5f:44:f3:1b:b0:ad:f3:60:c3:8a: a4:01:2f:6e:a8:12:57:a4:3b:d2:d2:b5:d3:1b:93:8e: c8:b9:b3:5e:49:c5:a9:27:e0:33:bc:60:fa:58:6c:ef: e3:b9:d4:1e:ef:44:ca:90:76:00:e3:6c:c9:91:90:82: 5d:33:de:1f:80:d3:04:b4:1b:8b:e4:09:2c:25:bb:64: 03:aa:70:55:f9:a8:22:ac:13:9b:f5:92:f3:30:35:e1: 1c:aa:e6:85:71:b9:50:59:3d:fd:57:80:74:0d:19:91: 5b:75:e6:45:42:15:99:75:ea:20:f8:31:f8:71:10:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:7c:d5:2b:81:92:9f:30:fa:fa:98:41:fc:4d:99:62: 2c:02:22:b9:26:c1:63:6d:77:de:2e:f0:d8:6f:75:94: 3f:ab:c8:2f:9e:8f:7c:c5:d2:da:83:40:68:1e:ca:42: fe:11:f0:30:c7:df:15:27:1d:4b:6e:ce:0f:da:cc:d2: 6b:e0:fc:aa:7f:1d:a1:5c:76:b7:34:a5:73:e6:a2:7e: 72:49:22:c2:f0:b7:3b:f7:81:2a:42:ae:46:9d:90:32: db:ba:13:e7:1d:f1:90:fc:6f:72:2a:50:bb:a6:1b:1e: 41:19:72:e7:aa:49:e1:14:b5:3a:75:93:ae:d0:9d:22 Fingerprint (SHA-256): BB:A8:BD:98:83:39:8A:3A:94:B6:6D:C5:D1:A1:5B:B1:D0:35:B0:00:01:08:68:B2:CE:48:1E:F7:CD:DB:ED:2D Fingerprint (SHA1): D5:CB:FB:85:91:14:F3:22:31:51:73:D0:DC:34:4D:4E:F3:8E:24:0D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1632: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015053 (0x1eef8a8d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:00:57 2015 Not After : Tue May 19 06:00:57 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:ce:f3:4a:37:e6:5f:44:f3:1b:b0:ad:f3:60:c3:8a: a4:01:2f:6e:a8:12:57:a4:3b:d2:d2:b5:d3:1b:93:8e: c8:b9:b3:5e:49:c5:a9:27:e0:33:bc:60:fa:58:6c:ef: e3:b9:d4:1e:ef:44:ca:90:76:00:e3:6c:c9:91:90:82: 5d:33:de:1f:80:d3:04:b4:1b:8b:e4:09:2c:25:bb:64: 03:aa:70:55:f9:a8:22:ac:13:9b:f5:92:f3:30:35:e1: 1c:aa:e6:85:71:b9:50:59:3d:fd:57:80:74:0d:19:91: 5b:75:e6:45:42:15:99:75:ea:20:f8:31:f8:71:10:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 35:7c:d5:2b:81:92:9f:30:fa:fa:98:41:fc:4d:99:62: 2c:02:22:b9:26:c1:63:6d:77:de:2e:f0:d8:6f:75:94: 3f:ab:c8:2f:9e:8f:7c:c5:d2:da:83:40:68:1e:ca:42: fe:11:f0:30:c7:df:15:27:1d:4b:6e:ce:0f:da:cc:d2: 6b:e0:fc:aa:7f:1d:a1:5c:76:b7:34:a5:73:e6:a2:7e: 72:49:22:c2:f0:b7:3b:f7:81:2a:42:ae:46:9d:90:32: db:ba:13:e7:1d:f1:90:fc:6f:72:2a:50:bb:a6:1b:1e: 41:19:72:e7:aa:49:e1:14:b5:3a:75:93:ae:d0:9d:22 Fingerprint (SHA-256): BB:A8:BD:98:83:39:8A:3A:94:B6:6D:C5:D1:A1:5B:B1:D0:35:B0:00:01:08:68:B2:CE:48:1E:F7:CD:DB:ED:2D Fingerprint (SHA1): D5:CB:FB:85:91:14:F3:22:31:51:73:D0:DC:34:4D:4E:F3:8E:24:0D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #1633: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #1634: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015058 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1635: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #1636: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #1637: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015059 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1638: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #1639: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #1640: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015060 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1641: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #1642: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #1643: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015061 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1644: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #1645: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #1646: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015062 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1647: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #1648: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #1649: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015063 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1650: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #1651: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #1652: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015064 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1653: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #1654: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #1655: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015065 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1656: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #1657: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #1658: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015066 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1659: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #1660: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #1661: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1662: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519015067 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1663: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1664: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519015068 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1665: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1666: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519015069 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1667: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1668: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #1669: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #1670: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1671: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519015070 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1672: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1673: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519015071 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1674: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1675: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519015072 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1676: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1677: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #1678: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #1679: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1680: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519015073 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1681: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1682: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519015074 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1683: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1684: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519015075 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1685: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1686: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #1687: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #1688: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1689: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519015076 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1690: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1691: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519015077 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1692: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1693: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519015078 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1694: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1695: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #1696: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1697: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1698: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519015079 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1699: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1700: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1701: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1702: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015080 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1703: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1704: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015058 (0x1eef8a92) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 06:01:26 2015 Not After : Tue May 19 06:01:26 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e7:29:7f:f6:3e:39:9e:59:49:34:50:11:5d:ac:f3:1c: e0:59:9c:4c:15:29:70:70:0a:58:3e:43:48:d0:75:89: 89:a9:c1:60:0f:6d:49:ba:b1:3b:45:b9:b7:20:d1:0c: a3:1a:9b:10:ba:ee:10:d3:eb:34:8f:15:54:8a:b1:2d: c6:4c:3b:aa:68:62:c0:c7:34:86:97:40:7f:90:e6:d6: 75:e3:3e:61:40:ad:74:c3:73:04:d7:e6:e1:41:43:d3: d8:12:bf:27:af:cd:c7:eb:5d:b3:11:79:e9:cc:33:c5: 9d:29:df:61:f1:03:c5:af:6d:e2:1a:d8:e1:08:fc:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: d6:54:51:3f:3c:3b:fb:08:68:8b:3a:7e:c2:45:db:5e: b3:e8:6f:7c:58:9a:97:d9:22:c3:64:17:fa:cf:e7:2e: b0:89:52:f8:ec:bc:6c:9f:1b:db:6c:1d:a9:5f:88:df: 18:32:02:00:d4:ef:a5:c8:12:7b:2f:c8:d6:86:5a:f8: 10:ba:cc:98:1f:bd:18:0c:7f:c5:e8:30:b7:3f:ee:d3: 3f:02:3a:b2:de:e2:98:63:b8:a0:a6:c6:aa:2c:b1:f1: 3c:02:d6:58:de:5c:26:bc:0e:a4:06:5a:4a:93:fa:38: 39:6a:ee:35:dc:3d:b2:24:01:2f:6c:70:34:28:19:c8 Fingerprint (SHA-256): 41:43:E4:74:6B:35:BB:FC:E3:D9:71:0F:BE:F8:CD:9F:26:C0:96:BF:3E:04:3D:1C:BD:61:18:8C:D7:17:B6:53 Fingerprint (SHA1): DD:F4:49:56:AF:E1:5F:D7:D2:2A:F0:E3:92:E3:01:FE:99:B2:60:39 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1705: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015059 (0x1eef8a93) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 06:01:28 2015 Not After : Tue May 19 06:01:28 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:de:f4:ac:f7:4a:28:95:6d:6a:73:04:1c:07:86:9b: 37:67:2b:67:cc:33:99:e7:5b:8e:3f:46:a2:2d:9a:89: 62:dc:9f:8b:22:93:c4:43:e2:4b:cf:2b:91:86:ab:40: c1:77:dd:20:f8:b9:99:65:eb:38:1c:80:8c:a5:dd:92: cf:44:a1:a0:33:3f:31:bb:98:bb:6c:d5:f3:15:13:88: c0:4f:ec:ee:0c:a1:53:34:2c:1f:b6:e4:e1:a8:50:2d: 4a:78:3f:af:88:ae:33:9f:7a:61:c5:79:73:95:f3:ed: 0b:2d:59:53:d6:4d:40:ad:3f:a3:96:ae:82:2d:51:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:07:67:82:d4:5b:bd:d8:43:37:7a:55:60:1d:8a:3c: 37:4c:f8:b2:41:f7:c6:40:a6:3a:74:a2:01:16:a5:d3: dc:1e:83:e8:06:2f:97:3f:eb:20:f6:84:c4:cd:36:29: 20:98:91:db:d4:3e:df:85:a6:bd:64:b1:01:5e:88:a9: 65:56:1d:16:9b:b2:80:e9:d1:fa:d4:e1:5e:d4:73:a9: 26:38:4d:b7:ea:03:fd:14:54:ca:0d:4a:27:48:0c:28: 8d:6d:99:11:f0:1d:68:4e:bb:2c:22:2b:7e:21:d3:60: 31:aa:b9:98:43:94:c6:35:f0:68:12:aa:c2:b1:05:f0 Fingerprint (SHA-256): 3B:54:13:E2:52:E3:25:4F:28:A8:80:12:23:5C:81:37:01:69:51:8A:70:39:2A:62:DD:4A:26:6E:FA:DC:BA:CC Fingerprint (SHA1): CD:2A:92:9D:AB:D5:92:1A:25:C8:56:CF:BF:04:EE:DF:88:07:E6:FE Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1706: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015060 (0x1eef8a94) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 06:01:31 2015 Not After : Tue May 19 06:01:31 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:16:ef:b6:4e:be:3a:02:99:5a:ef:77:60:f5:fe:95: 73:fb:b5:94:28:07:89:f7:ee:06:9a:46:fd:d2:ab:07: 78:71:3d:78:ee:15:9c:e3:ab:ed:e7:a5:a6:21:bf:08: 42:8e:f8:ea:34:dd:d6:d3:de:3c:b8:96:54:b9:2a:b5: 96:bd:57:f1:ee:6c:da:55:6c:ae:58:e6:e7:57:eb:f0: ce:6b:c9:bf:29:56:f6:13:da:40:6a:31:9f:e6:83:9b: 48:43:3c:26:10:fe:8b:44:be:a4:41:19:c1:51:62:f2: f9:07:99:df:e6:55:9a:98:24:0d:af:e6:77:b0:0e:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 87:02:e2:9d:90:cf:52:05:f3:b8:a1:26:72:f7:79:1a: 4a:85:31:88:3e:58:d5:13:68:cb:b9:fa:a5:93:4d:7d: c3:1c:d4:1f:12:7f:60:c4:8e:94:5b:fc:e4:d0:1d:58: c5:a7:91:00:ce:c2:a8:12:f3:30:86:2b:7d:35:12:0b: 17:bc:a9:fb:62:72:67:75:91:8f:a9:9d:08:ad:4f:52: 63:a2:54:97:87:38:a8:bc:9e:09:5f:2d:d7:4a:d1:1f: 13:8c:c7:e9:4f:88:14:ac:98:a7:e2:18:08:e1:2f:48: 2d:9a:8d:21:70:a7:a1:ac:80:50:01:a7:4c:71:66:71 Fingerprint (SHA-256): F6:27:37:EC:46:C3:A8:58:D3:94:20:C0:B8:E7:D6:58:B3:7B:16:A5:FB:3E:5B:F3:30:57:7A:53:92:DC:F3:F3 Fingerprint (SHA1): 55:EF:04:68:FE:0F:7E:A8:FC:63:48:D0:A4:E7:96:56:83:45:29:06 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #1707: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015061 (0x1eef8a95) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 06:01:33 2015 Not After : Tue May 19 06:01:33 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:d1:49:2c:af:b2:91:1e:4e:56:d0:d6:c1:9a:9c:bd: 33:40:9b:24:14:e3:f3:62:c0:17:98:14:77:14:b1:18: 77:b3:2e:f4:7e:a4:b2:31:5e:40:17:c2:5f:17:1e:af: 42:2a:6c:ad:59:76:1c:be:30:87:95:68:ec:6f:78:5e: b2:df:14:06:ec:fb:bd:7e:cb:98:78:9f:ca:27:13:c5: cf:c3:b5:e2:be:82:31:a9:7d:d3:83:aa:f1:54:e6:1a: 4a:4a:ba:6a:a6:57:c5:45:86:92:f3:fa:39:71:e9:f9: 3b:57:16:d1:01:ce:3e:aa:5e:99:66:9b:19:40:8b:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1c:98:41:61:f9:3a:f3:b4:06:3d:c3:ce:ab:4f:2a:28: 86:50:ad:2f:51:ff:94:2b:1c:52:ea:ac:dc:87:42:04: e8:e4:dd:40:87:6b:7d:a1:7c:c4:06:4f:aa:2b:db:ef: 9b:8d:82:c4:7a:60:84:ce:d0:30:f6:9d:bb:db:33:20: eb:36:fb:90:90:4d:c1:28:33:b0:be:69:e6:09:23:3e: 1e:2e:26:f3:3e:43:d7:70:6c:c4:b0:a0:39:70:6a:89: e7:0c:db:2f:88:4e:48:e1:3a:5e:84:7e:8c:b3:05:19: 20:41:b6:cf:e1:39:3d:60:c6:20:bb:45:3e:20:d6:d5 Fingerprint (SHA-256): 4E:36:6F:9A:D5:31:C5:55:52:63:D0:D2:13:21:D2:DD:1F:CB:58:A8:27:43:BB:6A:C1:5D:73:8E:69:FC:E1:B9 Fingerprint (SHA1): DA:33:5F:A3:80:2E:CC:51:26:0A:83:F1:43:81:F4:54:52:A9:9F:99 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1708: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015062 (0x1eef8a96) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 06:01:36 2015 Not After : Tue May 19 06:01:36 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:ac:78:51:e1:5e:17:d5:19:cf:c0:ae:ad:b3:49:0f: a9:71:e6:f0:c8:5c:e4:e9:28:f5:86:2c:46:30:9b:99: 69:e4:85:e3:6f:b1:b0:c8:9e:54:ec:fd:f9:77:2b:26: a9:c6:e7:e7:8d:2c:0e:3b:8c:9b:c3:b1:30:06:49:0e: bf:69:5b:4e:e7:ec:be:68:9a:c6:3e:53:b6:45:ff:05: 45:1b:0d:4e:e9:29:c9:de:83:98:73:97:91:b0:40:07: 67:d9:94:17:82:46:ca:e8:31:4e:2e:36:f9:da:e7:39: 38:05:f7:68:66:bd:53:3d:79:ce:23:f9:d3:a3:7f:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 98:dd:7e:9d:64:d4:cd:42:11:21:da:3c:d0:41:6e:eb: 42:2e:e3:d6:a1:0f:af:bb:05:87:23:89:2a:7c:03:09: 8b:c4:9f:85:97:30:9f:1e:25:dd:b5:c2:39:47:a0:77: 3e:e6:e7:af:f5:8a:d6:56:74:74:89:e7:b9:71:77:c7: 61:04:de:51:5b:e7:d4:a4:30:87:b8:b2:56:c8:c7:9e: be:5d:1d:a5:35:f3:90:bb:7a:88:d7:a4:30:2d:d1:3b: b2:78:42:ce:25:2a:6c:77:2c:b7:8c:b0:98:9a:dc:9e: c1:60:9f:f6:7f:03:94:0c:28:17:4a:29:8c:80:21:e0 Fingerprint (SHA-256): 6D:01:3C:34:9C:8C:DB:AC:E8:2C:BD:06:0E:86:A5:4A:16:C2:59:47:03:5A:2E:C1:85:DC:F7:B9:DF:26:52:48 Fingerprint (SHA1): D5:06:CA:58:56:E8:1A:B6:A6:03:D3:D5:64:AF:2C:FA:8F:E0:4C:C7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1709: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015063 (0x1eef8a97) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 06:01:40 2015 Not After : Tue May 19 06:01:40 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:40:36:f3:19:28:06:55:c6:c8:1a:c6:dd:40:6f:40: e9:22:72:4f:04:29:f7:43:6c:f6:d7:f1:8a:73:76:96: 71:8f:b5:72:01:07:5e:28:d1:c3:f3:81:f7:c7:c3:87: d5:96:b6:1b:09:77:5c:48:ad:0c:e8:6c:ec:83:e8:95: b9:c3:ba:2e:a4:cc:77:a2:41:af:42:99:8b:d3:2a:8d: 1f:ff:a4:ea:31:5f:4f:43:a8:3e:b3:2a:6b:0c:b8:d2: 48:fb:ea:e4:e8:47:ba:56:a3:dd:c9:9f:70:c0:ba:23: 8a:73:0a:f6:f3:74:34:30:2f:6e:1a:2d:49:a1:9c:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:26:9c:60:b2:d4:bb:0c:c2:05:ea:b4:e1:53:25:92: 18:14:73:fb:75:10:5a:d1:54:db:13:9b:d1:08:3f:db: 39:0a:25:64:2d:d7:f5:f0:98:7c:58:34:70:dd:10:ee: c1:25:e9:c3:86:88:87:eb:88:c6:87:6d:24:0b:01:a8: 56:f0:af:ad:2d:04:f9:c9:57:2e:78:5e:b2:54:d7:81: ff:7f:7b:28:33:fa:b4:c9:ae:62:17:96:4f:64:78:8a: 23:4c:82:2d:53:3a:84:49:a8:92:24:5f:82:d1:88:16: ea:38:c5:8e:90:46:dd:3d:61:52:c9:c9:7f:fa:5e:72 Fingerprint (SHA-256): E9:08:78:38:EE:6A:7C:9A:6D:9F:A4:06:B1:D8:48:05:9E:37:C6:B3:37:4E:C6:83:C4:E2:71:2B:10:73:FF:97 Fingerprint (SHA1): 19:40:F8:1B:2A:14:20:A2:CA:59:42:E0:A8:05:DD:9B:56:EE:55:7C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #1710: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015064 (0x1eef8a98) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 06:01:42 2015 Not After : Tue May 19 06:01:42 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:76:5a:0f:b9:5c:a8:ec:6f:83:f1:c7:ab:2f:a1:7f: 34:9f:f9:21:21:b2:da:8d:ab:6d:07:06:b9:5f:aa:06: aa:43:0f:1d:c1:6e:04:a0:20:d5:8e:e5:41:da:08:4d: 15:3a:9d:0c:0b:48:50:78:d2:1f:45:50:68:4b:21:2a: b6:4d:e0:89:8f:7b:b6:0f:48:13:de:4e:9f:61:eb:0c: 75:6f:8c:3e:92:e0:f9:fa:c3:a4:f8:68:43:1f:92:d6: e6:4e:fc:c3:90:ac:ea:c1:91:dc:4c:0e:00:48:8c:ee: 6f:e2:15:93:d1:13:cc:a7:e6:ba:b2:a2:2b:87:df:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7e:d1:40:f2:89:eb:73:d0:eb:6d:4b:2f:ef:af:29:5e: a0:99:a7:84:4b:0e:e4:ad:e0:75:90:7f:fa:df:a8:09: 47:b1:2e:71:96:bf:dd:e0:92:d1:0a:fb:aa:09:0e:d0: f4:15:a5:e4:1b:4f:c0:ab:19:a9:b1:3b:fc:d7:c6:a5: d3:00:84:e1:83:a8:5c:59:36:9a:f2:35:24:e1:7a:05: 7c:55:68:6c:53:c9:71:f6:23:90:93:c9:2c:1e:d3:51: e2:97:34:d9:9f:82:a1:7f:d3:53:6c:9e:b0:80:60:2a: 6e:15:cd:8f:1b:3c:f6:76:a8:c4:42:d8:12:7d:e3:bb Fingerprint (SHA-256): 9C:18:53:76:A7:BA:75:B6:CF:33:6E:63:D1:11:6F:E5:43:CE:2E:40:47:44:8C:56:DA:E8:9E:06:52:D7:04:9A Fingerprint (SHA1): 12:48:E6:69:E5:53:2B:E3:FF:BB:E4:6C:B9:B9:7E:E7:0E:85:A8:2A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1711: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015065 (0x1eef8a99) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 06:01:45 2015 Not After : Tue May 19 06:01:45 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:17:39:eb:8c:e5:de:fc:8a:00:8b:32:dc:84:f6:cd: e0:66:e1:dd:d5:28:06:55:9b:f2:38:d1:f6:19:78:96: fc:4e:89:7e:ba:a1:5c:cd:75:89:f5:d6:e4:de:2a:d1: 88:6f:f1:3e:25:76:18:71:11:5c:31:db:1f:43:e8:13: 03:13:96:de:bb:39:16:bb:f7:bf:70:46:cc:8d:5e:82: aa:4f:50:3e:17:f5:c7:4d:1a:d0:e6:44:62:de:39:2f: 2f:17:29:3e:66:c7:9b:62:ac:67:3c:0c:9e:36:26:eb: 21:0c:da:67:71:1d:74:a9:49:d2:19:16:2a:c5:c9:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 28:d9:d2:cb:91:1b:c9:53:48:16:44:8d:6d:f4:0d:0e: 4e:c3:d3:52:56:55:cb:1a:6b:fc:77:70:f7:e1:66:6e: 3d:5f:fe:d6:1b:ef:e4:50:b7:54:5e:c8:dd:2f:1d:fc: 0c:81:25:3e:92:4b:cf:ab:8c:a0:1e:16:0c:05:f3:1c: 64:0b:38:54:d1:fc:30:49:8c:b7:34:1e:b1:09:59:3a: c1:29:b7:09:a0:73:ea:3a:a9:33:a7:e3:b4:27:3b:86: 17:5b:6e:11:91:90:af:b4:9a:4b:68:f5:be:56:be:49: e1:5e:c6:6b:15:7d:3f:df:4f:80:13:d4:72:2a:ee:d6 Fingerprint (SHA-256): C8:E0:22:88:07:73:3B:9D:DA:36:A8:56:C1:72:43:8D:EF:83:07:1C:CD:83:55:FA:09:A4:F6:0B:11:E5:B5:22 Fingerprint (SHA1): A8:B5:7C:D7:81:69:80:76:30:FD:A7:AC:37:9C:F4:29:67:2B:4E:AB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1712: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015066 (0x1eef8a9a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 06:01:48 2015 Not After : Tue May 19 06:01:48 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:a3:9b:fe:40:55:e7:68:36:00:7d:4b:df:6f:16:97: de:49:52:dd:a6:5e:6d:eb:b7:fc:a6:18:06:2c:64:a6: c0:44:8e:38:a9:c0:b2:33:89:14:2c:b5:34:b9:ce:aa: ab:3f:48:41:6d:07:4f:69:fd:bc:e1:a7:bd:c0:af:9f: 3f:aa:7d:1f:79:20:ea:05:47:da:1c:f4:31:15:32:62: 7e:64:3a:93:4b:95:9e:31:a2:0c:2a:69:8e:c3:ce:47: 88:63:44:e6:9c:25:d1:2c:90:9d:93:ea:5b:33:a7:8d: 9b:72:3c:10:4e:5f:e5:05:29:98:46:a6:94:79:0d:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:81:62:78:5a:c7:fb:32:ea:75:f6:87:26:4c:b6:f2: b4:5c:a1:4c:2a:39:62:b6:51:9a:1c:32:55:99:a2:d0: 55:2b:77:72:6e:cb:7a:63:97:df:83:c7:f6:d4:a3:e7: df:6d:90:10:82:6c:2b:46:4c:bd:be:fd:90:93:2d:2d: 85:2f:63:ec:6d:16:c3:a9:ea:b4:1d:bf:77:19:b0:2b: 58:62:00:c3:0d:5a:59:aa:44:cb:40:b0:14:cb:35:86: 74:cb:12:de:ac:80:13:29:61:6d:bb:e1:c2:11:69:bd: c2:a8:e5:c9:d4:70:4a:f1:5b:01:f8:a0:03:63:eb:c8 Fingerprint (SHA-256): F7:3C:67:51:22:57:22:62:33:87:F8:32:4C:2F:AE:C5:B7:59:CF:30:22:F4:F3:68:B6:F5:47:36:29:09:AC:78 Fingerprint (SHA1): D9:70:95:AF:4C:4C:34:63:93:33:CA:E5:BA:37:E0:99:EF:9B:17:EC Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #1713: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1714: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015081 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1715: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1716: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1717: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1718: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015082 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1719: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1720: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1721: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1722: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015083 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1723: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1724: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #1725: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1726: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519015084 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1727: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1728: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1729: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015081 (0x1eef8aa9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:25 2015 Not After : Tue May 19 06:02:25 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:78:12:3d:1b:79:fd:ba:ec:c3:2c:99:1b:e4:4f:69: 54:04:16:0f:bb:73:b6:39:76:6f:a2:88:b9:bb:7f:09: 4b:8f:22:8f:9d:6f:08:ab:80:2e:9d:be:e9:7f:e9:6b: ae:e9:7a:83:1d:6e:62:55:0c:e7:b4:94:34:b9:29:f9: 21:51:3f:2c:1e:d1:89:e6:45:1d:ea:77:f1:92:29:81: df:59:31:51:87:a5:bc:3b:c3:27:63:96:55:28:26:e2: 84:e4:e4:16:76:c6:b1:78:19:1b:ab:21:3c:35:72:34: a0:0b:51:29:08:41:df:6d:3d:d0:78:e4:9f:e8:61:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:51:93:f5:e8:70:ed:91:e1:9f:24:34:6e:6e:60:e4: da:58:e2:30:c0:b3:f1:72:31:b9:ac:5f:1c:31:c2:a2: 76:23:72:bb:dd:ca:b1:f4:06:30:ea:f8:c4:65:cc:84: 47:80:70:10:d2:94:57:44:dd:c7:9a:03:aa:09:23:11: 6d:0a:4b:4b:fb:47:29:ab:f6:6a:42:58:fb:1d:14:8a: 60:f4:7f:81:c2:c6:97:60:57:85:5c:61:92:22:f0:ee: ce:d3:ff:20:d5:24:31:31:91:a5:e0:a7:73:c5:fe:31: fc:db:90:8e:e9:47:45:0d:c3:dc:29:d2:38:50:0e:0c Fingerprint (SHA-256): 4E:0E:B4:90:05:36:57:ED:48:06:09:5A:4E:7E:56:3D:3C:A4:B9:FD:0D:11:45:6A:F4:BA:73:67:39:29:99:A1 Fingerprint (SHA1): E0:2E:1A:ED:0D:1A:78:F6:98:16:F8:BE:EC:1A:81:9D:D0:48:72:DA Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1730: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1731: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015082 (0x1eef8aaa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:28 2015 Not After : Tue May 19 06:02:28 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:c0:5b:7b:c1:37:4e:20:24:86:0e:02:a0:7a:6f:d4: bc:3d:20:df:1d:03:7e:10:ce:9f:a1:6d:04:68:e0:c1: 4f:42:1c:b9:0e:4f:45:ee:b1:e2:4b:49:f6:61:fa:4f: 2a:3a:14:70:38:83:76:d4:bf:2f:e8:f3:0c:f1:e4:d2: 6c:bc:48:35:56:e3:e9:39:06:e7:f7:36:da:ed:ff:1f: e5:50:60:59:97:72:31:b6:fe:cd:ff:4d:05:12:cc:31: 00:c8:a6:aa:ff:93:a9:a3:2f:09:b6:0f:ce:30:41:de: c9:8d:fe:f7:86:4e:50:cf:ad:6e:99:31:29:b3:fb:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:b4:e0:e3:35:93:73:11:19:b3:0a:74:f5:e4:7d:9a: c1:e7:30:9b:9c:d9:f6:53:61:a3:1c:3d:bc:c4:52:35: 61:73:b0:51:1b:56:14:aa:c7:7a:7c:bc:06:d7:e2:30: 67:e2:fa:5e:7a:e5:b2:29:9b:c8:08:48:6f:82:c7:c2: 40:52:b7:e2:08:52:40:c5:86:58:49:37:6c:7b:c3:47: e3:48:6a:9f:75:ac:f9:45:b2:79:65:8d:cf:e8:6f:2a: 1b:36:9e:5f:1a:e5:77:7a:31:47:34:61:cc:25:09:ca: 14:0e:93:01:5e:92:26:8a:c0:94:28:1f:6a:c8:9b:8d Fingerprint (SHA-256): 62:B2:53:21:6D:E1:F2:49:6B:0F:50:86:83:4C:4A:42:90:A1:BF:E7:F2:A4:22:3F:A4:0F:62:68:A2:54:7D:E6 Fingerprint (SHA1): 80:8D:12:CF:EC:48:2F:0F:E1:72:A5:2C:9D:1D:0C:28:B1:02:90:3D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1732: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1733: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015083 (0x1eef8aab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:32 2015 Not After : Tue May 19 06:02:32 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:a4:a0:aa:bf:08:7b:f7:4e:b0:e8:8c:de:5a:ba:b7: 38:85:67:eb:e3:c6:bc:9c:e4:23:c0:38:8a:2b:1c:d2: 6c:cb:8f:a1:6f:c1:6a:2f:93:87:b2:7a:32:42:ec:71: 1e:1c:04:cb:4f:57:66:78:3b:c4:06:f9:a1:6f:df:46: 74:1f:84:f5:04:34:81:ac:a6:1d:db:11:df:f5:9f:3d: c9:a7:53:d0:b8:d0:c5:3d:04:bd:f2:ea:73:ea:fb:45: 04:9e:14:d0:4e:cc:d9:a4:7e:57:5e:1c:e2:53:bc:37: 37:6f:61:16:87:c4:08:d7:e0:60:7a:3f:19:4a:27:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:66:4e:88:51:df:ad:3e:66:8f:50:5b:57:1a:86:f4: b6:cf:a1:5b:9b:dd:23:64:93:ea:a2:4e:06:0c:82:25: f6:57:be:5e:45:19:7c:be:1c:5c:28:c1:e8:70:0f:0e: a5:15:58:e7:6d:82:de:d5:ff:5a:10:b6:30:2d:17:88: ce:89:e8:e8:b8:59:a7:3d:73:e9:b2:9b:fa:09:1b:97: de:6c:9b:a2:a9:4c:da:2c:eb:af:59:fc:ae:2a:6b:d4: 19:88:07:44:04:80:a1:9e:35:69:23:66:90:8a:d8:4d: 8e:41:49:16:8f:61:fe:df:9b:97:c6:9d:46:c3:fd:9d Fingerprint (SHA-256): 8C:32:26:CC:03:07:CF:EB:D3:ED:6B:CA:94:1E:EC:E3:08:C7:4D:45:6A:A9:DD:86:62:22:86:41:2C:8E:F0:44 Fingerprint (SHA1): B3:64:85:D0:94:8F:98:70:4A:8D:A5:75:AB:56:8B:FE:7E:D7:B1:0F Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1734: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1735: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1736: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1737: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1738: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015081 (0x1eef8aa9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:25 2015 Not After : Tue May 19 06:02:25 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:78:12:3d:1b:79:fd:ba:ec:c3:2c:99:1b:e4:4f:69: 54:04:16:0f:bb:73:b6:39:76:6f:a2:88:b9:bb:7f:09: 4b:8f:22:8f:9d:6f:08:ab:80:2e:9d:be:e9:7f:e9:6b: ae:e9:7a:83:1d:6e:62:55:0c:e7:b4:94:34:b9:29:f9: 21:51:3f:2c:1e:d1:89:e6:45:1d:ea:77:f1:92:29:81: df:59:31:51:87:a5:bc:3b:c3:27:63:96:55:28:26:e2: 84:e4:e4:16:76:c6:b1:78:19:1b:ab:21:3c:35:72:34: a0:0b:51:29:08:41:df:6d:3d:d0:78:e4:9f:e8:61:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:51:93:f5:e8:70:ed:91:e1:9f:24:34:6e:6e:60:e4: da:58:e2:30:c0:b3:f1:72:31:b9:ac:5f:1c:31:c2:a2: 76:23:72:bb:dd:ca:b1:f4:06:30:ea:f8:c4:65:cc:84: 47:80:70:10:d2:94:57:44:dd:c7:9a:03:aa:09:23:11: 6d:0a:4b:4b:fb:47:29:ab:f6:6a:42:58:fb:1d:14:8a: 60:f4:7f:81:c2:c6:97:60:57:85:5c:61:92:22:f0:ee: ce:d3:ff:20:d5:24:31:31:91:a5:e0:a7:73:c5:fe:31: fc:db:90:8e:e9:47:45:0d:c3:dc:29:d2:38:50:0e:0c Fingerprint (SHA-256): 4E:0E:B4:90:05:36:57:ED:48:06:09:5A:4E:7E:56:3D:3C:A4:B9:FD:0D:11:45:6A:F4:BA:73:67:39:29:99:A1 Fingerprint (SHA1): E0:2E:1A:ED:0D:1A:78:F6:98:16:F8:BE:EC:1A:81:9D:D0:48:72:DA Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1739: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1740: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015082 (0x1eef8aaa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:28 2015 Not After : Tue May 19 06:02:28 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:c0:5b:7b:c1:37:4e:20:24:86:0e:02:a0:7a:6f:d4: bc:3d:20:df:1d:03:7e:10:ce:9f:a1:6d:04:68:e0:c1: 4f:42:1c:b9:0e:4f:45:ee:b1:e2:4b:49:f6:61:fa:4f: 2a:3a:14:70:38:83:76:d4:bf:2f:e8:f3:0c:f1:e4:d2: 6c:bc:48:35:56:e3:e9:39:06:e7:f7:36:da:ed:ff:1f: e5:50:60:59:97:72:31:b6:fe:cd:ff:4d:05:12:cc:31: 00:c8:a6:aa:ff:93:a9:a3:2f:09:b6:0f:ce:30:41:de: c9:8d:fe:f7:86:4e:50:cf:ad:6e:99:31:29:b3:fb:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:b4:e0:e3:35:93:73:11:19:b3:0a:74:f5:e4:7d:9a: c1:e7:30:9b:9c:d9:f6:53:61:a3:1c:3d:bc:c4:52:35: 61:73:b0:51:1b:56:14:aa:c7:7a:7c:bc:06:d7:e2:30: 67:e2:fa:5e:7a:e5:b2:29:9b:c8:08:48:6f:82:c7:c2: 40:52:b7:e2:08:52:40:c5:86:58:49:37:6c:7b:c3:47: e3:48:6a:9f:75:ac:f9:45:b2:79:65:8d:cf:e8:6f:2a: 1b:36:9e:5f:1a:e5:77:7a:31:47:34:61:cc:25:09:ca: 14:0e:93:01:5e:92:26:8a:c0:94:28:1f:6a:c8:9b:8d Fingerprint (SHA-256): 62:B2:53:21:6D:E1:F2:49:6B:0F:50:86:83:4C:4A:42:90:A1:BF:E7:F2:A4:22:3F:A4:0F:62:68:A2:54:7D:E6 Fingerprint (SHA1): 80:8D:12:CF:EC:48:2F:0F:E1:72:A5:2C:9D:1D:0C:28:B1:02:90:3D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1741: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1742: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015083 (0x1eef8aab) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:32 2015 Not After : Tue May 19 06:02:32 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:a4:a0:aa:bf:08:7b:f7:4e:b0:e8:8c:de:5a:ba:b7: 38:85:67:eb:e3:c6:bc:9c:e4:23:c0:38:8a:2b:1c:d2: 6c:cb:8f:a1:6f:c1:6a:2f:93:87:b2:7a:32:42:ec:71: 1e:1c:04:cb:4f:57:66:78:3b:c4:06:f9:a1:6f:df:46: 74:1f:84:f5:04:34:81:ac:a6:1d:db:11:df:f5:9f:3d: c9:a7:53:d0:b8:d0:c5:3d:04:bd:f2:ea:73:ea:fb:45: 04:9e:14:d0:4e:cc:d9:a4:7e:57:5e:1c:e2:53:bc:37: 37:6f:61:16:87:c4:08:d7:e0:60:7a:3f:19:4a:27:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:66:4e:88:51:df:ad:3e:66:8f:50:5b:57:1a:86:f4: b6:cf:a1:5b:9b:dd:23:64:93:ea:a2:4e:06:0c:82:25: f6:57:be:5e:45:19:7c:be:1c:5c:28:c1:e8:70:0f:0e: a5:15:58:e7:6d:82:de:d5:ff:5a:10:b6:30:2d:17:88: ce:89:e8:e8:b8:59:a7:3d:73:e9:b2:9b:fa:09:1b:97: de:6c:9b:a2:a9:4c:da:2c:eb:af:59:fc:ae:2a:6b:d4: 19:88:07:44:04:80:a1:9e:35:69:23:66:90:8a:d8:4d: 8e:41:49:16:8f:61:fe:df:9b:97:c6:9d:46:c3:fd:9d Fingerprint (SHA-256): 8C:32:26:CC:03:07:CF:EB:D3:ED:6B:CA:94:1E:EC:E3:08:C7:4D:45:6A:A9:DD:86:62:22:86:41:2C:8E:F0:44 Fingerprint (SHA1): B3:64:85:D0:94:8F:98:70:4A:8D:A5:75:AB:56:8B:FE:7E:D7:B1:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #1743: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1744: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1745: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015085 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1746: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1747: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1748: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1749: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015086 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1750: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1751: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1752: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1753: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015087 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1754: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1755: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1756: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1757: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519015088 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1758: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1759: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1760: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1761: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519015089 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1762: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1763: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1764: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015085 (0x1eef8aad) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:47 2015 Not After : Tue May 19 06:02:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:fa:a8:f3:ee:bc:fc:2c:30:0d:02:00:a6:1b:c3:34: 79:aa:36:b1:37:c8:82:7b:34:be:ba:51:85:58:54:ee: 3d:cd:e7:3b:f4:7d:68:58:6e:92:20:b5:77:ca:01:52: c8:1b:ae:3f:5d:c0:11:2c:c2:71:99:a2:71:56:a4:1b: 25:ac:12:f0:ca:3d:04:0c:8c:6d:42:c1:04:7b:a0:0e: 18:c5:da:6b:82:35:df:bf:95:d7:c4:ad:25:94:c7:10: 29:2c:32:c9:85:b2:89:68:8a:21:fc:64:c2:d6:4b:c3: 7a:96:17:c8:08:e2:f1:0f:bd:1e:5f:b5:cf:e8:08:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:c7:cf:bb:d8:bd:3a:34:db:a9:a2:f9:4a:73:c6:99: ba:12:d0:84:ef:52:7b:8c:38:d4:b3:ec:67:e0:f5:00: 4e:7e:60:75:78:ba:b3:1e:cb:04:82:f8:4e:83:e9:96: 77:8b:b2:b4:89:41:2c:b4:c3:b6:fa:2a:b6:4d:6a:bb: 7d:05:27:55:26:5a:d1:d7:6b:6e:ae:72:1b:17:47:56: a2:7b:31:44:80:94:65:5b:db:7c:87:64:37:12:2e:4d: 27:25:4d:ae:4b:24:fb:75:90:53:d3:4d:bf:b5:9e:0e: b8:28:99:ce:94:fa:28:88:92:f0:9e:cf:d0:bc:55:11 Fingerprint (SHA-256): 18:EF:56:0E:E3:1C:74:DA:3C:AC:34:33:AC:19:A2:63:2E:58:10:7F:BB:3E:23:88:FE:39:B8:6C:3C:A9:97:05 Fingerprint (SHA1): B8:01:7C:45:F3:90:50:BB:FD:B3:53:B8:7D:3B:D0:8F:8B:C3:95:49 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1765: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1766: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015086 (0x1eef8aae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:51 2015 Not After : Tue May 19 06:02:51 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:f3:e6:eb:6c:5c:c8:6c:e2:3e:ce:11:c5:40:02:a2: 4e:1e:80:7d:a4:bd:2a:a5:8e:e8:58:93:4a:05:7e:e1: 24:be:5c:0e:e7:15:d7:d0:e4:6c:3a:22:ac:c5:a7:aa: a9:3a:9a:66:c8:00:ab:27:2a:0c:b4:a4:b6:e8:ef:0e: 82:ae:eb:b7:c5:a1:b7:bd:3b:84:5c:ec:94:63:96:a1: 43:76:d8:06:49:82:d1:a4:f0:db:b6:5b:16:ce:fe:a7: ef:38:c4:5f:57:c7:01:18:6e:ba:f2:b6:8b:ba:91:b4: 67:1e:1a:23:71:d7:27:c1:ac:bd:da:5b:9b:b6:18:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:3c:19:06:ef:15:74:1b:0d:ff:4e:fe:1c:17:14:bd: f3:d1:19:fd:6e:50:a9:7e:a6:1d:d6:bb:00:2c:28:a5: 36:b4:ae:5b:64:39:d9:1d:33:20:d7:ea:8e:b1:ea:31: 97:ed:65:86:42:92:0e:2c:f8:65:e2:de:28:78:05:77: 97:3b:63:0b:34:5d:ec:6d:43:e3:03:87:b8:b6:4f:ef: 2c:19:f7:13:e7:66:36:2e:58:b2:20:55:3d:27:de:f9: fb:ab:db:89:aa:df:08:80:c8:72:35:a9:21:75:97:be: 0c:b3:d2:a8:5a:82:db:96:2f:c9:9f:a6:48:49:5f:8a Fingerprint (SHA-256): 0F:2C:61:8D:A2:B4:56:69:A7:3C:74:C5:1F:15:60:93:8F:B4:42:B5:75:D5:CF:EA:B4:95:D5:25:18:B2:56:10 Fingerprint (SHA1): CC:E1:1D:19:EF:99:A0:D6:CD:51:B6:90:1D:CD:CC:8E:EC:3C:59:A4 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1767: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1768: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015087 (0x1eef8aaf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:54 2015 Not After : Tue May 19 06:02:54 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:e8:0f:cb:84:f5:31:57:73:4e:7e:c8:d3:ce:ae:30: 47:e6:81:64:7d:e5:e1:66:47:19:1e:d5:d4:3c:af:81: ec:f3:fe:a5:4d:4f:2c:e0:81:ae:91:40:17:77:57:c6: 54:5e:b1:2f:e5:e8:61:48:64:33:f3:12:9d:c6:49:34: 24:3d:a5:49:85:c9:e2:63:2a:ba:c7:eb:6b:53:ff:42: 29:e5:31:ed:2a:90:33:13:45:7c:a0:b1:e0:9f:b5:5f: d4:59:69:b4:b6:aa:3c:17:99:6a:37:ef:ee:e7:b6:15: 0a:8c:0e:e3:2a:83:96:07:be:3a:51:95:ec:e3:1d:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:ee:96:6f:de:7a:34:ec:92:9a:38:bb:d4:89:4f:90: d4:9d:5c:21:81:c8:df:2d:e9:4e:35:bd:d8:bb:48:b1: 66:03:f8:25:34:e6:48:0b:76:a6:9c:90:9a:de:90:0e: 68:20:57:9f:fe:54:c7:f2:c7:65:0e:fe:f9:e8:e9:43: 9d:98:90:33:7f:3e:20:84:9b:a9:59:7e:1e:1c:27:a9: 16:49:14:28:66:b9:f6:77:51:fd:62:df:30:c4:b1:81: 70:0c:b0:46:0f:08:ee:58:20:7c:f1:80:53:76:3f:d8: b4:29:ca:cf:ca:27:ad:3d:40:68:5a:3e:ca:4e:b3:eb Fingerprint (SHA-256): 9F:5D:82:43:BB:8A:F4:E5:E4:AD:9B:DF:6C:B8:34:2E:FE:CA:4A:7E:E0:AB:37:A9:66:BA:FC:0F:EE:3B:CF:49 Fingerprint (SHA1): E7:93:05:21:A4:AD:3E:92:CF:E5:70:26:36:54:1B:CA:3D:2A:B4:20 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1769: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1770: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1771: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #1772: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1773: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015085 (0x1eef8aad) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:47 2015 Not After : Tue May 19 06:02:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:fa:a8:f3:ee:bc:fc:2c:30:0d:02:00:a6:1b:c3:34: 79:aa:36:b1:37:c8:82:7b:34:be:ba:51:85:58:54:ee: 3d:cd:e7:3b:f4:7d:68:58:6e:92:20:b5:77:ca:01:52: c8:1b:ae:3f:5d:c0:11:2c:c2:71:99:a2:71:56:a4:1b: 25:ac:12:f0:ca:3d:04:0c:8c:6d:42:c1:04:7b:a0:0e: 18:c5:da:6b:82:35:df:bf:95:d7:c4:ad:25:94:c7:10: 29:2c:32:c9:85:b2:89:68:8a:21:fc:64:c2:d6:4b:c3: 7a:96:17:c8:08:e2:f1:0f:bd:1e:5f:b5:cf:e8:08:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:c7:cf:bb:d8:bd:3a:34:db:a9:a2:f9:4a:73:c6:99: ba:12:d0:84:ef:52:7b:8c:38:d4:b3:ec:67:e0:f5:00: 4e:7e:60:75:78:ba:b3:1e:cb:04:82:f8:4e:83:e9:96: 77:8b:b2:b4:89:41:2c:b4:c3:b6:fa:2a:b6:4d:6a:bb: 7d:05:27:55:26:5a:d1:d7:6b:6e:ae:72:1b:17:47:56: a2:7b:31:44:80:94:65:5b:db:7c:87:64:37:12:2e:4d: 27:25:4d:ae:4b:24:fb:75:90:53:d3:4d:bf:b5:9e:0e: b8:28:99:ce:94:fa:28:88:92:f0:9e:cf:d0:bc:55:11 Fingerprint (SHA-256): 18:EF:56:0E:E3:1C:74:DA:3C:AC:34:33:AC:19:A2:63:2E:58:10:7F:BB:3E:23:88:FE:39:B8:6C:3C:A9:97:05 Fingerprint (SHA1): B8:01:7C:45:F3:90:50:BB:FD:B3:53:B8:7D:3B:D0:8F:8B:C3:95:49 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1774: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1775: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015086 (0x1eef8aae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:51 2015 Not After : Tue May 19 06:02:51 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:f3:e6:eb:6c:5c:c8:6c:e2:3e:ce:11:c5:40:02:a2: 4e:1e:80:7d:a4:bd:2a:a5:8e:e8:58:93:4a:05:7e:e1: 24:be:5c:0e:e7:15:d7:d0:e4:6c:3a:22:ac:c5:a7:aa: a9:3a:9a:66:c8:00:ab:27:2a:0c:b4:a4:b6:e8:ef:0e: 82:ae:eb:b7:c5:a1:b7:bd:3b:84:5c:ec:94:63:96:a1: 43:76:d8:06:49:82:d1:a4:f0:db:b6:5b:16:ce:fe:a7: ef:38:c4:5f:57:c7:01:18:6e:ba:f2:b6:8b:ba:91:b4: 67:1e:1a:23:71:d7:27:c1:ac:bd:da:5b:9b:b6:18:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:3c:19:06:ef:15:74:1b:0d:ff:4e:fe:1c:17:14:bd: f3:d1:19:fd:6e:50:a9:7e:a6:1d:d6:bb:00:2c:28:a5: 36:b4:ae:5b:64:39:d9:1d:33:20:d7:ea:8e:b1:ea:31: 97:ed:65:86:42:92:0e:2c:f8:65:e2:de:28:78:05:77: 97:3b:63:0b:34:5d:ec:6d:43:e3:03:87:b8:b6:4f:ef: 2c:19:f7:13:e7:66:36:2e:58:b2:20:55:3d:27:de:f9: fb:ab:db:89:aa:df:08:80:c8:72:35:a9:21:75:97:be: 0c:b3:d2:a8:5a:82:db:96:2f:c9:9f:a6:48:49:5f:8a Fingerprint (SHA-256): 0F:2C:61:8D:A2:B4:56:69:A7:3C:74:C5:1F:15:60:93:8F:B4:42:B5:75:D5:CF:EA:B4:95:D5:25:18:B2:56:10 Fingerprint (SHA1): CC:E1:1D:19:EF:99:A0:D6:CD:51:B6:90:1D:CD:CC:8E:EC:3C:59:A4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1776: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1777: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015087 (0x1eef8aaf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:54 2015 Not After : Tue May 19 06:02:54 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:e8:0f:cb:84:f5:31:57:73:4e:7e:c8:d3:ce:ae:30: 47:e6:81:64:7d:e5:e1:66:47:19:1e:d5:d4:3c:af:81: ec:f3:fe:a5:4d:4f:2c:e0:81:ae:91:40:17:77:57:c6: 54:5e:b1:2f:e5:e8:61:48:64:33:f3:12:9d:c6:49:34: 24:3d:a5:49:85:c9:e2:63:2a:ba:c7:eb:6b:53:ff:42: 29:e5:31:ed:2a:90:33:13:45:7c:a0:b1:e0:9f:b5:5f: d4:59:69:b4:b6:aa:3c:17:99:6a:37:ef:ee:e7:b6:15: 0a:8c:0e:e3:2a:83:96:07:be:3a:51:95:ec:e3:1d:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:ee:96:6f:de:7a:34:ec:92:9a:38:bb:d4:89:4f:90: d4:9d:5c:21:81:c8:df:2d:e9:4e:35:bd:d8:bb:48:b1: 66:03:f8:25:34:e6:48:0b:76:a6:9c:90:9a:de:90:0e: 68:20:57:9f:fe:54:c7:f2:c7:65:0e:fe:f9:e8:e9:43: 9d:98:90:33:7f:3e:20:84:9b:a9:59:7e:1e:1c:27:a9: 16:49:14:28:66:b9:f6:77:51:fd:62:df:30:c4:b1:81: 70:0c:b0:46:0f:08:ee:58:20:7c:f1:80:53:76:3f:d8: b4:29:ca:cf:ca:27:ad:3d:40:68:5a:3e:ca:4e:b3:eb Fingerprint (SHA-256): 9F:5D:82:43:BB:8A:F4:E5:E4:AD:9B:DF:6C:B8:34:2E:FE:CA:4A:7E:E0:AB:37:A9:66:BA:FC:0F:EE:3B:CF:49 Fingerprint (SHA1): E7:93:05:21:A4:AD:3E:92:CF:E5:70:26:36:54:1B:CA:3D:2A:B4:20 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #1778: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1779: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015085 (0x1eef8aad) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:47 2015 Not After : Tue May 19 06:02:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:fa:a8:f3:ee:bc:fc:2c:30:0d:02:00:a6:1b:c3:34: 79:aa:36:b1:37:c8:82:7b:34:be:ba:51:85:58:54:ee: 3d:cd:e7:3b:f4:7d:68:58:6e:92:20:b5:77:ca:01:52: c8:1b:ae:3f:5d:c0:11:2c:c2:71:99:a2:71:56:a4:1b: 25:ac:12:f0:ca:3d:04:0c:8c:6d:42:c1:04:7b:a0:0e: 18:c5:da:6b:82:35:df:bf:95:d7:c4:ad:25:94:c7:10: 29:2c:32:c9:85:b2:89:68:8a:21:fc:64:c2:d6:4b:c3: 7a:96:17:c8:08:e2:f1:0f:bd:1e:5f:b5:cf:e8:08:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:c7:cf:bb:d8:bd:3a:34:db:a9:a2:f9:4a:73:c6:99: ba:12:d0:84:ef:52:7b:8c:38:d4:b3:ec:67:e0:f5:00: 4e:7e:60:75:78:ba:b3:1e:cb:04:82:f8:4e:83:e9:96: 77:8b:b2:b4:89:41:2c:b4:c3:b6:fa:2a:b6:4d:6a:bb: 7d:05:27:55:26:5a:d1:d7:6b:6e:ae:72:1b:17:47:56: a2:7b:31:44:80:94:65:5b:db:7c:87:64:37:12:2e:4d: 27:25:4d:ae:4b:24:fb:75:90:53:d3:4d:bf:b5:9e:0e: b8:28:99:ce:94:fa:28:88:92:f0:9e:cf:d0:bc:55:11 Fingerprint (SHA-256): 18:EF:56:0E:E3:1C:74:DA:3C:AC:34:33:AC:19:A2:63:2E:58:10:7F:BB:3E:23:88:FE:39:B8:6C:3C:A9:97:05 Fingerprint (SHA1): B8:01:7C:45:F3:90:50:BB:FD:B3:53:B8:7D:3B:D0:8F:8B:C3:95:49 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1780: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015085 (0x1eef8aad) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:47 2015 Not After : Tue May 19 06:02:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:fa:a8:f3:ee:bc:fc:2c:30:0d:02:00:a6:1b:c3:34: 79:aa:36:b1:37:c8:82:7b:34:be:ba:51:85:58:54:ee: 3d:cd:e7:3b:f4:7d:68:58:6e:92:20:b5:77:ca:01:52: c8:1b:ae:3f:5d:c0:11:2c:c2:71:99:a2:71:56:a4:1b: 25:ac:12:f0:ca:3d:04:0c:8c:6d:42:c1:04:7b:a0:0e: 18:c5:da:6b:82:35:df:bf:95:d7:c4:ad:25:94:c7:10: 29:2c:32:c9:85:b2:89:68:8a:21:fc:64:c2:d6:4b:c3: 7a:96:17:c8:08:e2:f1:0f:bd:1e:5f:b5:cf:e8:08:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:c7:cf:bb:d8:bd:3a:34:db:a9:a2:f9:4a:73:c6:99: ba:12:d0:84:ef:52:7b:8c:38:d4:b3:ec:67:e0:f5:00: 4e:7e:60:75:78:ba:b3:1e:cb:04:82:f8:4e:83:e9:96: 77:8b:b2:b4:89:41:2c:b4:c3:b6:fa:2a:b6:4d:6a:bb: 7d:05:27:55:26:5a:d1:d7:6b:6e:ae:72:1b:17:47:56: a2:7b:31:44:80:94:65:5b:db:7c:87:64:37:12:2e:4d: 27:25:4d:ae:4b:24:fb:75:90:53:d3:4d:bf:b5:9e:0e: b8:28:99:ce:94:fa:28:88:92:f0:9e:cf:d0:bc:55:11 Fingerprint (SHA-256): 18:EF:56:0E:E3:1C:74:DA:3C:AC:34:33:AC:19:A2:63:2E:58:10:7F:BB:3E:23:88:FE:39:B8:6C:3C:A9:97:05 Fingerprint (SHA1): B8:01:7C:45:F3:90:50:BB:FD:B3:53:B8:7D:3B:D0:8F:8B:C3:95:49 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1781: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015086 (0x1eef8aae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:51 2015 Not After : Tue May 19 06:02:51 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:f3:e6:eb:6c:5c:c8:6c:e2:3e:ce:11:c5:40:02:a2: 4e:1e:80:7d:a4:bd:2a:a5:8e:e8:58:93:4a:05:7e:e1: 24:be:5c:0e:e7:15:d7:d0:e4:6c:3a:22:ac:c5:a7:aa: a9:3a:9a:66:c8:00:ab:27:2a:0c:b4:a4:b6:e8:ef:0e: 82:ae:eb:b7:c5:a1:b7:bd:3b:84:5c:ec:94:63:96:a1: 43:76:d8:06:49:82:d1:a4:f0:db:b6:5b:16:ce:fe:a7: ef:38:c4:5f:57:c7:01:18:6e:ba:f2:b6:8b:ba:91:b4: 67:1e:1a:23:71:d7:27:c1:ac:bd:da:5b:9b:b6:18:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:3c:19:06:ef:15:74:1b:0d:ff:4e:fe:1c:17:14:bd: f3:d1:19:fd:6e:50:a9:7e:a6:1d:d6:bb:00:2c:28:a5: 36:b4:ae:5b:64:39:d9:1d:33:20:d7:ea:8e:b1:ea:31: 97:ed:65:86:42:92:0e:2c:f8:65:e2:de:28:78:05:77: 97:3b:63:0b:34:5d:ec:6d:43:e3:03:87:b8:b6:4f:ef: 2c:19:f7:13:e7:66:36:2e:58:b2:20:55:3d:27:de:f9: fb:ab:db:89:aa:df:08:80:c8:72:35:a9:21:75:97:be: 0c:b3:d2:a8:5a:82:db:96:2f:c9:9f:a6:48:49:5f:8a Fingerprint (SHA-256): 0F:2C:61:8D:A2:B4:56:69:A7:3C:74:C5:1F:15:60:93:8F:B4:42:B5:75:D5:CF:EA:B4:95:D5:25:18:B2:56:10 Fingerprint (SHA1): CC:E1:1D:19:EF:99:A0:D6:CD:51:B6:90:1D:CD:CC:8E:EC:3C:59:A4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1782: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015086 (0x1eef8aae) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:02:51 2015 Not After : Tue May 19 06:02:51 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:f3:e6:eb:6c:5c:c8:6c:e2:3e:ce:11:c5:40:02:a2: 4e:1e:80:7d:a4:bd:2a:a5:8e:e8:58:93:4a:05:7e:e1: 24:be:5c:0e:e7:15:d7:d0:e4:6c:3a:22:ac:c5:a7:aa: a9:3a:9a:66:c8:00:ab:27:2a:0c:b4:a4:b6:e8:ef:0e: 82:ae:eb:b7:c5:a1:b7:bd:3b:84:5c:ec:94:63:96:a1: 43:76:d8:06:49:82:d1:a4:f0:db:b6:5b:16:ce:fe:a7: ef:38:c4:5f:57:c7:01:18:6e:ba:f2:b6:8b:ba:91:b4: 67:1e:1a:23:71:d7:27:c1:ac:bd:da:5b:9b:b6:18:09 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:3c:19:06:ef:15:74:1b:0d:ff:4e:fe:1c:17:14:bd: f3:d1:19:fd:6e:50:a9:7e:a6:1d:d6:bb:00:2c:28:a5: 36:b4:ae:5b:64:39:d9:1d:33:20:d7:ea:8e:b1:ea:31: 97:ed:65:86:42:92:0e:2c:f8:65:e2:de:28:78:05:77: 97:3b:63:0b:34:5d:ec:6d:43:e3:03:87:b8:b6:4f:ef: 2c:19:f7:13:e7:66:36:2e:58:b2:20:55:3d:27:de:f9: fb:ab:db:89:aa:df:08:80:c8:72:35:a9:21:75:97:be: 0c:b3:d2:a8:5a:82:db:96:2f:c9:9f:a6:48:49:5f:8a Fingerprint (SHA-256): 0F:2C:61:8D:A2:B4:56:69:A7:3C:74:C5:1F:15:60:93:8F:B4:42:B5:75:D5:CF:EA:B4:95:D5:25:18:B2:56:10 Fingerprint (SHA1): CC:E1:1D:19:EF:99:A0:D6:CD:51:B6:90:1D:CD:CC:8E:EC:3C:59:A4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #1783: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015087 (0x1eef8aaf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:54 2015 Not After : Tue May 19 06:02:54 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:e8:0f:cb:84:f5:31:57:73:4e:7e:c8:d3:ce:ae:30: 47:e6:81:64:7d:e5:e1:66:47:19:1e:d5:d4:3c:af:81: ec:f3:fe:a5:4d:4f:2c:e0:81:ae:91:40:17:77:57:c6: 54:5e:b1:2f:e5:e8:61:48:64:33:f3:12:9d:c6:49:34: 24:3d:a5:49:85:c9:e2:63:2a:ba:c7:eb:6b:53:ff:42: 29:e5:31:ed:2a:90:33:13:45:7c:a0:b1:e0:9f:b5:5f: d4:59:69:b4:b6:aa:3c:17:99:6a:37:ef:ee:e7:b6:15: 0a:8c:0e:e3:2a:83:96:07:be:3a:51:95:ec:e3:1d:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:ee:96:6f:de:7a:34:ec:92:9a:38:bb:d4:89:4f:90: d4:9d:5c:21:81:c8:df:2d:e9:4e:35:bd:d8:bb:48:b1: 66:03:f8:25:34:e6:48:0b:76:a6:9c:90:9a:de:90:0e: 68:20:57:9f:fe:54:c7:f2:c7:65:0e:fe:f9:e8:e9:43: 9d:98:90:33:7f:3e:20:84:9b:a9:59:7e:1e:1c:27:a9: 16:49:14:28:66:b9:f6:77:51:fd:62:df:30:c4:b1:81: 70:0c:b0:46:0f:08:ee:58:20:7c:f1:80:53:76:3f:d8: b4:29:ca:cf:ca:27:ad:3d:40:68:5a:3e:ca:4e:b3:eb Fingerprint (SHA-256): 9F:5D:82:43:BB:8A:F4:E5:E4:AD:9B:DF:6C:B8:34:2E:FE:CA:4A:7E:E0:AB:37:A9:66:BA:FC:0F:EE:3B:CF:49 Fingerprint (SHA1): E7:93:05:21:A4:AD:3E:92:CF:E5:70:26:36:54:1B:CA:3D:2A:B4:20 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1784: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015087 (0x1eef8aaf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:02:54 2015 Not After : Tue May 19 06:02:54 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:e8:0f:cb:84:f5:31:57:73:4e:7e:c8:d3:ce:ae:30: 47:e6:81:64:7d:e5:e1:66:47:19:1e:d5:d4:3c:af:81: ec:f3:fe:a5:4d:4f:2c:e0:81:ae:91:40:17:77:57:c6: 54:5e:b1:2f:e5:e8:61:48:64:33:f3:12:9d:c6:49:34: 24:3d:a5:49:85:c9:e2:63:2a:ba:c7:eb:6b:53:ff:42: 29:e5:31:ed:2a:90:33:13:45:7c:a0:b1:e0:9f:b5:5f: d4:59:69:b4:b6:aa:3c:17:99:6a:37:ef:ee:e7:b6:15: 0a:8c:0e:e3:2a:83:96:07:be:3a:51:95:ec:e3:1d:63 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:ee:96:6f:de:7a:34:ec:92:9a:38:bb:d4:89:4f:90: d4:9d:5c:21:81:c8:df:2d:e9:4e:35:bd:d8:bb:48:b1: 66:03:f8:25:34:e6:48:0b:76:a6:9c:90:9a:de:90:0e: 68:20:57:9f:fe:54:c7:f2:c7:65:0e:fe:f9:e8:e9:43: 9d:98:90:33:7f:3e:20:84:9b:a9:59:7e:1e:1c:27:a9: 16:49:14:28:66:b9:f6:77:51:fd:62:df:30:c4:b1:81: 70:0c:b0:46:0f:08:ee:58:20:7c:f1:80:53:76:3f:d8: b4:29:ca:cf:ca:27:ad:3d:40:68:5a:3e:ca:4e:b3:eb Fingerprint (SHA-256): 9F:5D:82:43:BB:8A:F4:E5:E4:AD:9B:DF:6C:B8:34:2E:FE:CA:4A:7E:E0:AB:37:A9:66:BA:FC:0F:EE:3B:CF:49 Fingerprint (SHA1): E7:93:05:21:A4:AD:3E:92:CF:E5:70:26:36:54:1B:CA:3D:2A:B4:20 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #1785: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1786: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015090 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1787: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1788: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1789: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1790: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519015091 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1791: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1792: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #1793: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1794: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015092 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1795: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1796: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #1797: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1798: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519015093 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1799: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1800: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #1801: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1802: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519015094 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1803: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1804: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #1805: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1806: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519015095 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1807: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1808: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #1809: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1810: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519015096 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1811: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1812: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1813: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #1814: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #1815: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #1816: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #1817: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015090 (0x1eef8ab2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:17 2015 Not After : Tue May 19 06:03:17 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:76:f5:a0:b0:21:99:57:a8:c2:f6:8a:0e:03:45:50: b1:af:89:36:6f:84:29:58:47:74:a3:9c:4b:7d:29:f0: f4:f6:58:95:87:18:e4:2a:0a:b4:cb:0d:fe:a2:78:82: 73:2e:33:76:ef:42:64:14:62:03:cb:62:f3:6d:d5:b8: 38:d9:78:1e:49:eb:70:7d:21:4e:3f:cb:aa:e4:63:f3: 4a:ae:e4:61:47:7c:e3:35:85:60:f8:9c:4f:e4:11:a9: c9:aa:83:8f:b2:b6:49:af:33:04:4d:c3:df:a1:18:18: 9b:f4:41:2b:89:67:13:89:f6:9a:74:44:61:e2:7d:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:55:87:7a:06:bd:ff:63:a2:3d:10:41:7a:02:e2:ae: dc:b8:77:9d:d5:42:85:12:12:8f:b1:bb:63:cf:f3:ca: 4e:eb:81:44:3b:b7:f1:f3:67:e9:0f:a7:5f:3a:1d:fb: ae:22:ee:c0:6b:b3:71:9d:a3:d0:a9:39:a2:a9:69:20: aa:4b:7a:37:24:81:e0:5a:66:d9:02:8a:fc:0b:5e:e8: 6d:1b:42:a2:09:18:75:e4:e8:8c:48:d8:b5:e3:76:e2: af:bc:92:99:04:f7:5d:8b:ea:bd:1e:56:f3:18:e0:4c: 0a:3b:55:54:c5:7a:e6:db:3c:1f:7e:ad:20:62:e9:c2 Fingerprint (SHA-256): 51:20:71:60:65:ED:16:70:58:F9:EE:4E:96:3D:7A:87:66:2D:1C:17:95:51:39:40:F1:47:A3:71:0B:2F:6E:D0 Fingerprint (SHA1): 7A:3B:E4:B3:1D:07:59:39:CA:8D:44:CE:70:CE:FE:0E:5D:94:88:93 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1818: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1819: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1820: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1821: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015090 (0x1eef8ab2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:17 2015 Not After : Tue May 19 06:03:17 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:76:f5:a0:b0:21:99:57:a8:c2:f6:8a:0e:03:45:50: b1:af:89:36:6f:84:29:58:47:74:a3:9c:4b:7d:29:f0: f4:f6:58:95:87:18:e4:2a:0a:b4:cb:0d:fe:a2:78:82: 73:2e:33:76:ef:42:64:14:62:03:cb:62:f3:6d:d5:b8: 38:d9:78:1e:49:eb:70:7d:21:4e:3f:cb:aa:e4:63:f3: 4a:ae:e4:61:47:7c:e3:35:85:60:f8:9c:4f:e4:11:a9: c9:aa:83:8f:b2:b6:49:af:33:04:4d:c3:df:a1:18:18: 9b:f4:41:2b:89:67:13:89:f6:9a:74:44:61:e2:7d:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a3:55:87:7a:06:bd:ff:63:a2:3d:10:41:7a:02:e2:ae: dc:b8:77:9d:d5:42:85:12:12:8f:b1:bb:63:cf:f3:ca: 4e:eb:81:44:3b:b7:f1:f3:67:e9:0f:a7:5f:3a:1d:fb: ae:22:ee:c0:6b:b3:71:9d:a3:d0:a9:39:a2:a9:69:20: aa:4b:7a:37:24:81:e0:5a:66:d9:02:8a:fc:0b:5e:e8: 6d:1b:42:a2:09:18:75:e4:e8:8c:48:d8:b5:e3:76:e2: af:bc:92:99:04:f7:5d:8b:ea:bd:1e:56:f3:18:e0:4c: 0a:3b:55:54:c5:7a:e6:db:3c:1f:7e:ad:20:62:e9:c2 Fingerprint (SHA-256): 51:20:71:60:65:ED:16:70:58:F9:EE:4E:96:3D:7A:87:66:2D:1C:17:95:51:39:40:F1:47:A3:71:0B:2F:6E:D0 Fingerprint (SHA1): 7A:3B:E4:B3:1D:07:59:39:CA:8D:44:CE:70:CE:FE:0E:5D:94:88:93 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1822: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1823: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #1824: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015097 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1825: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #1826: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #1827: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1828: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519015098 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1829: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1830: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #1831: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1832: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519015099 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1833: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1834: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #1835: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1836: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519015100 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1837: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1838: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #1839: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1840: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519015101 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1841: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1842: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #1843: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1844: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519015102 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1845: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1846: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #1847: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1848: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519015103 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1849: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1850: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #1851: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1852: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519015104 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1853: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1854: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #1855: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1856: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519015105 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1857: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1858: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #1859: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1860: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519015106 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1861: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1862: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #1863: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1864: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519015107 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1865: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1866: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #1867: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1868: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519015108 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1869: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1870: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #1871: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1872: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519015109 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1873: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1874: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #1875: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1876: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519015110 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1877: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1878: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #1879: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1880: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519015111 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1881: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1882: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #1883: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1884: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519015112 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1885: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1886: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #1887: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1888: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519015113 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1889: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1890: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #1891: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1892: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519015114 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #1893: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1894: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #1895: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1896: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519015115 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1897: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1898: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #1899: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1900: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519015116 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1901: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1902: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #1903: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1904: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519015117 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1905: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1906: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #1907: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1908: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519015118 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1909: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1910: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #1911: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1912: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519015119 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1913: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1914: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #1915: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1916: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519015120 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1917: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1918: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #1919: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1920: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519015121 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1921: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1922: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #1923: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1924: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519015122 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1925: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1926: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #1927: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1928: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519015123 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1929: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1930: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #1931: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1932: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519015124 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1933: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1934: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #1935: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1936: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519015125 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1937: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1938: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #1939: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1940: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519015126 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1941: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1942: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1943: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1944: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1945: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1946: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1947: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1948: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1949: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1950: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1951: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1952: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1953: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1954: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1955: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1956: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1957: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1958: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1959: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1960: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #1961: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1962: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1963: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1964: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1965: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015097 (0x1eef8ab9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:03:45 2015 Not After : Tue May 19 06:03:45 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:ee:89:85:7e:45:bf:02:6b:87:d9:b1:4b:37:29:87: 80:d4:61:0c:3e:54:a3:17:fd:88:78:b0:e1:bb:77:61: 26:ec:a5:37:18:6d:c2:84:9a:1a:2e:24:1f:9d:7f:2e: 1a:b4:99:ca:d3:7f:b6:82:b0:76:56:21:5d:85:e2:6e: a9:4b:d9:45:75:ea:76:20:99:f1:e7:95:83:52:ae:36: a2:62:b0:e5:ed:93:e9:46:48:02:5e:5c:5a:8a:f5:94: 84:58:30:4d:f5:ce:3d:13:15:17:cf:44:5c:e5:b5:64: 15:ba:6e:25:8e:11:f5:0c:12:bd:1d:f1:a9:af:0c:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:4c:d2:10:b5:5d:a1:9a:da:b5:67:52:ce:45:55:0b: f3:a3:a3:f0:64:a2:97:14:f8:5f:f4:f4:3b:a5:aa:1a: d7:1a:46:f2:af:a8:ca:d5:35:18:4a:e9:31:35:d2:cd: ba:2c:19:f7:ce:f0:3e:a8:f7:5f:22:ee:b6:84:f2:fe: ac:83:09:6b:b8:59:91:84:f7:32:e7:43:2c:ab:10:ed: 9b:d3:fe:ef:ef:a9:0e:77:01:c8:8b:c0:68:52:82:5e: d8:9e:ff:b3:d8:28:83:2b:2d:ab:bb:4d:0d:fb:5b:9d: fe:0e:54:6c:a0:d3:3a:bc:d8:79:da:2c:68:c1:40:43 Fingerprint (SHA-256): A2:5E:73:36:41:62:EF:FF:9A:44:96:71:F7:C5:D6:57:9D:6C:1E:FF:30:2D:26:30:49:24:1C:52:24:26:51:3F Fingerprint (SHA1): 70:5F:7C:98:98:F2:7D:87:2E:88:AD:15:48:EB:BE:44:C0:59:D2:70 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #1966: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1967: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #1968: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015127 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #1969: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #1970: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #1971: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1972: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519015128 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #1973: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1974: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #1975: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1976: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519015129 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1977: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1978: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #1979: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #1980: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519015130 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1981: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1982: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #1983: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1984: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519015131 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1985: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1986: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #1987: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1988: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519015132 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1989: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1990: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #1991: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #1992: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519015133 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #1993: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #1994: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #1995: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015127 (0x1eef8ad7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:05:37 2015 Not After : Tue May 19 06:05:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:12:50:45:c4:ad:75:14:07:b0:7b:cf:b4:c5:ac:51: 06:17:fa:77:c8:24:c6:02:46:1f:11:1e:b5:81:18:ee: 6f:a7:9c:79:ce:44:f2:b6:5b:c3:89:6f:8b:f4:60:74: 5e:45:94:84:95:b2:f3:ea:ca:02:3e:6b:be:88:b3:86: 5a:c8:ce:8b:d9:f6:37:cc:59:63:21:31:aa:cd:13:bd: 8f:12:d4:53:52:2d:51:c2:17:78:05:4d:23:22:0a:71: 30:e1:45:74:a1:d4:ef:f2:c2:23:8f:e6:41:a7:22:7f: 2a:f3:a5:78:c3:fd:a2:14:a2:c3:dc:c5:e2:52:a8:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:60:a2:c5:e6:00:44:6d:a4:fc:a8:e1:12:a4:6c:0e: 56:da:35:5d:c0:6c:41:e8:44:ce:ec:7c:81:72:c1:9b: 42:30:7b:3f:d2:d9:8a:ce:d5:ca:c8:c9:78:19:8e:bf: 52:b9:f4:a7:66:d2:3f:f9:ab:32:f2:14:7f:ab:c2:bd: 02:50:46:7d:6f:53:d2:99:8e:8d:09:68:3c:de:fc:b4: 21:ea:39:93:f3:99:2a:f8:e5:e4:8a:a4:16:5e:cb:bb: 5a:cb:f2:9e:5e:fe:ac:d3:d7:41:20:9f:0b:f2:7c:64: 75:4d:64:99:a6:22:e3:85:d5:01:c0:cc:1d:c9:7d:d9 Fingerprint (SHA-256): CD:B2:8F:58:81:16:57:27:29:C5:C8:2F:EA:98:30:A9:16:E3:52:B2:DA:BA:77:9D:62:8C:9A:C3:96:1F:94:57 Fingerprint (SHA1): 62:5E:C3:79:F3:FB:A3:87:A3:69:16:15:AC:9B:29:8E:C4:76:29:1B Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #1996: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1997: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #1998: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #1999: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015127 (0x1eef8ad7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:05:37 2015 Not After : Tue May 19 06:05:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:12:50:45:c4:ad:75:14:07:b0:7b:cf:b4:c5:ac:51: 06:17:fa:77:c8:24:c6:02:46:1f:11:1e:b5:81:18:ee: 6f:a7:9c:79:ce:44:f2:b6:5b:c3:89:6f:8b:f4:60:74: 5e:45:94:84:95:b2:f3:ea:ca:02:3e:6b:be:88:b3:86: 5a:c8:ce:8b:d9:f6:37:cc:59:63:21:31:aa:cd:13:bd: 8f:12:d4:53:52:2d:51:c2:17:78:05:4d:23:22:0a:71: 30:e1:45:74:a1:d4:ef:f2:c2:23:8f:e6:41:a7:22:7f: 2a:f3:a5:78:c3:fd:a2:14:a2:c3:dc:c5:e2:52:a8:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:60:a2:c5:e6:00:44:6d:a4:fc:a8:e1:12:a4:6c:0e: 56:da:35:5d:c0:6c:41:e8:44:ce:ec:7c:81:72:c1:9b: 42:30:7b:3f:d2:d9:8a:ce:d5:ca:c8:c9:78:19:8e:bf: 52:b9:f4:a7:66:d2:3f:f9:ab:32:f2:14:7f:ab:c2:bd: 02:50:46:7d:6f:53:d2:99:8e:8d:09:68:3c:de:fc:b4: 21:ea:39:93:f3:99:2a:f8:e5:e4:8a:a4:16:5e:cb:bb: 5a:cb:f2:9e:5e:fe:ac:d3:d7:41:20:9f:0b:f2:7c:64: 75:4d:64:99:a6:22:e3:85:d5:01:c0:cc:1d:c9:7d:d9 Fingerprint (SHA-256): CD:B2:8F:58:81:16:57:27:29:C5:C8:2F:EA:98:30:A9:16:E3:52:B2:DA:BA:77:9D:62:8C:9A:C3:96:1F:94:57 Fingerprint (SHA1): 62:5E:C3:79:F3:FB:A3:87:A3:69:16:15:AC:9B:29:8E:C4:76:29:1B Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #2000: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2001: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2002: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2003: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015134 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2004: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2005: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2006: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2007: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015135 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2008: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2009: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2010: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2011: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015136 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2012: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2013: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2014: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2015: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519015137 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2016: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2017: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2018: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2019: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2020: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2021: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015134 (0x1eef8ade) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:06:04 2015 Not After : Tue May 19 06:06:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:1a:52:94:eb:e8:a5:41:b1:28:ec:56:7c:b7:65:60: a3:a9:ff:90:c2:a9:1e:e4:64:b6:b4:e4:36:3f:06:5e: 8b:5c:5f:4a:38:65:1c:ba:c0:61:ac:f4:e5:0a:1e:c0: 35:77:97:b5:03:af:d9:39:c3:9d:b4:8d:5b:e4:46:17: 62:1c:90:05:57:66:71:d6:8a:b7:d3:bc:9a:fd:fa:93: 96:ea:1d:d7:b9:11:cd:ed:cc:2f:14:81:fd:d3:90:0c: b3:b5:64:6b:1a:9a:b5:20:39:31:16:30:e7:a6:0a:5f: 7f:43:90:46:ba:88:94:86:6c:bf:71:8e:97:ab:07:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:49:81:bd:30:b2:ee:6b:79:d9:e7:f4:a9:55:58:2e: 9c:30:f1:58:1d:ba:bd:c3:71:55:5a:0f:65:8b:8e:a7: d7:f3:9b:f4:ff:aa:af:2b:de:28:c6:19:e4:ad:0e:2c: 8d:e5:6d:85:8d:09:5a:f5:57:8e:4e:e8:7d:8e:4b:c1: 4b:b4:d4:05:23:78:48:65:7d:6c:16:9f:03:b8:0f:40: 27:6e:ad:91:46:2d:60:4e:6b:a8:a1:b1:2e:dd:6b:e9: 6b:05:ff:51:13:52:12:2c:44:0e:8e:30:53:f4:40:01: 69:7f:94:87:a5:df:25:dc:9a:61:5e:1e:24:ab:84:c6 Fingerprint (SHA-256): D6:DE:A1:8E:77:EB:7F:79:AF:62:8A:59:37:1C:E5:A3:13:95:34:BB:9F:54:87:2F:24:5C:E6:53:21:7D:41:A1 Fingerprint (SHA1): 5C:16:BE:C9:EC:9E:E9:BD:F5:05:F6:97:C7:0E:7A:6D:B0:75:C0:14 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2022: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2023: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2024: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015135 (0x1eef8adf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:06:07 2015 Not After : Tue May 19 06:06:07 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:50:64:46:35:93:4c:f3:15:93:37:b7:bc:d1:c9:1a: bc:37:02:57:ac:27:f9:f6:51:a0:ed:12:a0:a4:c6:3a: af:0e:66:28:f3:52:0c:aa:a9:10:64:06:7c:d7:78:88: c2:96:29:06:35:dd:03:cb:ce:71:e2:1c:d9:71:74:91: 70:cb:41:9f:e9:2e:c9:67:55:c3:4b:a3:00:8c:90:b7: 5a:2e:dd:3f:57:33:dc:01:07:95:df:09:53:69:43:19: 2f:c3:49:5c:2a:ee:18:05:f6:df:67:56:a1:89:eb:ab: 4a:04:22:ae:6b:e5:7e:09:eb:2e:36:76:a3:e0:8a:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:31:b9:7c:a7:62:d7:e5:46:9c:93:dc:ea:84:dc:91: 4e:c9:fd:f5:68:12:d6:00:32:7d:18:aa:89:0d:76:57: da:0f:06:32:b5:8e:f9:27:48:f5:d3:1a:7b:95:9a:a7: 5d:21:3b:af:b4:25:1c:28:b0:91:f6:12:18:57:2e:37: c3:e2:91:ac:61:39:07:4f:f3:eb:fa:78:75:86:a1:75: a0:e3:5b:c1:21:3c:7a:25:cb:33:e4:3f:be:fa:72:bb: cd:ff:29:3e:9e:13:26:57:9c:e2:67:ea:55:de:1e:84: 53:72:86:02:b4:1c:67:f2:ab:b2:21:5f:ca:3c:ad:91 Fingerprint (SHA-256): 8E:84:81:42:09:FF:0C:24:B4:32:BD:96:7C:5D:00:37:33:18:61:6F:C4:F5:15:9A:58:BF:25:42:AD:E6:68:A0 Fingerprint (SHA1): C8:15:5D:F6:9E:58:BC:12:0E:88:9E:AF:B5:4F:1C:09:A7:77:5B:57 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2025: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2026: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015136 (0x1eef8ae0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:06:10 2015 Not After : Tue May 19 06:06:10 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:1c:80:26:d5:e0:ae:ba:62:28:74:27:6e:31:fd:10: 47:35:f2:65:17:26:17:cd:f3:18:62:0d:92:e2:53:32: 4c:3e:98:b8:5c:65:41:ad:13:fd:dc:2f:b2:24:fd:7e: cf:c0:98:dd:dc:23:67:af:59:6c:26:67:e1:fe:4f:d3: 66:c5:7d:72:e9:d5:65:da:2c:34:a3:96:ec:b4:b0:f0: 46:84:75:2b:c7:27:84:6c:97:6c:c7:5d:47:1f:fd:c9: 1f:42:93:71:26:c6:02:c3:16:0c:ac:93:bc:59:84:2d: 55:de:a2:0f:1d:67:bc:4a:60:6b:75:09:56:40:b7:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 96:81:d6:2b:9c:26:9d:66:37:12:cb:39:5e:46:87:d5: 1e:8c:5d:f2:15:93:81:d1:6a:16:3b:d9:e0:bd:a0:3c: b0:7f:5f:4d:e1:35:d8:e7:ee:96:f0:89:e7:94:a0:98: 71:e1:46:74:0d:92:61:18:fb:1d:98:13:34:99:41:5f: 3e:22:c9:0d:c5:67:cc:81:58:21:03:84:7c:80:b1:c7: b0:81:fc:75:df:2e:06:d3:8a:7c:ad:87:35:5c:df:fc: f9:2c:10:76:34:ed:d6:a1:0a:4a:62:26:b0:fa:b1:1b: ec:60:64:4d:45:a5:b9:91:cb:81:56:e2:bd:d3:17:68 Fingerprint (SHA-256): 98:5A:3D:8A:2A:5B:00:7C:54:90:84:A7:5B:6C:FE:AD:10:67:1B:F9:1C:07:C8:7E:FF:50:70:14:BD:5C:42:48 Fingerprint (SHA1): 71:08:F1:92:46:BC:B2:20:2E:48:7B:8E:0E:8E:61:0D:D0:8D:48:68 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #2027: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2028: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015138 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2029: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2030: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2031: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2032: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015139 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2033: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2034: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2035: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2036: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015140 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2037: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2038: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2039: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2040: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519015141 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2041: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2042: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2043: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2044: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519015142 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2045: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2046: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2047: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #2048: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #2049: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #2050: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #2051: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015138 (0x1eef8ae2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:06:21 2015 Not After : Tue May 19 06:06:21 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e1:18:d4:16:a4:a3:5a:ad:3a:fc:27:30:59:a7:fb:48: 18:d8:a2:b9:0a:bf:79:16:7a:f2:83:0c:5d:17:bc:ce: 34:ec:3a:ab:e4:06:fa:24:46:b9:46:86:a7:a9:8b:69: 52:be:42:e7:7e:6b:06:8a:92:b4:e5:40:d5:88:e0:a7: 68:a0:af:26:29:7b:87:43:6f:8b:db:7b:ef:f6:08:21: 2c:af:42:1c:a0:5a:d0:79:1c:6f:7f:f2:1a:69:08:c9: 36:ac:e3:8b:83:32:69:89:16:5a:38:dd:d2:7a:e9:61: 6d:30:7b:dc:eb:a7:8c:c6:11:6c:3a:0c:8d:c7:d9:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5b:76:bc:89:a2:53:70:47:e6:6e:24:6d:86:9f:e3:26: b5:00:26:59:cb:47:fa:4c:fe:08:0b:76:b6:43:d4:9d: 67:37:32:b5:49:f7:6d:37:92:3d:37:47:e1:6d:72:54: e7:6e:19:41:17:52:28:6a:e3:93:1b:d6:2a:51:d8:12: db:7b:44:c4:19:ee:66:31:50:7e:ae:24:94:5e:32:15: 27:53:b9:19:4d:16:2a:72:9f:10:c0:87:14:11:5d:ae: a1:6a:08:b3:3e:e1:51:eb:e7:06:ae:75:62:6b:1e:63: 49:93:d5:5d:74:b1:8f:ba:0d:3a:0a:01:f2:e8:b3:b4 Fingerprint (SHA-256): 73:AA:03:FA:00:EE:48:51:F5:CD:EF:AD:36:09:71:F5:4D:83:BE:65:DD:B9:20:5D:AA:71:B7:F5:C6:5B:85:E9 Fingerprint (SHA1): E5:4A:70:94:76:4F:15:D8:08:E6:D8:F4:B9:E7:4C:29:E1:08:00:47 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2052: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2053: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015139 (0x1eef8ae3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:06:24 2015 Not After : Tue May 19 06:06:24 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:44:6f:ae:74:3a:9f:43:49:f3:a4:d7:98:ef:fd:16: 45:d9:f5:d4:1a:b2:28:85:b6:77:a5:31:8d:77:d4:5f: a6:5a:b6:f7:d2:85:6e:78:c4:93:7a:b0:48:2d:79:7d: cf:d5:0d:10:a4:ad:9d:6b:af:b3:bd:b6:8f:2f:cf:c7: b1:55:72:32:66:07:c6:7a:95:ef:29:87:ea:ac:8f:f2: 63:2f:8f:33:00:07:88:5a:e0:cc:24:8a:28:5c:9f:ed: fb:40:53:af:95:dc:d0:6c:28:dd:e0:ca:05:e3:55:a2: 3c:61:e1:25:aa:1a:f3:f8:21:ca:a2:20:2e:f1:dd:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2d:75:1c:5c:c2:91:d3:2a:b5:27:44:d4:33:a2:78:90: 0d:8f:cb:af:6d:1d:2b:71:42:d4:51:b1:87:a7:c3:14: 72:fc:7b:63:10:63:ad:9b:49:0f:98:a7:59:fd:ed:37: 12:68:b7:44:10:aa:7d:bd:b1:88:57:30:62:57:0a:09: e2:15:f8:e5:6d:a0:02:74:6b:49:6e:43:5a:62:4f:b5: df:12:db:87:a8:74:d5:5b:48:41:2a:31:91:32:45:ec: d8:5b:85:c4:be:5a:ea:1f:03:d7:fe:ee:1a:e4:cd:60: 4d:8d:a2:e9:1e:90:9a:6e:e0:9e:4d:1d:11:d2:a9:e2 Fingerprint (SHA-256): 6E:53:6F:79:D7:CB:5A:AE:78:BB:A5:D5:20:2B:B8:10:3C:FF:36:CA:6C:7C:8E:8E:EF:64:AA:3B:42:4E:85:C1 Fingerprint (SHA1): CB:A9:87:0E:33:D3:1D:7B:E6:98:E1:08:36:52:47:F1:6A:E0:83:2D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2054: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2055: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2056: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015140 (0x1eef8ae4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:06:27 2015 Not After : Tue May 19 06:06:27 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:33:50:ea:2a:7a:bc:1a:d4:57:16:b0:85:14:14:fb: 97:2c:da:35:03:fa:0b:14:de:50:6f:8d:5f:b0:4e:1c: 35:e8:f0:7e:47:7b:fb:f7:ff:6e:15:8b:45:09:c0:d4: dd:36:1c:c6:03:70:82:d0:d9:d5:e5:73:25:04:52:7a: 67:55:f3:98:fb:8f:d5:f0:cb:03:11:30:b4:5c:b1:8e: 6d:c3:01:4f:d9:d2:69:e5:58:ef:08:a0:8c:34:9c:4a: c3:7e:05:74:a0:21:29:bc:2a:02:fc:fb:82:4c:09:50: 73:4e:a2:87:09:18:ba:2d:1f:66:e6:f0:ac:c0:2a:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5f:45:2a:27:63:1f:f7:79:b0:85:3a:f2:3d:d5:5f:20: db:c5:1b:04:41:d7:66:0d:d9:16:43:3c:c9:d0:94:21: 6f:c2:07:d6:1c:42:f9:ff:61:47:a8:18:f6:9d:a7:06: b3:a2:b0:80:45:9a:c9:f8:5d:33:c9:68:ec:d7:08:c7: 58:18:1f:ca:c7:b0:d4:f2:ed:6a:6f:51:d5:43:7d:3d: 63:8c:49:ce:87:dd:ae:dd:2f:71:0a:fa:6f:00:ed:96: cc:11:4e:a6:5d:76:74:7d:6b:02:c7:ba:5d:aa:c0:ce: 74:81:af:01:f3:c1:59:7e:39:16:d9:55:1f:45:33:6c Fingerprint (SHA-256): 8A:E7:31:86:9E:47:0C:C2:7E:30:71:98:EF:D1:EA:DE:AE:7C:97:53:D5:E3:C8:A5:F9:D6:DF:67:93:55:65:A1 Fingerprint (SHA1): 48:12:0B:72:28:51:4B:73:89:EA:5B:33:08:96:EF:0B:79:4C:60:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2057: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2058: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015143 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2059: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2060: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2061: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2062: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015144 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2063: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2064: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2065: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2066: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015145 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519014922.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2067: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2068: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #2069: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2070: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519015146 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2071: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2072: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #2073: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015143 (0x1eef8ae7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:06:43 2015 Not After : Tue May 19 06:06:43 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:b9:4f:b6:af:a0:ad:7b:e6:33:60:15:2e:1a:a2:53: fb:4a:af:83:97:37:21:59:42:e4:3b:ea:00:e0:7e:b1: 4f:ea:36:25:50:2e:d0:ce:50:08:4c:48:11:bc:02:37: 65:c7:fa:5b:ea:e8:dd:03:06:d1:ca:60:59:2f:29:53: 79:ba:3c:cf:9f:e7:ce:7a:d2:e7:8e:af:07:c0:9d:02: b4:ea:86:61:f7:1a:5a:4a:e5:e0:f3:4c:32:63:20:1a: 56:4d:f5:6b:ea:f8:b7:a7:60:e3:69:1f:45:d5:15:a4: a3:7b:27:97:2a:04:0f:0e:0a:bf:0b:b4:0e:a0:e6:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:78:6c:46:1f:5a:1d:ff:b1:0c:56:d4:e0:00:43:78: 74:e6:83:48:b7:84:98:73:c2:9e:69:b1:b9:86:4c:fa: 28:e2:32:fa:76:91:ac:33:02:f3:c6:6d:58:0a:4c:ea: ef:aa:3d:18:38:5e:0f:fa:09:21:5a:72:ce:39:1e:2b: 61:fb:bc:5f:4d:06:8c:2a:82:57:03:1e:41:96:48:0a: b7:1c:74:06:bc:77:de:a8:33:00:2b:f9:8c:48:20:ce: 7d:56:c0:af:30:50:01:1e:fd:7c:de:20:f6:46:f9:f2: dd:4f:99:20:1b:5b:17:88:72:53:a7:85:3d:e5:d0:19 Fingerprint (SHA-256): 0A:3D:8B:2F:0A:6B:FF:77:FD:2B:8D:4A:FF:D7:9F:23:B9:DE:85:30:0D:EB:51:74:33:D9:A4:20:3A:3F:F5:89 Fingerprint (SHA1): F7:9D:55:CA:2F:A2:F7:BD:28:86:A0:D0:E1:C1:7A:95:D6:89:4C:A9 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2074: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2075: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015147 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2076: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2077: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2078: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015148 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2079: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2080: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2081: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2082: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519015149 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2083: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2084: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519015150 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2085: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2086: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2087: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2088: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2089: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015151 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519014923.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2090: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2091: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2092: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2093: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015152 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2094: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2095: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2096: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2097: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015148 (0x1eef8aec) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:06:59 2015 Not After : Tue May 19 06:06:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:c8:01:99:f3:20:72:13:96:c0:8f:8b:37:9d:15:e7: 8c:81:27:06:66:d2:4d:75:63:4e:28:e6:4a:8a:43:eb: 4c:b5:04:68:30:85:19:89:c2:68:ad:d4:57:68:f6:51: a8:54:4c:c3:c9:31:7e:ed:f5:de:23:30:19:0b:c4:1a: 54:1b:b0:6f:4f:f2:06:30:48:d2:b6:18:6a:b6:be:a6: ea:13:e3:04:d8:14:4e:62:fd:2b:61:fb:88:4a:67:a2: a6:db:87:1e:05:36:0f:a6:c5:a8:a9:e8:3e:f9:71:06: 81:3f:d3:6e:26:75:98:da:4a:72:d4:94:19:1e:9e:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:55:ae:14:0d:7f:0d:4c:88:9c:91:54:0b:90:46:30: ac:a0:79:f3:9e:4e:a7:ac:b9:9c:66:a0:a5:0f:0d:19: b6:b0:11:dc:d7:0e:9f:99:2e:5d:b8:f8:9d:fe:8e:e5: 80:e2:97:cb:af:61:18:05:6c:85:e9:ea:53:f9:55:15: f7:9d:cd:b0:85:0c:7b:b3:85:4a:c2:ea:21:db:91:17: af:c0:fd:2f:1d:19:9a:13:ec:53:77:08:16:91:2a:71: 43:43:7f:dc:aa:0b:d5:b2:c6:ec:18:00:db:a5:51:15: 35:57:04:b7:0f:5f:52:f1:ef:51:31:fd:5d:10:b3:50 Fingerprint (SHA-256): F6:FF:72:B3:D0:46:9C:6D:15:44:FB:87:97:B8:F5:4E:94:D7:56:F8:16:98:63:46:6E:CD:04:E3:E2:68:66:98 Fingerprint (SHA1): ED:ED:92:47:C2:57:11:21:9E:A7:96:C8:4F:5B:C0:AC:BE:08:25:1F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2098: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015148 (0x1eef8aec) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:06:59 2015 Not After : Tue May 19 06:06:59 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:c8:01:99:f3:20:72:13:96:c0:8f:8b:37:9d:15:e7: 8c:81:27:06:66:d2:4d:75:63:4e:28:e6:4a:8a:43:eb: 4c:b5:04:68:30:85:19:89:c2:68:ad:d4:57:68:f6:51: a8:54:4c:c3:c9:31:7e:ed:f5:de:23:30:19:0b:c4:1a: 54:1b:b0:6f:4f:f2:06:30:48:d2:b6:18:6a:b6:be:a6: ea:13:e3:04:d8:14:4e:62:fd:2b:61:fb:88:4a:67:a2: a6:db:87:1e:05:36:0f:a6:c5:a8:a9:e8:3e:f9:71:06: 81:3f:d3:6e:26:75:98:da:4a:72:d4:94:19:1e:9e:97 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:55:ae:14:0d:7f:0d:4c:88:9c:91:54:0b:90:46:30: ac:a0:79:f3:9e:4e:a7:ac:b9:9c:66:a0:a5:0f:0d:19: b6:b0:11:dc:d7:0e:9f:99:2e:5d:b8:f8:9d:fe:8e:e5: 80:e2:97:cb:af:61:18:05:6c:85:e9:ea:53:f9:55:15: f7:9d:cd:b0:85:0c:7b:b3:85:4a:c2:ea:21:db:91:17: af:c0:fd:2f:1d:19:9a:13:ec:53:77:08:16:91:2a:71: 43:43:7f:dc:aa:0b:d5:b2:c6:ec:18:00:db:a5:51:15: 35:57:04:b7:0f:5f:52:f1:ef:51:31:fd:5d:10:b3:50 Fingerprint (SHA-256): F6:FF:72:B3:D0:46:9C:6D:15:44:FB:87:97:B8:F5:4E:94:D7:56:F8:16:98:63:46:6E:CD:04:E3:E2:68:66:98 Fingerprint (SHA1): ED:ED:92:47:C2:57:11:21:9E:A7:96:C8:4F:5B:C0:AC:BE:08:25:1F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2099: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2100: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015153 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2101: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2102: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2103: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015154 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2104: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2105: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2106: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2107: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519015155 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2108: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2109: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519015156 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2110: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2111: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #2112: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2113: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2114: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015157 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519014924.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2115: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2116: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2117: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2118: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015158 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2119: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2120: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2121: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2122: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519015159 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519014925.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2123: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2124: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2125: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2126: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015160 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2127: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2128: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #2129: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #2130: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015154 (0x1eef8af2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:07:20 2015 Not After : Tue May 19 06:07:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b8:a9:8f:e4:8c:c3:19:cd:f0:ee:60:72:af:93:43: 98:48:fe:fa:bb:73:18:6f:cd:cd:72:8b:e9:b5:71:55: cb:cd:b0:2b:3f:72:b4:7f:2a:68:db:e7:56:d7:f1:21: d5:fb:e2:8f:c1:e2:3f:ac:d7:cf:f5:3f:ca:d1:03:fb: 32:d1:92:de:3f:0c:f1:7e:6a:1f:d5:ed:c5:4e:c2:f2: 63:f2:11:71:31:65:69:e8:e7:5c:d5:5e:11:9b:ee:7f: b7:4f:06:b6:83:6d:49:01:45:b7:53:83:59:f3:0e:49: 13:78:6c:46:5a:dc:d2:48:7b:16:f6:aa:b1:a0:e3:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:b2:68:e7:8d:13:4a:a1:51:ff:a1:de:f4:57:3b:2f: 4b:99:a8:9d:71:f8:73:f9:1c:f0:c0:e3:2c:9c:d2:84: 67:b4:69:a9:f9:a5:82:a4:8a:7e:79:fd:d9:eb:4a:42: 3f:96:60:3c:7f:56:09:ba:e1:81:c1:8e:3c:e2:d8:d4: 85:a3:06:ff:df:00:00:41:13:7b:4d:09:f2:48:0f:11: ea:08:93:bf:61:84:c7:ef:e4:2a:1a:34:83:6e:8c:3d: 49:b9:13:a3:77:1f:6b:ee:04:aa:99:1c:e4:57:2c:1b: 34:fb:1d:a8:53:3c:60:cd:3c:1d:36:47:75:07:0d:a0 Fingerprint (SHA-256): F5:13:16:0E:89:FC:58:1F:E4:CC:80:22:35:C5:42:51:61:8F:7A:52:12:61:33:F6:A5:6F:0F:68:43:04:39:CC Fingerprint (SHA1): 21:74:D1:4F:AF:C8:DE:26:24:4A:A6:D9:DC:B3:D3:AF:CF:F7:83:3C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2131: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015154 (0x1eef8af2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:07:20 2015 Not After : Tue May 19 06:07:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b8:a9:8f:e4:8c:c3:19:cd:f0:ee:60:72:af:93:43: 98:48:fe:fa:bb:73:18:6f:cd:cd:72:8b:e9:b5:71:55: cb:cd:b0:2b:3f:72:b4:7f:2a:68:db:e7:56:d7:f1:21: d5:fb:e2:8f:c1:e2:3f:ac:d7:cf:f5:3f:ca:d1:03:fb: 32:d1:92:de:3f:0c:f1:7e:6a:1f:d5:ed:c5:4e:c2:f2: 63:f2:11:71:31:65:69:e8:e7:5c:d5:5e:11:9b:ee:7f: b7:4f:06:b6:83:6d:49:01:45:b7:53:83:59:f3:0e:49: 13:78:6c:46:5a:dc:d2:48:7b:16:f6:aa:b1:a0:e3:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:b2:68:e7:8d:13:4a:a1:51:ff:a1:de:f4:57:3b:2f: 4b:99:a8:9d:71:f8:73:f9:1c:f0:c0:e3:2c:9c:d2:84: 67:b4:69:a9:f9:a5:82:a4:8a:7e:79:fd:d9:eb:4a:42: 3f:96:60:3c:7f:56:09:ba:e1:81:c1:8e:3c:e2:d8:d4: 85:a3:06:ff:df:00:00:41:13:7b:4d:09:f2:48:0f:11: ea:08:93:bf:61:84:c7:ef:e4:2a:1a:34:83:6e:8c:3d: 49:b9:13:a3:77:1f:6b:ee:04:aa:99:1c:e4:57:2c:1b: 34:fb:1d:a8:53:3c:60:cd:3c:1d:36:47:75:07:0d:a0 Fingerprint (SHA-256): F5:13:16:0E:89:FC:58:1F:E4:CC:80:22:35:C5:42:51:61:8F:7A:52:12:61:33:F6:A5:6F:0F:68:43:04:39:CC Fingerprint (SHA1): 21:74:D1:4F:AF:C8:DE:26:24:4A:A6:D9:DC:B3:D3:AF:CF:F7:83:3C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2132: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #2133: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015153 (0x1eef8af1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:07:18 2015 Not After : Tue May 19 06:07:18 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:28:f8:4e:84:8e:c9:11:e9:97:63:9c:bb:51:58:5b: ef:0b:f5:e9:30:a6:f7:59:c2:98:99:6a:c0:80:11:b3: dc:95:02:d8:76:ee:cb:bb:eb:1b:df:bb:f9:47:98:05: 33:77:5e:d7:a5:bd:7e:61:e2:dc:f3:51:8d:84:95:5a: 27:f3:98:3b:2a:70:89:bd:77:83:14:a4:52:f3:f3:c3: be:9c:32:cc:c3:f1:ad:ef:d6:24:38:72:d8:bb:c7:04: c1:fa:59:ea:88:e4:51:b6:4d:d6:94:49:20:e2:26:b2: 50:94:52:8a:2e:cb:a2:a1:4c:1a:85:2c:16:c9:5d:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c6:15:df:b0:ed:58:59:db:2e:62:60:3e:ec:dd:09:18: 76:69:8c:46:bb:be:7d:92:67:ae:e1:0f:60:63:de:a6: c5:99:0a:ca:60:5e:c6:f0:9f:85:c3:80:6f:8a:f9:94: 6f:bb:8c:fe:f1:e2:28:00:93:29:4f:05:ac:88:8a:e1: ee:90:93:03:6b:d4:48:1b:7a:12:2b:b1:50:11:0a:1c: ab:7e:7b:0f:5d:54:e8:b2:51:e5:8e:cd:c2:9b:01:34: df:58:49:d9:32:1b:e3:0a:76:4f:fa:10:05:2d:68:3c: 2c:52:8d:13:e1:97:16:5f:1b:58:fe:ec:30:95:d4:19 Fingerprint (SHA-256): 0C:06:B9:A6:86:17:B8:0F:51:BA:54:74:7C:8E:79:59:35:CF:44:4A:A7:CD:0B:2B:F8:BC:D6:E7:66:D0:7D:E5 Fingerprint (SHA1): 31:34:E7:37:76:73:54:A0:F5:2D:EE:AC:1F:DD:15:F3:8D:7C:D4:A8 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2134: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015154 (0x1eef8af2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:07:20 2015 Not After : Tue May 19 06:07:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b8:a9:8f:e4:8c:c3:19:cd:f0:ee:60:72:af:93:43: 98:48:fe:fa:bb:73:18:6f:cd:cd:72:8b:e9:b5:71:55: cb:cd:b0:2b:3f:72:b4:7f:2a:68:db:e7:56:d7:f1:21: d5:fb:e2:8f:c1:e2:3f:ac:d7:cf:f5:3f:ca:d1:03:fb: 32:d1:92:de:3f:0c:f1:7e:6a:1f:d5:ed:c5:4e:c2:f2: 63:f2:11:71:31:65:69:e8:e7:5c:d5:5e:11:9b:ee:7f: b7:4f:06:b6:83:6d:49:01:45:b7:53:83:59:f3:0e:49: 13:78:6c:46:5a:dc:d2:48:7b:16:f6:aa:b1:a0:e3:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:b2:68:e7:8d:13:4a:a1:51:ff:a1:de:f4:57:3b:2f: 4b:99:a8:9d:71:f8:73:f9:1c:f0:c0:e3:2c:9c:d2:84: 67:b4:69:a9:f9:a5:82:a4:8a:7e:79:fd:d9:eb:4a:42: 3f:96:60:3c:7f:56:09:ba:e1:81:c1:8e:3c:e2:d8:d4: 85:a3:06:ff:df:00:00:41:13:7b:4d:09:f2:48:0f:11: ea:08:93:bf:61:84:c7:ef:e4:2a:1a:34:83:6e:8c:3d: 49:b9:13:a3:77:1f:6b:ee:04:aa:99:1c:e4:57:2c:1b: 34:fb:1d:a8:53:3c:60:cd:3c:1d:36:47:75:07:0d:a0 Fingerprint (SHA-256): F5:13:16:0E:89:FC:58:1F:E4:CC:80:22:35:C5:42:51:61:8F:7A:52:12:61:33:F6:A5:6F:0F:68:43:04:39:CC Fingerprint (SHA1): 21:74:D1:4F:AF:C8:DE:26:24:4A:A6:D9:DC:B3:D3:AF:CF:F7:83:3C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2135: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015154 (0x1eef8af2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:07:20 2015 Not After : Tue May 19 06:07:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:b8:a9:8f:e4:8c:c3:19:cd:f0:ee:60:72:af:93:43: 98:48:fe:fa:bb:73:18:6f:cd:cd:72:8b:e9:b5:71:55: cb:cd:b0:2b:3f:72:b4:7f:2a:68:db:e7:56:d7:f1:21: d5:fb:e2:8f:c1:e2:3f:ac:d7:cf:f5:3f:ca:d1:03:fb: 32:d1:92:de:3f:0c:f1:7e:6a:1f:d5:ed:c5:4e:c2:f2: 63:f2:11:71:31:65:69:e8:e7:5c:d5:5e:11:9b:ee:7f: b7:4f:06:b6:83:6d:49:01:45:b7:53:83:59:f3:0e:49: 13:78:6c:46:5a:dc:d2:48:7b:16:f6:aa:b1:a0:e3:27 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3c:b2:68:e7:8d:13:4a:a1:51:ff:a1:de:f4:57:3b:2f: 4b:99:a8:9d:71:f8:73:f9:1c:f0:c0:e3:2c:9c:d2:84: 67:b4:69:a9:f9:a5:82:a4:8a:7e:79:fd:d9:eb:4a:42: 3f:96:60:3c:7f:56:09:ba:e1:81:c1:8e:3c:e2:d8:d4: 85:a3:06:ff:df:00:00:41:13:7b:4d:09:f2:48:0f:11: ea:08:93:bf:61:84:c7:ef:e4:2a:1a:34:83:6e:8c:3d: 49:b9:13:a3:77:1f:6b:ee:04:aa:99:1c:e4:57:2c:1b: 34:fb:1d:a8:53:3c:60:cd:3c:1d:36:47:75:07:0d:a0 Fingerprint (SHA-256): F5:13:16:0E:89:FC:58:1F:E4:CC:80:22:35:C5:42:51:61:8F:7A:52:12:61:33:F6:A5:6F:0F:68:43:04:39:CC Fingerprint (SHA1): 21:74:D1:4F:AF:C8:DE:26:24:4A:A6:D9:DC:B3:D3:AF:CF:F7:83:3C Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #2136: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #2137: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015161 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2138: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #2139: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #2140: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015162 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2141: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #2142: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #2143: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2144: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519015163 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2145: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2146: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #2147: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2148: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519015164 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2149: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2150: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #2151: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2152: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519015165 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2153: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2154: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519015166 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #2155: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2156: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #2157: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2158: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2159: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519015167 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2160: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2161: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2162: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2163: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519015168 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2164: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2165: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2166: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2167: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015169 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2168: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2169: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2170: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2171: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015170 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #2172: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2173: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2174: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015161 (0x1eef8af9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:07:48 2015 Not After : Tue May 19 06:07:48 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 95:e9:1d:5f:10:38:2a:91:21:8d:74:c9:ee:9a:a9:57: c4:3f:d3:e3:c0:70:aa:27:58:dd:d5:32:f0:d0:02:68: bb:94:2c:64:96:ab:73:ef:d3:af:7f:27:cc:b8:4e:50: 4e:3c:55:35:1a:b8:56:ad:24:3a:62:82:4f:00:7f:1e: 59:14:f2:bc:36:7c:c3:15:0c:3d:b4:a0:8d:29:5a:07: b2:5f:6f:51:ed:7c:29:7c:45:1e:84:60:b0:31:22:3f: 3d:d3:2b:ba:02:3d:66:77:5c:29:2c:22:1f:55:50:11: d5:45:ab:9e:2a:ff:6b:ff:d8:65:fb:51:a1:4a:6c:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1a:62:90:2b:59:99:4c:b2:46:38:f8:37:a6:6f:12:25: 27:8e:18:6d:e3:09:03:4d:ff:73:5a:0d:5f:f3:5b:f5: c4:52:ef:7b:45:70:97:ad:65:0e:b3:c3:07:65:e4:81: 58:c4:15:fb:1d:80:6b:10:4f:25:a3:0e:be:c6:9a:fe: 43:cc:10:d3:98:cb:aa:43:f7:0b:18:63:90:03:e7:15: 18:ed:cb:54:5f:65:de:e8:bd:28:e1:0e:97:42:a6:f6: 28:a7:75:54:43:5a:d5:dd:80:67:98:0f:0b:3e:5a:27: 18:de:09:d2:78:78:a3:23:f5:b0:46:8d:39:78:3c:ff Fingerprint (SHA-256): 9B:E1:D5:DE:C3:E8:D8:54:B9:82:53:C0:75:20:34:60:97:CA:F0:28:14:1B:B4:E7:EC:5A:F2:CF:D9:10:0D:BE Fingerprint (SHA1): 66:61:B4:24:FB:5B:E4:F3:57:8F:D7:4A:F4:83:15:42:58:37:9D:0A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #2175: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2176: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2177: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2178: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2179: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2180: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2181: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2182: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2183: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015162 (0x1eef8afa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:07:51 2015 Not After : Tue May 19 06:07:51 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:ee:dd:08:7c:a1:ef:2f:74:4e:48:13:a9:da:25:55: 74:65:56:34:f0:1a:78:d1:34:b0:3b:9f:c5:4c:12:d3: 73:3d:91:a0:94:eb:c2:5e:5b:95:b7:95:e2:b5:c8:c7: 68:29:3d:a6:6e:27:18:f3:03:08:45:63:6c:11:e8:24: 78:57:5b:c7:55:d6:7c:6f:88:05:8c:f4:fd:29:e3:bd: 47:7f:55:25:eb:9d:9c:80:63:8c:24:eb:9d:d5:0a:25: b0:e5:1a:b1:12:2d:1f:14:9a:59:9a:31:74:1c:0a:02: 89:65:77:16:29:bc:ec:26:04:c0:68:ae:8d:9d:17:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 49:f2:6e:a3:bc:71:a8:91:37:e4:8a:ee:16:ad:07:1d: 87:0e:45:0c:f9:33:ed:b3:7a:ba:02:b9:eb:a6:d4:dc: 4f:6d:88:75:75:b8:3d:7c:fe:6a:2b:16:d4:2c:fc:0a: 78:42:09:12:fd:71:9b:d0:d3:83:63:2d:45:99:eb:ff: 3f:d4:32:be:f5:8d:9e:50:17:03:3d:a0:8f:fc:17:06: eb:96:22:48:9b:2a:3e:a8:15:45:08:4c:38:90:e6:b2: 52:7c:06:45:b6:8f:2b:13:38:8f:47:97:c0:69:fa:83: 0f:65:08:44:ee:d5:1d:32:29:e4:f7:56:bf:df:5a:67 Fingerprint (SHA-256): B2:14:EB:F1:21:F0:BB:B4:AB:43:C7:E5:D4:2E:11:AF:B4:8F:92:5F:32:88:F7:B7:19:8A:67:FA:10:3F:77:4A Fingerprint (SHA1): 49:49:FD:85:D7:7D:54:2F:93:D5:FD:73:CC:7B:DD:17:8C:7B:EB:D3 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #2184: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2185: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2186: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2187: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2188: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #2189: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2190: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #2191: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #2192: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #2193: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #2194: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #2195: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #2196: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #2197: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2198: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #2199: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2200: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #2201: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2202: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015171 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2203: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2204: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2205: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2206: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519015172 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2207: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2208: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2209: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2210: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519015173 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2211: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2212: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2213: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2214: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519015174 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2215: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2216: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2217: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2218: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519015175 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2219: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2220: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #2221: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2222: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519015176 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2223: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2224: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #2225: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2226: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519015177 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2227: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2228: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #2229: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2230: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519015178 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2231: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2232: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #2233: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2234: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519015179 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2235: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2236: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2237: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015171 (0x1eef8b03) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:08:35 2015 Not After : Tue May 19 06:08:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 44:94:85:21:cb:64:70:43:19:3b:1e:57:25:7f:11:cd: 8d:21:bf:4b:c9:b2:9e:2d:ca:7d:18:e5:6f:6d:f5:54: 5e:f7:e3:25:a7:f6:ed:f2:dc:5d:bd:c3:17:02:80:91: 78:da:63:a0:98:87:1e:c9:44:3c:3f:ab:3d:fa:9e:bd: 9c:ac:a1:38:58:20:e5:b5:64:3e:e5:22:d3:4d:4a:f7: d8:80:2f:78:9b:f1:a3:af:18:e1:da:09:d3:9a:c5:1f: 94:a2:f6:b2:ee:02:87:41:16:14:18:ae:11:e2:9a:c3: e0:0d:4e:22:4b:a5:27:6c:1e:d6:02:20:15:6a:08:7a Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:3f:25:a1:60:88:49:a0:cf:16:79:17:28: b0:a6:d2:fd:85:1b:54:71:02:14:7e:a3:aa:71:09:92: 58:04:c0:80:ff:e7:f3:99:5a:06:cc:3c:ff:79 Fingerprint (SHA-256): A3:04:D5:62:E3:5B:78:49:FC:A5:42:97:6C:6B:83:43:4E:92:2A:8E:86:73:12:77:06:D5:CC:81:C4:33:63:02 Fingerprint (SHA1): EE:FB:06:14:36:4C:34:45:28:5A:6C:20:E6:A7:6D:AD:B5:A2:DF:20 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2238: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015171 (0x1eef8b03) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:08:35 2015 Not After : Tue May 19 06:08:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 44:94:85:21:cb:64:70:43:19:3b:1e:57:25:7f:11:cd: 8d:21:bf:4b:c9:b2:9e:2d:ca:7d:18:e5:6f:6d:f5:54: 5e:f7:e3:25:a7:f6:ed:f2:dc:5d:bd:c3:17:02:80:91: 78:da:63:a0:98:87:1e:c9:44:3c:3f:ab:3d:fa:9e:bd: 9c:ac:a1:38:58:20:e5:b5:64:3e:e5:22:d3:4d:4a:f7: d8:80:2f:78:9b:f1:a3:af:18:e1:da:09:d3:9a:c5:1f: 94:a2:f6:b2:ee:02:87:41:16:14:18:ae:11:e2:9a:c3: e0:0d:4e:22:4b:a5:27:6c:1e:d6:02:20:15:6a:08:7a Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:3f:25:a1:60:88:49:a0:cf:16:79:17:28: b0:a6:d2:fd:85:1b:54:71:02:14:7e:a3:aa:71:09:92: 58:04:c0:80:ff:e7:f3:99:5a:06:cc:3c:ff:79 Fingerprint (SHA-256): A3:04:D5:62:E3:5B:78:49:FC:A5:42:97:6C:6B:83:43:4E:92:2A:8E:86:73:12:77:06:D5:CC:81:C4:33:63:02 Fingerprint (SHA1): EE:FB:06:14:36:4C:34:45:28:5A:6C:20:E6:A7:6D:AD:B5:A2:DF:20 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #2239: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015171 (0x1eef8b03) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:08:35 2015 Not After : Tue May 19 06:08:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 44:94:85:21:cb:64:70:43:19:3b:1e:57:25:7f:11:cd: 8d:21:bf:4b:c9:b2:9e:2d:ca:7d:18:e5:6f:6d:f5:54: 5e:f7:e3:25:a7:f6:ed:f2:dc:5d:bd:c3:17:02:80:91: 78:da:63:a0:98:87:1e:c9:44:3c:3f:ab:3d:fa:9e:bd: 9c:ac:a1:38:58:20:e5:b5:64:3e:e5:22:d3:4d:4a:f7: d8:80:2f:78:9b:f1:a3:af:18:e1:da:09:d3:9a:c5:1f: 94:a2:f6:b2:ee:02:87:41:16:14:18:ae:11:e2:9a:c3: e0:0d:4e:22:4b:a5:27:6c:1e:d6:02:20:15:6a:08:7a Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:3f:25:a1:60:88:49:a0:cf:16:79:17:28: b0:a6:d2:fd:85:1b:54:71:02:14:7e:a3:aa:71:09:92: 58:04:c0:80:ff:e7:f3:99:5a:06:cc:3c:ff:79 Fingerprint (SHA-256): A3:04:D5:62:E3:5B:78:49:FC:A5:42:97:6C:6B:83:43:4E:92:2A:8E:86:73:12:77:06:D5:CC:81:C4:33:63:02 Fingerprint (SHA1): EE:FB:06:14:36:4C:34:45:28:5A:6C:20:E6:A7:6D:AD:B5:A2:DF:20 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #2240: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015171 (0x1eef8b03) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:08:35 2015 Not After : Tue May 19 06:08:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 44:94:85:21:cb:64:70:43:19:3b:1e:57:25:7f:11:cd: 8d:21:bf:4b:c9:b2:9e:2d:ca:7d:18:e5:6f:6d:f5:54: 5e:f7:e3:25:a7:f6:ed:f2:dc:5d:bd:c3:17:02:80:91: 78:da:63:a0:98:87:1e:c9:44:3c:3f:ab:3d:fa:9e:bd: 9c:ac:a1:38:58:20:e5:b5:64:3e:e5:22:d3:4d:4a:f7: d8:80:2f:78:9b:f1:a3:af:18:e1:da:09:d3:9a:c5:1f: 94:a2:f6:b2:ee:02:87:41:16:14:18:ae:11:e2:9a:c3: e0:0d:4e:22:4b:a5:27:6c:1e:d6:02:20:15:6a:08:7a Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:3f:25:a1:60:88:49:a0:cf:16:79:17:28: b0:a6:d2:fd:85:1b:54:71:02:14:7e:a3:aa:71:09:92: 58:04:c0:80:ff:e7:f3:99:5a:06:cc:3c:ff:79 Fingerprint (SHA-256): A3:04:D5:62:E3:5B:78:49:FC:A5:42:97:6C:6B:83:43:4E:92:2A:8E:86:73:12:77:06:D5:CC:81:C4:33:63:02 Fingerprint (SHA1): EE:FB:06:14:36:4C:34:45:28:5A:6C:20:E6:A7:6D:AD:B5:A2:DF:20 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #2241: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2242: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2243: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2244: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2245: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2246: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2247: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2248: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2249: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2250: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2251: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2252: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2253: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2254: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2255: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2256: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #2257: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2258: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2259: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2260: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2261: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2262: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2263: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2264: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2265: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2266: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2267: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2268: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519060926Z nextupdate=20160519060926Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:09:26 2015 Next Update: Thu May 19 06:09:26 2016 CRL Extensions: chains.sh: #2269: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519060926Z nextupdate=20160519060926Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:09:26 2015 Next Update: Thu May 19 06:09:26 2016 CRL Extensions: chains.sh: #2270: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519060927Z nextupdate=20160519060927Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:09:27 2015 Next Update: Thu May 19 06:09:27 2016 CRL Extensions: chains.sh: #2271: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519060927Z nextupdate=20160519060927Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:09:27 2015 Next Update: Thu May 19 06:09:27 2016 CRL Extensions: chains.sh: #2272: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519060928Z addcert 14 20150519060928Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:09:28 2015 Next Update: Thu May 19 06:09:27 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 06:09:28 2015 CRL Extensions: chains.sh: #2273: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519060929Z addcert 15 20150519060929Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:09:29 2015 Next Update: Thu May 19 06:09:26 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 06:09:29 2015 CRL Extensions: chains.sh: #2274: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2275: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2276: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2277: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #2278: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #2279: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #2280: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #2281: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #2282: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #2283: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:09:04 2015 Not After : Tue May 19 06:09:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:2f:8b:ee:da:ea:8e:27:a4:38:e4:76:72:ae:f5:ed: fb:18:23:21:5a:53:04:08:66:fd:13:51:e4:a0:84:55: 6c:fb:a3:98:1a:60:25:ff:d7:7b:c2:88:c8:83:a9:af: 4f:89:1b:bb:af:38:e7:40:fd:64:87:2c:87:ac:8e:85: 08:21:66:6b:95:be:e7:da:05:ca:55:b9:f4:49:a7:cf: ca:de:9d:47:09:10:8e:de:83:49:8a:eb:af:e2:6b:a5: 75:95:4a:5f:7c:eb:0e:90:e6:70:36:63:f0:55:83:3b: 6d:ad:a8:68:ef:a4:23:9f:b0:0f:47:9a:c9:5c:88:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:9b:a4:2b:9d:9d:f0:74:aa:5e:73:d8:e4:8d:89:c1: 2e:5f:55:7a:32:c4:0f:48:74:db:59:af:df:1b:ae:dc: 42:02:35:57:fc:4b:48:35:97:47:b6:22:e8:26:ff:0d: 02:be:0b:d3:6e:f9:4f:44:86:d7:72:f7:df:6a:16:82: b4:c5:e9:a9:39:9f:e0:87:f4:94:5e:78:04:6f:1e:f8: b5:62:ee:5c:b6:b8:88:47:2d:c7:40:3f:b8:a8:f4:e2: a4:36:a3:71:08:03:b2:5f:74:7c:ee:88:4e:54:99:05: 2b:0b:91:61:91:65:12:74:0d:ee:d4:39:af:1d:80:72 Fingerprint (SHA-256): AC:C2:6F:1C:AB:EC:E6:02:C5:95:C3:87:D2:81:07:6B:C3:30:CC:2E:D6:1A:74:DC:CA:D3:75:E9:C3:EB:1D:C9 Fingerprint (SHA1): B7:42:74:2F:76:F4:62:6E:AB:AF:F8:62:18:53:AA:85:C5:16:CA:63 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2284: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2285: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:09:04 2015 Not After : Tue May 19 06:09:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:2f:8b:ee:da:ea:8e:27:a4:38:e4:76:72:ae:f5:ed: fb:18:23:21:5a:53:04:08:66:fd:13:51:e4:a0:84:55: 6c:fb:a3:98:1a:60:25:ff:d7:7b:c2:88:c8:83:a9:af: 4f:89:1b:bb:af:38:e7:40:fd:64:87:2c:87:ac:8e:85: 08:21:66:6b:95:be:e7:da:05:ca:55:b9:f4:49:a7:cf: ca:de:9d:47:09:10:8e:de:83:49:8a:eb:af:e2:6b:a5: 75:95:4a:5f:7c:eb:0e:90:e6:70:36:63:f0:55:83:3b: 6d:ad:a8:68:ef:a4:23:9f:b0:0f:47:9a:c9:5c:88:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:9b:a4:2b:9d:9d:f0:74:aa:5e:73:d8:e4:8d:89:c1: 2e:5f:55:7a:32:c4:0f:48:74:db:59:af:df:1b:ae:dc: 42:02:35:57:fc:4b:48:35:97:47:b6:22:e8:26:ff:0d: 02:be:0b:d3:6e:f9:4f:44:86:d7:72:f7:df:6a:16:82: b4:c5:e9:a9:39:9f:e0:87:f4:94:5e:78:04:6f:1e:f8: b5:62:ee:5c:b6:b8:88:47:2d:c7:40:3f:b8:a8:f4:e2: a4:36:a3:71:08:03:b2:5f:74:7c:ee:88:4e:54:99:05: 2b:0b:91:61:91:65:12:74:0d:ee:d4:39:af:1d:80:72 Fingerprint (SHA-256): AC:C2:6F:1C:AB:EC:E6:02:C5:95:C3:87:D2:81:07:6B:C3:30:CC:2E:D6:1A:74:DC:CA:D3:75:E9:C3:EB:1D:C9 Fingerprint (SHA1): B7:42:74:2F:76:F4:62:6E:AB:AF:F8:62:18:53:AA:85:C5:16:CA:63 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2286: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2287: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #2288: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015180 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2289: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #2290: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #2291: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2292: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519015181 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2293: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2294: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2295: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014952.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2296: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014926.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2297: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2298: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #2299: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014952.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2300: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519015182 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2301: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2302: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2303: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014952.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2304: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014927.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2305: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2306: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #2307: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2308: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519015183 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2309: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2310: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2311: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014952.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2312: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014928.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2313: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2314: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2315: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519014952.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #2316: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519014929.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #2317: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2318: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519061001Z nextupdate=20160519061001Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:10:01 2015 Next Update: Thu May 19 06:10:01 2016 CRL Extensions: chains.sh: #2319: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519061001Z nextupdate=20160519061001Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:10:01 2015 Next Update: Thu May 19 06:10:01 2016 CRL Extensions: chains.sh: #2320: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519061002Z nextupdate=20160519061002Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:10:02 2015 Next Update: Thu May 19 06:10:02 2016 CRL Extensions: chains.sh: #2321: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519061002Z nextupdate=20160519061002Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:10:02 2015 Next Update: Thu May 19 06:10:02 2016 CRL Extensions: chains.sh: #2322: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519061003Z addcert 20 20150519061003Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:10:03 2015 Next Update: Thu May 19 06:10:01 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:10:03 2015 CRL Extensions: chains.sh: #2323: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519061004Z addcert 40 20150519061004Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:10:04 2015 Next Update: Thu May 19 06:10:01 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:10:03 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 06:10:04 2015 CRL Extensions: chains.sh: #2324: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #2325: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2326: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #2327: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015180 (0x1eef8b0c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:09:39 2015 Not After : Tue May 19 06:09:39 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:4d:d0:ec:8d:66:ff:79:65:4e:8f:4e:2d:a0:e4:87: e7:66:83:59:23:81:ae:ac:16:3e:03:e8:1a:f6:dd:b6: d1:af:a0:32:4d:34:46:88:30:c5:fd:07:48:32:17:13: 3b:22:ad:fd:6b:6c:5b:97:2d:4c:0e:82:22:d1:1d:c1: ab:38:3f:db:43:a2:d3:7b:ba:a3:4c:09:d3:12:e3:47: ac:9c:48:e9:c6:55:e6:5a:e3:c0:59:2a:9d:07:a7:66: 19:a2:8d:fb:4c:53:3c:17:16:a6:79:e0:49:9d:a7:06: 93:f4:1d:dd:25:78:73:e4:21:e1:1d:69:c7:53:42:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:c8:5f:c6:68:43:e7:71:fe:ca:db:db:b0:36:24:75: df:b6:c5:1b:6f:3a:80:ff:3e:2f:48:68:8f:dd:5f:96: ce:7c:8f:d8:42:24:c4:f9:e4:1e:c6:9c:c5:40:d1:33: ee:b2:54:d8:5c:8d:be:ed:bc:67:53:f1:df:d1:2d:e6: 0d:d8:7f:3d:ea:5f:02:eb:f1:b4:dd:b9:53:e6:ad:00: 3e:0f:6a:fa:a6:1d:39:34:a2:07:04:43:ec:56:99:22: 3f:63:39:06:c6:c2:50:65:6a:4e:53:eb:6d:12:08:2f: 6a:36:22:07:8e:42:7b:cf:bb:0d:86:d6:be:e8:49:74 Fingerprint (SHA-256): 08:3B:2D:C6:EC:C0:5B:00:F6:5F:30:0D:A8:2B:3C:1F:4B:4C:35:A3:3F:36:0B:62:75:4D:3B:93:36:67:67:46 Fingerprint (SHA1): F8:36:5B:6F:92:2F:B6:9F:1E:A5:7C:80:C7:A8:1D:52:FD:57:AC:8E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2328: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2329: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015180 (0x1eef8b0c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:09:39 2015 Not After : Tue May 19 06:09:39 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:4d:d0:ec:8d:66:ff:79:65:4e:8f:4e:2d:a0:e4:87: e7:66:83:59:23:81:ae:ac:16:3e:03:e8:1a:f6:dd:b6: d1:af:a0:32:4d:34:46:88:30:c5:fd:07:48:32:17:13: 3b:22:ad:fd:6b:6c:5b:97:2d:4c:0e:82:22:d1:1d:c1: ab:38:3f:db:43:a2:d3:7b:ba:a3:4c:09:d3:12:e3:47: ac:9c:48:e9:c6:55:e6:5a:e3:c0:59:2a:9d:07:a7:66: 19:a2:8d:fb:4c:53:3c:17:16:a6:79:e0:49:9d:a7:06: 93:f4:1d:dd:25:78:73:e4:21:e1:1d:69:c7:53:42:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:c8:5f:c6:68:43:e7:71:fe:ca:db:db:b0:36:24:75: df:b6:c5:1b:6f:3a:80:ff:3e:2f:48:68:8f:dd:5f:96: ce:7c:8f:d8:42:24:c4:f9:e4:1e:c6:9c:c5:40:d1:33: ee:b2:54:d8:5c:8d:be:ed:bc:67:53:f1:df:d1:2d:e6: 0d:d8:7f:3d:ea:5f:02:eb:f1:b4:dd:b9:53:e6:ad:00: 3e:0f:6a:fa:a6:1d:39:34:a2:07:04:43:ec:56:99:22: 3f:63:39:06:c6:c2:50:65:6a:4e:53:eb:6d:12:08:2f: 6a:36:22:07:8e:42:7b:cf:bb:0d:86:d6:be:e8:49:74 Fingerprint (SHA-256): 08:3B:2D:C6:EC:C0:5B:00:F6:5F:30:0D:A8:2B:3C:1F:4B:4C:35:A3:3F:36:0B:62:75:4D:3B:93:36:67:67:46 Fingerprint (SHA1): F8:36:5B:6F:92:2F:B6:9F:1E:A5:7C:80:C7:A8:1D:52:FD:57:AC:8E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #2330: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #2331: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #2332: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015184 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2333: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #2334: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #2335: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2336: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519015185 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2337: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2338: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #2339: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2340: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519015186 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2341: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2342: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #2343: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2344: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519015187 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2345: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2346: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #2347: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -m 519015188 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2348: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #2349: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #2350: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #2351: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519015189 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2352: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2353: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #2354: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #2355: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519015190 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cu_data === Certutil input data === === chains.sh: #2356: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #2357: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #2358: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #2359: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #2360: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015184 (0x1eef8b10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:10:11 2015 Not After : Tue May 19 06:10:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:d3:89:13:f2:4d:b6:05:a3:55:8e:66:a9:0f:ca:6b: 5d:eb:eb:20:7b:9d:b2:e9:13:94:d4:ce:4e:54:2a:fd: 3d:1c:e7:17:f9:84:81:38:d7:c2:55:fb:3d:35:77:6f: b1:9d:c8:51:15:9d:18:71:d6:90:0e:48:25:cc:70:6d: fa:d9:ab:d1:6f:83:a6:ad:11:e7:16:11:f7:6d:59:26: 25:e7:3d:05:b4:cc:30:d2:ee:d5:0e:1a:03:56:ee:9e: 6b:22:ef:7b:d5:c3:c7:50:61:af:ad:2f:59:f7:2d:1a: c9:80:24:20:d4:eb:37:1e:45:c0:df:f1:59:51:60:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:9a:16:4f:2d:5a:5b:85:fb:4e:08:7b:4c:70:58:ac: 1c:2d:52:f8:78:14:30:7f:c3:83:3e:d5:32:aa:df:50: e9:e1:d3:1a:78:77:71:7a:92:6a:40:97:f9:cb:4a:5f: b7:51:c2:1f:79:c2:07:e6:57:37:82:ef:fa:a7:bb:90: fd:3a:74:03:0a:b6:7e:df:cf:1e:7e:d8:c5:63:d4:b4: e9:10:cc:c7:22:38:c6:02:5b:96:48:67:17:f3:01:f3: aa:8e:e2:06:90:60:55:bc:36:50:25:e1:7b:34:5d:de: 12:97:b0:6b:59:b4:d5:b8:ee:1d:74:3f:ee:aa:2e:a4 Fingerprint (SHA-256): A7:DB:D6:91:48:89:80:B3:D6:2A:E8:0C:A1:A0:5B:60:06:6E:C4:3B:8D:2D:98:9C:32:31:10:05:62:FD:24:1C Fingerprint (SHA1): 22:D2:B3:F4:9F:7F:FD:1A:57:BF:CA:62:AF:43:D8:00:81:1A:C3:D0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2361: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015186 (0x1eef8b12) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:10:16 2015 Not After : Tue May 19 06:10:16 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:a2:96:f9:dc:85:2b:21:31:03:48:33:dc:82:13:55: af:85:2b:34:92:4e:c1:5a:38:34:59:20:46:51:14:5a: 24:19:73:30:69:e6:7c:d1:22:e9:a8:9f:d2:2f:06:e5: 58:fe:b5:14:cb:14:55:ce:39:81:ee:00:78:69:0e:36: 85:47:d5:d3:98:90:ab:c6:0c:4e:9d:d1:b4:0b:d1:da: 06:5b:f6:fd:ce:66:9e:24:dc:1f:92:97:5a:0d:9d:71: ec:f1:c3:3b:cf:95:34:7e:31:e4:ef:d7:99:be:14:59: 9c:5b:7f:80:8e:dc:4d:db:aa:e9:4e:cf:55:aa:75:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:45:e0:64:9d:a4:ba:66:04:67:14:d9:ee:09:57:bf: 59:34:37:77:77:c9:56:29:1c:6c:3b:7b:4e:10:37:2d: 3a:f0:07:81:3e:0e:20:68:e3:fc:b8:e6:7d:b8:d1:15: ee:5e:99:56:0a:85:75:5a:07:11:81:c9:ce:81:33:50: 24:e1:86:3f:8e:86:bd:d0:ec:5e:0b:bd:10:a0:57:27: 34:7b:62:96:88:c6:ab:6d:f5:9e:59:10:56:ce:79:32: 3c:c2:0a:2d:a1:06:0c:18:44:63:d6:1c:35:51:51:5e: bb:d3:8b:2d:87:7c:bc:c1:5f:f6:16:06:d4:67:6a:da Fingerprint (SHA-256): 8A:F5:D8:C5:40:BF:B6:F3:ED:2B:F4:0F:02:98:0C:D0:FD:3B:E2:6A:A6:D0:41:19:78:F2:D6:B4:BF:2A:3D:F3 Fingerprint (SHA1): 1A:72:1C:EC:62:77:9E:C1:06:D2:D2:3B:11:22:D2:F6:C6:B0:A0:A9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2362: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015184 (0x1eef8b10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:10:11 2015 Not After : Tue May 19 06:10:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:d3:89:13:f2:4d:b6:05:a3:55:8e:66:a9:0f:ca:6b: 5d:eb:eb:20:7b:9d:b2:e9:13:94:d4:ce:4e:54:2a:fd: 3d:1c:e7:17:f9:84:81:38:d7:c2:55:fb:3d:35:77:6f: b1:9d:c8:51:15:9d:18:71:d6:90:0e:48:25:cc:70:6d: fa:d9:ab:d1:6f:83:a6:ad:11:e7:16:11:f7:6d:59:26: 25:e7:3d:05:b4:cc:30:d2:ee:d5:0e:1a:03:56:ee:9e: 6b:22:ef:7b:d5:c3:c7:50:61:af:ad:2f:59:f7:2d:1a: c9:80:24:20:d4:eb:37:1e:45:c0:df:f1:59:51:60:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:9a:16:4f:2d:5a:5b:85:fb:4e:08:7b:4c:70:58:ac: 1c:2d:52:f8:78:14:30:7f:c3:83:3e:d5:32:aa:df:50: e9:e1:d3:1a:78:77:71:7a:92:6a:40:97:f9:cb:4a:5f: b7:51:c2:1f:79:c2:07:e6:57:37:82:ef:fa:a7:bb:90: fd:3a:74:03:0a:b6:7e:df:cf:1e:7e:d8:c5:63:d4:b4: e9:10:cc:c7:22:38:c6:02:5b:96:48:67:17:f3:01:f3: aa:8e:e2:06:90:60:55:bc:36:50:25:e1:7b:34:5d:de: 12:97:b0:6b:59:b4:d5:b8:ee:1d:74:3f:ee:aa:2e:a4 Fingerprint (SHA-256): A7:DB:D6:91:48:89:80:B3:D6:2A:E8:0C:A1:A0:5B:60:06:6E:C4:3B:8D:2D:98:9C:32:31:10:05:62:FD:24:1C Fingerprint (SHA1): 22:D2:B3:F4:9F:7F:FD:1A:57:BF:CA:62:AF:43:D8:00:81:1A:C3:D0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2363: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #2364: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015184 (0x1eef8b10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:10:11 2015 Not After : Tue May 19 06:10:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:d3:89:13:f2:4d:b6:05:a3:55:8e:66:a9:0f:ca:6b: 5d:eb:eb:20:7b:9d:b2:e9:13:94:d4:ce:4e:54:2a:fd: 3d:1c:e7:17:f9:84:81:38:d7:c2:55:fb:3d:35:77:6f: b1:9d:c8:51:15:9d:18:71:d6:90:0e:48:25:cc:70:6d: fa:d9:ab:d1:6f:83:a6:ad:11:e7:16:11:f7:6d:59:26: 25:e7:3d:05:b4:cc:30:d2:ee:d5:0e:1a:03:56:ee:9e: 6b:22:ef:7b:d5:c3:c7:50:61:af:ad:2f:59:f7:2d:1a: c9:80:24:20:d4:eb:37:1e:45:c0:df:f1:59:51:60:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:9a:16:4f:2d:5a:5b:85:fb:4e:08:7b:4c:70:58:ac: 1c:2d:52:f8:78:14:30:7f:c3:83:3e:d5:32:aa:df:50: e9:e1:d3:1a:78:77:71:7a:92:6a:40:97:f9:cb:4a:5f: b7:51:c2:1f:79:c2:07:e6:57:37:82:ef:fa:a7:bb:90: fd:3a:74:03:0a:b6:7e:df:cf:1e:7e:d8:c5:63:d4:b4: e9:10:cc:c7:22:38:c6:02:5b:96:48:67:17:f3:01:f3: aa:8e:e2:06:90:60:55:bc:36:50:25:e1:7b:34:5d:de: 12:97:b0:6b:59:b4:d5:b8:ee:1d:74:3f:ee:aa:2e:a4 Fingerprint (SHA-256): A7:DB:D6:91:48:89:80:B3:D6:2A:E8:0C:A1:A0:5B:60:06:6E:C4:3B:8D:2D:98:9C:32:31:10:05:62:FD:24:1C Fingerprint (SHA1): 22:D2:B3:F4:9F:7F:FD:1A:57:BF:CA:62:AF:43:D8:00:81:1A:C3:D0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2365: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015186 (0x1eef8b12) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:10:16 2015 Not After : Tue May 19 06:10:16 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:a2:96:f9:dc:85:2b:21:31:03:48:33:dc:82:13:55: af:85:2b:34:92:4e:c1:5a:38:34:59:20:46:51:14:5a: 24:19:73:30:69:e6:7c:d1:22:e9:a8:9f:d2:2f:06:e5: 58:fe:b5:14:cb:14:55:ce:39:81:ee:00:78:69:0e:36: 85:47:d5:d3:98:90:ab:c6:0c:4e:9d:d1:b4:0b:d1:da: 06:5b:f6:fd:ce:66:9e:24:dc:1f:92:97:5a:0d:9d:71: ec:f1:c3:3b:cf:95:34:7e:31:e4:ef:d7:99:be:14:59: 9c:5b:7f:80:8e:dc:4d:db:aa:e9:4e:cf:55:aa:75:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:45:e0:64:9d:a4:ba:66:04:67:14:d9:ee:09:57:bf: 59:34:37:77:77:c9:56:29:1c:6c:3b:7b:4e:10:37:2d: 3a:f0:07:81:3e:0e:20:68:e3:fc:b8:e6:7d:b8:d1:15: ee:5e:99:56:0a:85:75:5a:07:11:81:c9:ce:81:33:50: 24:e1:86:3f:8e:86:bd:d0:ec:5e:0b:bd:10:a0:57:27: 34:7b:62:96:88:c6:ab:6d:f5:9e:59:10:56:ce:79:32: 3c:c2:0a:2d:a1:06:0c:18:44:63:d6:1c:35:51:51:5e: bb:d3:8b:2d:87:7c:bc:c1:5f:f6:16:06:d4:67:6a:da Fingerprint (SHA-256): 8A:F5:D8:C5:40:BF:B6:F3:ED:2B:F4:0F:02:98:0C:D0:FD:3B:E2:6A:A6:D0:41:19:78:F2:D6:B4:BF:2A:3D:F3 Fingerprint (SHA1): 1A:72:1C:EC:62:77:9E:C1:06:D2:D2:3B:11:22:D2:F6:C6:B0:A0:A9 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #2366: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #2367: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #2368: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #2369: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015184 (0x1eef8b10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:10:11 2015 Not After : Tue May 19 06:10:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:d3:89:13:f2:4d:b6:05:a3:55:8e:66:a9:0f:ca:6b: 5d:eb:eb:20:7b:9d:b2:e9:13:94:d4:ce:4e:54:2a:fd: 3d:1c:e7:17:f9:84:81:38:d7:c2:55:fb:3d:35:77:6f: b1:9d:c8:51:15:9d:18:71:d6:90:0e:48:25:cc:70:6d: fa:d9:ab:d1:6f:83:a6:ad:11:e7:16:11:f7:6d:59:26: 25:e7:3d:05:b4:cc:30:d2:ee:d5:0e:1a:03:56:ee:9e: 6b:22:ef:7b:d5:c3:c7:50:61:af:ad:2f:59:f7:2d:1a: c9:80:24:20:d4:eb:37:1e:45:c0:df:f1:59:51:60:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:9a:16:4f:2d:5a:5b:85:fb:4e:08:7b:4c:70:58:ac: 1c:2d:52:f8:78:14:30:7f:c3:83:3e:d5:32:aa:df:50: e9:e1:d3:1a:78:77:71:7a:92:6a:40:97:f9:cb:4a:5f: b7:51:c2:1f:79:c2:07:e6:57:37:82:ef:fa:a7:bb:90: fd:3a:74:03:0a:b6:7e:df:cf:1e:7e:d8:c5:63:d4:b4: e9:10:cc:c7:22:38:c6:02:5b:96:48:67:17:f3:01:f3: aa:8e:e2:06:90:60:55:bc:36:50:25:e1:7b:34:5d:de: 12:97:b0:6b:59:b4:d5:b8:ee:1d:74:3f:ee:aa:2e:a4 Fingerprint (SHA-256): A7:DB:D6:91:48:89:80:B3:D6:2A:E8:0C:A1:A0:5B:60:06:6E:C4:3B:8D:2D:98:9C:32:31:10:05:62:FD:24:1C Fingerprint (SHA1): 22:D2:B3:F4:9F:7F:FD:1A:57:BF:CA:62:AF:43:D8:00:81:1A:C3:D0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2370: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015188 (0x1eef8b14) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:10:22 2015 Not After : Tue May 19 06:10:22 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e0:5b:5b:af:bb:62:f0:4a:6e:cf:3f:6f:58:d4:63:12: 33:88:1b:0c:28:52:f8:68:1d:41:b2:64:7d:b5:bc:6b: 1b:f2:cd:73:5a:6c:54:eb:4e:5c:5d:dc:c5:95:8b:c0: 1d:dc:7b:57:fe:be:8f:7e:d6:54:3f:a8:62:ac:f4:08: d3:ba:6b:59:ad:66:76:f8:c1:70:d7:ea:2b:a1:60:c0: af:f3:c3:36:99:a3:75:66:7c:ac:e9:a4:54:94:63:df: e5:59:29:87:bb:82:70:8a:b4:52:3f:17:d6:0f:25:9f: 40:3b:d9:10:dc:d0:c1:d1:31:67:7d:e5:91:36:34:d9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c7:40:84:54:1c:bd:a6:d6:b4:cb:dc:31:9f:fb:83:dd: 79:33:40:51:77:62:93:ae:aa:04:44:db:15:c7:10:b7: 8d:80:ed:62:06:0f:6e:a0:0a:44:02:49:9b:47:8a:e2: e0:19:9a:e0:3a:e2:d8:d5:24:6c:0e:92:04:5e:1d:b5: bf:2b:24:8f:73:77:bc:cb:b3:11:13:cc:28:2e:12:6f: 8f:9a:cc:a7:3e:88:5e:55:ed:5b:c6:a0:5a:bc:95:4f: 59:a7:f6:38:c0:82:53:8a:90:c9:55:58:b7:3e:39:25: 41:57:ae:5d:a7:5a:0a:f8:c5:2a:49:cd:fb:04:a9:8a Fingerprint (SHA-256): C3:3F:A7:BF:24:95:23:68:A3:CF:1E:46:01:51:23:25:27:1D:F5:FC:BD:EB:74:61:1B:EB:53:AF:07:C8:3E:46 Fingerprint (SHA1): D8:61:F0:19:16:13:7A:07:54:E2:AA:BC:77:19:4A:B0:FA:D3:88:6F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #2371: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015184 (0x1eef8b10) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:10:11 2015 Not After : Tue May 19 06:10:11 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:d3:89:13:f2:4d:b6:05:a3:55:8e:66:a9:0f:ca:6b: 5d:eb:eb:20:7b:9d:b2:e9:13:94:d4:ce:4e:54:2a:fd: 3d:1c:e7:17:f9:84:81:38:d7:c2:55:fb:3d:35:77:6f: b1:9d:c8:51:15:9d:18:71:d6:90:0e:48:25:cc:70:6d: fa:d9:ab:d1:6f:83:a6:ad:11:e7:16:11:f7:6d:59:26: 25:e7:3d:05:b4:cc:30:d2:ee:d5:0e:1a:03:56:ee:9e: 6b:22:ef:7b:d5:c3:c7:50:61:af:ad:2f:59:f7:2d:1a: c9:80:24:20:d4:eb:37:1e:45:c0:df:f1:59:51:60:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:9a:16:4f:2d:5a:5b:85:fb:4e:08:7b:4c:70:58:ac: 1c:2d:52:f8:78:14:30:7f:c3:83:3e:d5:32:aa:df:50: e9:e1:d3:1a:78:77:71:7a:92:6a:40:97:f9:cb:4a:5f: b7:51:c2:1f:79:c2:07:e6:57:37:82:ef:fa:a7:bb:90: fd:3a:74:03:0a:b6:7e:df:cf:1e:7e:d8:c5:63:d4:b4: e9:10:cc:c7:22:38:c6:02:5b:96:48:67:17:f3:01:f3: aa:8e:e2:06:90:60:55:bc:36:50:25:e1:7b:34:5d:de: 12:97:b0:6b:59:b4:d5:b8:ee:1d:74:3f:ee:aa:2e:a4 Fingerprint (SHA-256): A7:DB:D6:91:48:89:80:B3:D6:2A:E8:0C:A1:A0:5B:60:06:6E:C4:3B:8D:2D:98:9C:32:31:10:05:62:FD:24:1C Fingerprint (SHA1): 22:D2:B3:F4:9F:7F:FD:1A:57:BF:CA:62:AF:43:D8:00:81:1A:C3:D0 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #2372: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #2373: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #2374: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #2375: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #2376: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #2377: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519015189 (0x1eef8b15) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:10:26 2015 Not After : Tue May 19 06:10:26 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:81:7a:f0:3b:56:1d:bf:f2:4f:a1:d6:96:a4:d8:e8: 97:8f:f8:56:38:0d:de:2e:86:f9:03:17:cd:5a:9e:97: 53:6c:20:3d:cc:bd:e8:63:f7:2a:c8:79:a3:d1:ee:d2: ab:a7:d3:89:75:60:1b:92:c8:65:84:a0:34:bd:e9:da: 44:29:0f:15:d0:87:b1:d7:98:0b:51:4e:0d:71:f9:a1: 53:36:ca:1e:34:12:45:74:48:3b:49:fc:62:58:4c:19: e5:a3:20:97:de:f8:ef:c6:43:17:ce:61:6f:2a:7a:1b: 70:39:b6:ba:7e:7f:af:e9:37:47:aa:07:b4:64:57:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 46:2b:3d:df:f3:4e:fb:92:ec:83:cb:33:42:e3:ef:b3: 2a:a5:8d:4b:7b:0d:8d:6e:f7:68:84:bf:58:f2:2f:90: 8e:77:46:4b:65:3f:b9:93:7b:80:17:c5:0d:e7:c8:1e: 24:35:21:9d:57:11:5c:db:c4:93:55:4e:e7:0c:f5:60: 84:8a:02:cb:db:96:ff:7f:25:34:cb:be:b4:65:28:1d: e0:af:79:bb:07:e8:52:ec:ab:bb:2e:03:5a:9e:14:ec: 2e:07:f9:66:6b:8f:e8:66:bc:76:e7:e6:a1:45:0c:f1: 07:62:79:82:9d:05:c9:09:8c:97:3b:3d:42:1b:7b:3e Fingerprint (SHA-256): 84:CD:FB:51:D7:C7:6F:8F:5E:2B:8E:38:57:62:E8:45:26:4D:BA:F3:D6:40:17:71:B0:1A:75:5C:1B:D2:66:C0 Fingerprint (SHA1): A2:91:C5:2B:D6:49:0F:0A:04:66:E1:36:F8:F0:54:1E:6C:76:0F:B8 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #2378: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #2379: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #2380: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #2381: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #2382: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2383: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2384: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2385: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2386: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2387: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #2388: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2389: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2390: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2391: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2392: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #2393: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2394: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #2395: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2396: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #2397: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2398: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2399: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #2400: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #2401: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 26167 at Tue May 19 02:10:57 EDT 2015 kill -USR1 26167 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 26167 killed at Tue May 19 02:10:58 EDT 2015 TIMESTAMP chains END: Tue May 19 02:10:58 EDT 2015 chains.sh: Testing with PKIX =============================== Running tests for lowhash TIMESTAMP lowhash BEGIN: Tue May 19 02:10:58 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Tue May 19 02:10:58 EDT 2015 Running tests for libpkix TIMESTAMP libpkix BEGIN: Tue May 19 02:10:58 EDT 2015 TIMESTAMP libpkix END: Tue May 19 02:10:58 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Tue May 19 02:10:58 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #2402: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -f ../tests.pw cert.sh: #2403: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2404: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2405: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2406: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -f ../tests.pw cert.sh: #2407: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2408: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2409: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2410: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2411: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2412: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2413: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -o root.cert cert.sh: #2414: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -f ../tests.pw cert.sh: #2415: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2416: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2417: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2418: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2419: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2420: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2421: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -o root.cert cert.sh: #2422: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2423: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #2424: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2425: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #2426: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2427: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2428: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2429: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #2430: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2431: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #2432: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2433: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2434: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2435: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #2436: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw cert.sh: #2437: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2438: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2439: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2440: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2441: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2442: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2443: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2444: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2445: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2446: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2447: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2448: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2449: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2450: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2451: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2452: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2453: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2454: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2455: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw cert.sh: #2456: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2457: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2458: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #2459: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2460: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert cert.sh: #2461: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2462: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #2463: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2464: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert cert.sh: #2465: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2466: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #2467: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2468: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert cert.sh: #2469: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2470: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2471: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2472: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2473: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert cert.sh: #2474: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw cert.sh: #2475: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2476: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA.ca.cert cert.sh: #2477: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA-ec.ca.cert cert.sh: #2478: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2479: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #2480: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2481: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2482: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #2483: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2484: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2485: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #2486: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2487: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2488: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2489: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA.ca.cert cert.sh: #2490: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA-ec.ca.cert cert.sh: #2491: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2492: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #2493: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2494: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2495: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #2496: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2497: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2498: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2499: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2500: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2501: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #2502: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2503: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2504: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #2505: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2506: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2507: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #2508: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2509: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2510: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server -f ../tests.pw cert.sh: #2511: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw cert.sh: #2512: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2513: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA.ca.cert cert.sh: #2514: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #2515: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2516: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #2517: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2518: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2519: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #2520: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2521: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2522: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #2523: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2524: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw cert.sh: #2525: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2526: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA.ca.cert cert.sh: #2527: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #2528: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2529: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #2530: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2531: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2532: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #2533: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2534: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2535: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #2536: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2537: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw cert.sh: #2538: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2539: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA.ca.cert cert.sh: #2540: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #2541: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2542: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #2543: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2544: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2545: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #2546: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2547: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2548: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #2549: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2550: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw cert.sh: #2551: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2552: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA.ca.cert cert.sh: #2553: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #2554: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2555: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2556: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2557: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2558: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2559: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2560: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2561: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #2562: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2563: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #2564: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2565: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #2566: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2567: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #2568: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #2569: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2570: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #2571: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw cert.sh: #2572: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2573: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #2574: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2575: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw cert.sh: #2576: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2577: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #2578: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2579: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #2580: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2581: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2582: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #2583: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2584: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2585: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #2586: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2587: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw cert.sh: #2588: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2589: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #2590: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #2591: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2592: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #2593: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2594: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2595: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #2596: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2597: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2598: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #2599: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2600: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:89 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:09 2015 Not After : Wed Aug 19 06:13:09 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:d6:7c:0e:0d:95:a7:bd:d0:b5:ce:92:5c:69:38:5b: 8e:bb:db:31:df:5c:55:18:42:ed:c3:eb:6d:d8:37:60: 3f:ff:78:e4:a4:94:34:4a:46:2d:6e:70:a2:33:fa:39: fd:11:ea:75:37:ec:68:c0:a1:a4:71:c2:b0:c5:82:00: 04:24:eb:2e:23:bc:99:a8:ad:bd:ae:b6:82:c7:00:f2: 8f:b0:8d:e6:16:10:6e:8a:62:93:91:c6:24:f9:08:d9: 31:76:21:a8:fc:ea:46:32:eb:ae:68:bd:e8:1e:98:ac: 28:ae:f9:f5:24:b1:92:af:be:43:b6:66:f5:b1:21:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:bc:08:e5:d6:64:ca:6b:94:b4:0d:2a:b8:0b:80:1d: 32:b8:fb:bb:9b:9c:85:bf:8a:e5:14:7a:40:c5:fc:e5: de:3d:ff:d6:d3:1a:e8:10:08:9e:7b:fd:ec:b5:4f:fb: d4:92:78:89:cf:df:aa:7f:b0:b9:8a:cc:1a:99:ab:77: b1:4c:7a:6d:01:6d:30:c8:49:b9:fc:09:cd:c4:34:39: df:bc:1b:16:1f:65:68:60:04:c2:6c:98:a9:83:39:b6: 5c:12:d9:2a:dd:4b:ce:81:58:f2:01:4e:f9:b5:65:6b: ab:c6:97:9a:f7:c0:74:25:9f:e3:30:b4:d6:d5:ee:60 Fingerprint (SHA-256): 41:18:2F:0D:11:72:6C:1B:6D:1D:3B:72:86:BE:B9:5F:78:AC:5E:CE:82:BB:EE:D9:E2:39:C9:3F:59:F1:E0:BA Fingerprint (SHA1): 6A:74:1F:A2:D8:A9:01:F2:AF:37:3D:78:A2:20:4A:27:95:59:79:9A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2601: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:8e Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:11 2015 Not After : Wed Aug 19 06:13:11 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:06:8f:aa:21:ec:1e:cc:86:69:b7:12:b3:2b:96:29: 67:f7:bc:b5:bf:cf:02:f3:5a:a7:89:61:c2:7e:da:d4: b3:61:fb:09:17:4f:dd:4f:3a:05:d4:82:39:87:61:56: 0b:d5:83:a2:b8:35:97:26:d5:df:ab:9f:f9:42:a0:1a: a6:ea:c1:16:96:eb:b5:0f:25:61:73:35:de:4c:a5:e6: 92:dd:e2:a8:c5:0f:e8:7a:43:6a:81:e7:f5:0f:a1:d3: d8:d6:2d:2b:02:e0:76:13:32:f1:8c:73:49:88:0b:85: 65:16:0d:bc:8a:81:73:7b:2a:ee:66:5d:2e:43:f4:df Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1f:4d:c0:83:8e:5d:ad:1e:48:da:36:25:f2:1e:0b:e9: c8:ff:c8:4f:7b:5a:7d:9f:b1:97:84:2b:bf:b9:c3:e6: 9d:ea:f2:6b:37:b0:72:6d:0c:1f:5e:38:e8:e6:4e:88: 52:07:09:fd:c8:11:d5:6d:c8:90:8c:4f:f4:5d:5c:72: 0c:ae:e0:95:b5:c3:2a:78:3a:6c:97:2b:8b:27:ba:61: 2b:a7:b7:a6:b1:4d:41:a1:08:93:1f:07:82:1b:d9:fa: 44:73:c6:1c:04:0f:c9:d0:9a:5d:23:cb:9e:5b:ef:d8: 41:db:82:e1:9f:30:b4:bb:e7:d3:86:fc:1d:55:6d:85 Fingerprint (SHA-256): 04:76:E5:9B:E1:31:F7:63:85:6F:BC:AD:16:83:28:EE:35:6F:93:8A:E8:FF:A6:4F:C6:EA:51:C4:ED:B5:A5:F4 Fingerprint (SHA1): 6B:D0:45:67:01:D9:58:79:87:4B:BC:EB:60:7F:8A:9C:91:84:D0:AB Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2602: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:92 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:13 2015 Not After : Wed Aug 19 06:13:13 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:22:14:57:98:da:80:5b:5f:28:ea:f2:34:5e:c3:13: 7f:2f:e0:47:56:de:b2:e8:ef:b3:e5:cf:d0:88:27:1e: 31:4f:fa:b9:e8:3e:9c:86:b6:33:bc:c1:c6:4a:49:4c: f5:51:be:4e:94:10:f4:16:c3:67:25:3f:fa:c4:4d:81: 56:8e:a8:d7:73:d3:3c:34:d1:3c:db:b0:19:a4:11:eb: d3:b0:ec:02:24:f5:ac:4c:ae:47:8a:2f:01:e5:82:2c: 49:ee:63:37:39:fd:d4:95:03:1a:dc:98:3f:54:30:82: ee:c1:de:6f:15:6e:ed:d2:66:37:ae:1d:35:da:d4:13 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 01:8d:0c:77:ae:73:4d:aa:93:00:d1:57:8e:6a:bd:32: ec:27:94:86:2e:92:db:de:eb:d9:93:cf:69:1d:f9:be: c6:93:b9:7e:76:03:e6:b3:f7:28:34:60:47:80:21:e0: 3b:c3:24:83:91:d5:3e:d5:dd:d5:6a:46:41:64:74:23: 8f:35:95:3d:28:27:eb:0f:09:9f:4f:e2:69:09:df:fa: 2f:92:f9:f6:93:3f:13:a6:1c:01:09:9d:9e:28:2b:57: 7c:b9:12:07:c6:50:c1:35:e9:95:cc:01:54:69:bc:d6: 50:da:fd:a5:62:f5:b1:8c:93:c2:96:64:db:6b:81:9a Fingerprint (SHA-256): 02:77:AF:F0:1D:12:7E:50:09:64:C1:61:D6:A3:1F:D8:8D:C1:FD:9B:90:A9:BB:56:05:36:A9:6D:05:0A:28:D5 Fingerprint (SHA1): 6B:ED:A4:EB:0E:07:17:48:25:E6:F3:6E:85:B0:09:FE:C7:54:C1:F6 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2603: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:96 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:15 2015 Not After : Wed Aug 19 06:13:15 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:c0:6f:39:95:5a:77:3b:b2:fb:23:69:32:52:6f:48: 08:77:d9:b3:e6:db:5e:b3:c0:a1:82:e4:2f:f5:9e:c9: d8:ef:4e:eb:b4:a4:6d:7c:2c:ac:cd:85:60:10:94:a4: 88:04:a9:82:d9:85:d9:41:ce:91:3d:e9:28:f3:14:28: 48:13:c9:f2:43:cf:60:05:6a:ac:18:45:0f:91:02:b6: ee:da:52:eb:13:ce:b6:2d:b2:75:9c:43:e1:24:5c:26: 6b:7c:6d:d8:d9:89:5a:44:06:43:af:c8:ae:da:96:74: 65:1f:6f:e2:2f:3c:a0:bb:e0:f2:ba:5f:a4:48:2c:79 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0c:73:00:28:a5:5b:c7:23:4a:b4:1c:5b:5c:70:01:9d: b4:fb:b0:84:a9:2e:55:2b:c3:67:6e:5b:80:1e:fb:0d: e1:85:d9:8e:06:f0:ec:75:1f:43:92:c2:63:66:69:05: 9b:13:c5:27:b2:a5:6b:f8:8d:59:d8:5d:b3:5c:a7:02: e7:93:36:6c:37:32:94:87:0b:6a:48:ac:67:93:9b:e8: 10:a2:73:db:a9:6c:fd:73:10:d4:b8:0d:9a:7c:3e:5a: f3:28:30:83:27:f2:77:a9:59:76:6c:e7:e5:0e:4e:77: 27:a3:5f:ae:a5:db:b6:e0:d3:bc:7e:51:04:55:5a:8d Fingerprint (SHA-256): 07:8F:C9:83:84:3E:13:72:AE:A1:C1:BE:9E:79:44:02:39:39:D7:A5:32:F3:D6:9E:58:E2:E6:F0:AE:B2:43:87 Fingerprint (SHA1): C0:C4:FE:E8:B7:46:B1:FA:D0:78:6D:C7:3B:4E:60:8B:E9:D2:CE:85 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2604: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:99 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:17 2015 Not After : Wed Aug 19 06:13:17 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:56:ad:0d:b5:0f:ae:00:f0:bd:07:c4:52:60:da:6a: e1:42:27:85:89:23:e5:e8:4d:b1:af:0b:fe:77:8d:28: a5:19:45:df:20:be:2f:ac:23:3e:26:d9:bd:fe:32:d4: 7a:c8:46:c8:4e:10:67:ef:f3:e4:34:aa:10:df:7d:e7: c5:dc:7a:28:42:24:02:85:08:22:18:c5:f8:dc:ce:ac: e6:5a:99:0a:4a:4b:2f:08:fe:32:1a:87:12:26:03:9b: 46:2e:b1:97:7c:48:6e:df:5a:11:a7:32:92:e8:f0:d3: a3:db:c9:2b:c2:9f:a2:58:c0:8a:7c:32:f1:2d:06:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 51:45:d6:6d:bb:82:63:c9:03:32:84:ff:6a:8e:df:3e: 77:b5:22:2b:3a:53:ad:2e:aa:6f:a9:ac:62:df:8d:b2: b5:f5:b9:f7:dd:e6:86:58:e9:ff:19:06:4d:13:b9:97: 8f:5e:dc:75:21:a5:31:f4:00:75:1b:29:ee:3d:55:40: 38:54:94:5e:42:68:66:76:18:59:76:83:e7:f1:01:00: 8d:be:dc:5f:64:2a:39:54:ff:e0:99:e8:ad:ec:3e:e0: b1:f5:9e:ff:1f:14:be:71:4e:d4:7d:b9:49:04:54:36: 60:7f:2a:01:af:2f:20:d1:0e:7c:ef:47:fd:b4:20:5f Fingerprint (SHA-256): 8C:9B:CA:07:25:08:EF:EF:2F:EE:7B:A9:94:6B:3F:84:90:D2:35:72:32:97:C8:F3:5B:75:74:BF:5B:B2:29:DE Fingerprint (SHA1): C4:54:BF:F0:89:B7:BC:83:1A:DD:7B:34:C2:25:38:3A:6F:2D:E4:99 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2605: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:9e Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:20 2015 Not After : Wed Aug 19 06:13:20 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:92:c1:38:d2:bf:b9:52:c5:51:7e:68:8e:0b:dd:13: 81:f8:19:cd:74:38:c4:db:cf:04:21:2d:94:8e:c1:43: d1:df:76:ef:bb:4d:fa:07:e9:6d:8d:8b:f3:8f:68:c6: ef:d5:8c:50:b8:ed:3a:cf:b9:c8:2d:23:2e:42:24:c5: f1:df:fd:61:93:5d:ee:cf:11:af:af:20:3b:74:16:34: c8:33:e8:52:dc:36:b6:2f:dd:5b:b0:96:69:33:e0:3a: aa:2a:eb:07:e3:95:75:fc:5d:dc:c0:66:84:2b:99:f0: 79:6b:81:a4:11:c6:c3:15:48:a7:83:dd:8c:13:6e:cd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 32:66:9a:c1:50:94:5e:af:33:01:06:67:fb:2f:7c:75: 33:9f:e4:ea:28:4e:17:f6:74:20:eb:62:1b:4d:2f:95: 97:6f:84:f5:d0:0a:57:63:01:ba:8d:58:ec:e0:7b:7e: 08:1a:10:69:53:6d:3c:bb:30:3d:6a:86:0d:aa:0d:63: 44:65:ed:f7:e7:b3:4e:1f:7d:99:e4:31:98:6f:5b:a9: e4:ef:71:6f:64:8c:1d:b3:f6:7d:e7:92:d3:e9:04:50: 29:ae:23:4f:c5:a8:3d:07:3a:64:d0:82:3b:e3:17:3a: 30:d1:e9:55:b4:fc:72:ad:f7:8c:4b:f3:14:58:07:57 Fingerprint (SHA-256): CB:78:63:BE:21:C6:BB:6C:45:48:10:0A:4A:90:58:B7:79:DE:C7:2D:A5:7D:77:FD:C4:FF:1E:20:FE:63:E1:63 Fingerprint (SHA1): 6F:CF:D8:94:06:91:BD:23:2B:D7:14:F9:DF:11:56:EE:12:C3:01:CD Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2606: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:a4 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:23 2015 Not After : Wed Aug 19 06:13:23 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:ec:04:c4:03:b8:c1:80:b9:84:98:a3:ca:91:6f:0a: 31:9e:a7:77:35:2f:d7:21:9f:13:fb:0f:ec:cd:27:d0: 47:30:b5:0b:d9:f9:7c:d0:43:8b:dc:57:35:e7:70:79: 03:9e:11:40:64:61:18:74:57:53:d8:35:41:d0:75:15: 02:85:df:d5:43:24:64:63:7b:01:44:4a:88:33:0b:b0: 84:85:cf:28:0f:b3:a9:8c:8a:51:da:85:45:94:cf:7f: 43:3f:dc:4c:d3:d9:fd:21:38:96:da:79:37:bc:34:4b: 34:25:70:24:8b:9c:e8:dd:2b:99:98:10:5e:6d:c7:db Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:71:85:0c:b1:71:6e:b8:9d:f9:a8:a6:eb:37:b1:c9: db:d9:25:74:f7:cf:34:50:f2:2e:83:c7:61:55:50:52: ae:6f:cc:4e:8d:67:d8:8b:6f:d6:e1:60:49:86:46:3d: c9:20:d5:62:1a:6f:31:42:7f:9b:d7:39:40:fc:7e:f8: 4e:59:b5:ea:64:ad:1c:fc:58:2a:a8:6f:1e:d6:01:b9: 06:1d:6d:63:78:b4:4a:83:bb:c5:a4:30:ce:a7:53:53: fb:f3:8f:d8:fc:50:36:b3:32:d9:3f:66:38:f7:8e:fc: e5:c5:20:3d:f6:67:3c:fe:24:c0:26:6d:14:d8:51:67 Fingerprint (SHA-256): 9A:CD:50:DC:1D:C4:31:FE:D5:F6:3E:53:77:3E:FD:B9:91:91:48:6D:F1:74:37:D7:EA:8D:FE:FC:63:A9:D4:89 Fingerprint (SHA1): 7B:7F:C5:44:F8:1E:6E:77:27:CC:E9:41:DE:BF:6A:C4:E4:0D:F4:53 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2607: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:a7 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:24 2015 Not After : Wed Aug 19 06:13:24 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:94:bd:55:61:1c:3c:e3:53:d6:4c:6c:76:01:06:a2: 73:02:72:a1:05:9b:b2:e7:71:86:40:a7:03:ca:f1:93: a8:6b:3e:36:fd:7d:34:db:98:7c:dc:ed:7b:55:0f:99: 9a:f6:b7:7f:63:89:86:e3:b6:18:56:e9:8e:38:59:20: 86:a6:dc:4f:02:96:99:03:42:30:42:46:7b:01:86:ca: 05:46:b4:8b:7f:e8:d8:24:74:ab:39:48:e4:ee:e7:ad: 3b:ce:bf:79:5a:9c:99:c4:30:51:fb:34:c3:7b:db:43: 9c:d4:6d:c7:84:20:8a:f2:1f:ab:a1:58:09:93:e9:11 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 47:22:83:4a:2b:ba:97:7d:31:a7:7f:03:74:ec:11:57: 2f:48:94:96:08:41:b5:48:cc:ef:c7:b9:88:66:a6:e2: cd:68:bc:31:48:a7:a4:54:0f:26:17:23:65:36:e5:56: 5b:f3:38:2f:bb:eb:13:00:04:33:ca:f0:12:c2:e8:18: 7c:f9:a5:c7:c0:10:2a:e1:33:8e:44:a4:fd:1c:9e:47: d3:4b:a9:76:69:10:6a:fa:f2:c6:2b:40:f4:36:bc:1b: ee:24:54:5a:51:5c:83:b7:22:8f:64:69:06:e9:6f:53: 4a:58:f3:4d:c6:33:19:8a:4a:ab:89:56:04:a0:28:e4 Fingerprint (SHA-256): 93:B2:EB:20:8F:21:01:1B:A6:09:27:B0:BC:77:BE:A4:0D:F4:55:4E:8B:C7:57:04:C3:78:77:63:84:03:65:E8 Fingerprint (SHA1): C0:0B:95:3B:06:87:63:7F:E1:A8:2D:C0:1F:C0:0F:ED:58:72:66:F0 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2608: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:ab Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:26 2015 Not After : Wed Aug 19 06:13:26 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:1e:4d:49:a8:e6:64:f4:9c:7c:a1:67:4d:8d:aa:ba: ae:ce:ce:f0:91:1b:88:96:3b:e6:a2:ff:db:5f:c1:00: c2:60:9f:08:5c:05:c3:30:f7:21:cc:ae:ce:fd:1d:e1: 89:57:40:55:1b:15:eb:b7:f6:5e:b5:0b:27:9b:b5:96: b9:67:4a:b3:e7:2b:d8:71:3e:31:75:44:f0:bd:b6:dc: 0f:2c:95:86:2d:e1:9d:4f:01:ca:86:0c:48:b3:0e:83: 4b:94:3c:fc:85:41:44:2b:5f:2a:8f:e1:eb:44:e1:ca: 5d:55:6d:c5:83:a9:ae:c4:9a:90:5f:f1:61:2d:d8:db Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8e:51:b0:b7:d6:80:bf:d9:65:53:32:55:89:22:db:53: 8c:9b:c8:c4:b1:16:b4:fa:56:ba:e5:e6:36:dd:00:7e: 69:55:b3:92:1a:ff:81:85:82:28:04:6f:3f:4a:90:51: 50:b6:93:fc:d2:b4:f9:5b:57:67:e5:14:ea:92:d8:b3: 04:36:d0:44:71:e6:8f:89:33:54:9b:08:7b:5e:06:04: 59:ca:aa:d5:f4:53:a8:93:80:4a:7b:94:02:52:3f:e0: e9:86:31:37:df:b8:6a:2c:a1:0e:8b:9b:d6:24:65:77: 36:13:0c:18:44:f5:97:36:63:a8:44:5f:4f:af:e8:ca Fingerprint (SHA-256): 73:00:09:C4:C6:CE:D8:DE:BA:B8:48:A9:89:EE:A1:CF:40:B6:DE:7E:8F:C8:81:0A:BC:8E:3B:EE:2C:D8:3A:08 Fingerprint (SHA1): 44:5F:D7:1A:3E:F6:8B:81:BA:19:51:79:DC:A2:ED:A0:E8:1E:3F:62 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2609: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:ae Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:28 2015 Not After : Wed Aug 19 06:13:28 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:1e:5d:5e:a5:a5:46:78:cc:75:81:c0:db:9b:ef:21: 24:18:29:57:77:e3:fb:34:eb:96:90:e8:3f:29:cd:e2: 1b:2b:44:8b:f8:ac:3c:bf:ab:1b:e8:49:60:e3:11:eb: 6f:44:66:bf:8a:e5:a8:ed:e5:47:46:d4:18:41:97:db: ed:59:db:7e:00:a7:a0:14:9e:a9:95:8c:26:41:c8:1f: 2f:0e:a3:98:54:d8:79:f0:b9:89:86:3e:df:f4:99:87: 18:ec:ab:f2:bb:7a:6f:ba:c6:e9:fc:59:ec:e5:8b:8d: d3:89:a0:02:f0:b4:92:07:7d:10:8b:f6:17:a0:97:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 56:c3:6c:bf:74:84:69:28:35:56:98:d3:9c:5b:6f:d9: 60:54:29:4c:70:d6:d9:5f:3a:74:c7:07:34:7b:52:fb: 5b:be:ab:fd:2d:84:01:e9:7c:1b:a0:ae:9f:85:f6:e8: 42:55:a8:72:4a:92:cf:53:c6:f1:b6:f6:e0:68:0c:08: c1:98:a4:5b:c0:6d:df:28:2d:bb:69:f5:80:87:ef:bb: 53:eb:fb:dc:16:79:85:c7:d3:32:6c:40:a1:b8:42:8b: 84:28:9a:d6:cc:51:97:ae:3d:e9:f6:1f:7c:0f:4e:5e: 96:1f:31:ac:a4:c3:cf:3a:91:b2:24:f9:af:6e:2b:e1 Fingerprint (SHA-256): D5:55:50:C9:71:37:12:FE:CF:06:37:3E:23:13:0C:46:AD:78:AB:44:A5:43:06:98:B3:75:99:9C:F4:C3:81:E0 Fingerprint (SHA1): EA:51:BF:1A:69:8F:EE:F2:27:85:9E:A5:CA:09:D8:1E:4A:B1:88:7E Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2610: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:b3 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 06:13:31 2015 Not After : Wed Aug 19 06:13:31 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:84:ec:70:dd:9b:eb:39:e2:05:ec:d1:b2:60:48:fa: 36:33:2f:2c:c8:c9:90:29:d8:bd:35:7e:a5:f8:63:25: 0d:96:b7:95:9d:88:42:cf:23:b5:01:20:73:5a:b4:b5: cc:08:b3:70:d9:96:dc:60:2d:3e:9b:b0:c9:c8:58:7e: d0:02:c6:84:81:50:93:1c:33:d4:9a:7c:e7:03:df:da: a6:aa:78:ba:89:ce:4b:cb:31:e1:7f:d4:c5:06:7e:84: 98:34:ea:a9:e8:73:6e:b1:d6:99:c8:ae:af:65:5c:de: d0:d7:77:3b:61:e8:11:df:74:8d:91:f0:82:19:c2:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a8:a7:aa:cf:d2:1a:39:86:0f:cd:ef:1e:9a:4a:2d:0f: 57:4e:aa:4f:a0:00:c1:e4:ae:08:e3:67:75:c8:ad:4c: 32:9a:8a:54:d3:28:2d:34:a0:60:8b:e7:d4:72:8a:c8: 0a:c6:74:25:d3:36:cf:fd:ea:5f:13:6d:4b:52:e5:ed: a8:08:ed:47:ae:4c:21:67:0d:d2:50:92:de:14:23:90: d4:b8:9c:3b:d7:af:12:5d:0b:11:01:df:62:95:c8:a6: 29:13:6c:8c:0b:f2:be:63:11:fd:3f:d4:c0:3e:c1:e7: 9b:fb:1c:90:59:74:03:a0:51:5c:6e:2c:86:76:ee:c4 Fingerprint (SHA-256): 27:35:C0:18:BD:0A:04:B6:F5:56:BD:65:F2:32:1F:40:F8:07:C4:19:D1:A4:A9:1D:AF:F3:38:19:FB:9B:86:42 Fingerprint (SHA1): D9:C5:50:29:62:D8:F6:7C:9D:83:51:41:47:10:D9:F1:C8:47:13:49 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2611: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2612: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #2613: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #2614: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:bd Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 06:13:36 2015 Not After : Wed Aug 19 06:13:36 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:e1:38:d4:ca:c2:a2:09:cc:7c:30:b0:da:2d:e5:57: ea:c6:d8:2e:d4:e7:69:e6:43:e2:39:4a:c9:4d:57:f6: 94:a8:99:8c:6d:29:af:8c:11:a4:d8:5a:e1:e9:8a:1a: 53:df:d4:df:f7:5c:22:56:07:22:1c:cc:dd:fc:37:05: 91:53:20:87:3e:b5:7b:65:d7:fb:94:ee:12:40:76:cf: ff:07:45:9d:9c:8e:c7:72:6b:ab:66:56:c7:d5:4b:3c: 57:fc:7f:2d:27:c2:8d:46:d0:50:a8:7e:fa:2c:ac:e6: cf:e8:83:cb:12:43:9e:bf:7b:ff:5e:11:88:21:9b:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:9e:40:88:cf:d3:3f:0b:68:a4:39:bf:76:ca:a0:18: d1:fb:35:af:c2:88:7d:d7:bc:b8:b3:fa:0d:97:80:aa: 8f:7b:68:a3:40:ac:2d:c2:97:8e:f8:b5:08:cc:1b:89: eb:d2:df:a0:aa:d3:17:7c:f8:52:2e:7c:4c:7c:38:ae: 42:18:73:02:03:af:a0:cc:79:da:f0:13:7f:69:bc:34: 47:7b:1d:97:a9:f5:46:0d:05:03:19:12:d3:cc:c7:87: 1e:b0:c1:cb:8f:c8:ac:33:31:af:d2:99:08:9d:7b:5f: 41:07:d1:1e:ef:bf:15:17:e2:b9:aa:53:0f:c8:bb:d8 Fingerprint (SHA-256): 97:D0:2E:DB:11:2F:E1:68:6B:6E:36:98:84:45:CA:C1:2D:3C:E1:6E:65:57:6E:42:DC:4E:1C:E4:84:E1:E3:C6 Fingerprint (SHA1): E3:4F:A5:5B:44:59:1D:25:E3:6C:A3:8A:4F:B1:88:D1:C2:69:91:31 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2615: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der cert.sh: #2616: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2617: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2618: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2619: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2620: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success cert.sh: #2621: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #2622: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:26:ce Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 06:13:45 2015 Not After : Wed Aug 19 06:13:45 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d5:1a:a1:5f:59:af:d6:17:2b:06:e8:56:39:3f:ae:98: 0d:0d:88:93:da:15:d5:ef:e7:bb:e0:62:dc:d5:43:2b: e9:51:81:6b:49:e0:bd:a1:63:64:6e:be:76:e8:89:a1: 3c:b9:d8:fc:c7:5d:df:ce:bb:5e:6b:e1:02:1c:fb:b5: 1a:3b:7e:26:55:63:8b:af:4b:de:44:1d:38:a3:14:9b: 03:de:e3:83:4f:03:e4:8e:76:dd:0a:5e:df:7f:91:0b: 54:7a:46:48:2a:51:cd:2f:f6:58:02:57:ea:8a:6e:0b: f8:45:e6:53:d1:3c:de:1c:8d:fe:a2:04:e4:21:21:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 89:a4:25:b7:f0:d3:c7:1a:a8:cf:33:da:30:67:6e:67: d0:f6:b6:e7:f9:c3:9f:b8:d1:e1:e4:4b:24:26:d5:fa: bf:a4:e8:cb:ed:7e:77:3b:d0:fa:13:6a:88:1e:b9:47: 9f:8f:07:33:c4:71:e4:41:29:32:ab:10:a8:9f:77:fd: 35:43:68:66:56:07:57:9a:65:f1:03:eb:17:94:b2:df: a4:06:d8:fc:8b:83:90:c2:92:7d:11:82:70:ac:d1:f3: d9:0f:b0:a0:bc:66:2c:ee:24:59:fa:bc:87:c1:37:6b: db:be:0b:4c:b7:a1:30:01:30:29:00:be:6b:44:e4:2a Fingerprint (SHA-256): CD:88:DA:B0:67:45:6F:D0:3D:70:04:F6:6D:CF:B2:21:A5:90:DF:11:B7:2D:A5:13:E0:C6:61:8F:B0:19:A5:DF Fingerprint (SHA1): 2E:8C:60:B4:C3:98:2A:BF:28:93:D6:C2:1E:18:C5:3D:C4:FD:6B:0E Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #2623: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #2624: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #2625: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw cert.sh: #2626: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2627: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #2628: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -o root.cert cert.sh: #2629: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #2630: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2631: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #2632: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2633: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #2634: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA.ca.cert cert.sh: #2635: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #2636: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2637: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #2638: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2639: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2640: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #2641: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2642: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2643: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #2644: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2645: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw cert.sh: #2646: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #2647: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -o root.cert cert.sh: #2648: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #2649: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2650: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #2651: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2652: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2653: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2654: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2655: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2656: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2657: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2658: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2659: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2660: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2661: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2662: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #2663: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #2664: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #2665: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2666: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #2667: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2668: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2669: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #2670: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2671: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2672: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #2673: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2674: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2675: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #2676: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2677: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2678: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #2679: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2680: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2681: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #2682: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2683: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2684: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #2685: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2686: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2687: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #2688: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2689: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2690: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #2691: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2692: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2693: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #2694: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2695: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2696: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #2697: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2698: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2699: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #2700: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2701: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2702: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #2703: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2704: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2705: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #2706: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2707: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2708: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #2709: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2710: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2711: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #2712: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2713: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2714: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #2715: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2716: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2717: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #2718: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2719: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2720: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #2721: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2722: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2723: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #2724: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2725: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2726: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #2727: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2728: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2729: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #2730: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2731: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2732: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #2733: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2734: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2735: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #2736: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2737: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2738: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #2739: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2740: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2741: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #2742: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2743: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2744: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #2745: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2746: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2747: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #2748: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2749: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2750: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #2751: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2752: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2753: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #2754: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2755: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2756: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #2757: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2758: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2759: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #2760: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2761: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2762: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #2763: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2764: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2765: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #2766: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2767: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2768: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #2769: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2770: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2771: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #2772: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2773: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2774: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #2775: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2776: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2777: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #2778: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2779: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #2780: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #2781: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #2782: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #2783: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #2784: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #2785: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #2786: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #2787: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #2788: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #2789: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #2790: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #2791: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #2792: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2793: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #2794: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #2795: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #2796: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Tue May 19 02:15:54 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Tue May 19 02:15:54 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2797: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 50:55:a3:8a:ed:aa:8c:62:85:6f:72:ae:cb:85:4a:a3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2798: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2799: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2800: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2801: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f1:c1:ae:60:4c:7e:83:03:15:08:15:b7:67:d6:69:f6 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 06:11:16 2015 Not After : Tue May 19 06:11:16 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:4f:55:89:fb:e5:24:f5:d0:9b:fe:fd:13:b1:2e: b0:35:fc:ee:e6:a5:28:29:8d:52:29:6a:73:98:2c:f3: dd:f3:4e:f7:72:52:07:b5:5e:9c:4a:51:77:95:f3:43: ff:7d:b0:de:43:be:92:83:ed:1b:50:ae:26:74:cf:ae: 57:42:f0:00:43:aa:5f:b2:82:44:a6:b8:f8:c7:4c:fe: b3:e2:7e:05:c9:36:9c:b4:bf:19:a3:ba:04:99:fd:0f: ad:d1:4d:a0:65:e4:dc:47:61:c1:1e:9c:94:68:ca:12: c4:54:c7:69:61:aa:61:ad:48:97:e9:fc:2c:4a:ac:5e: 3c:df:33:00:ef Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:42:00:b8:9d:42:93:46:a1:b6:6a:ee:2b: 34:61:6f:14:89:b7:79:d3:2f:21:4e:0b:4c:9c:6c:b5: 48:cc:21:16:a4:fe:a1:4c:cd:f6:48:40:12:c1:34:59: ef:20:c2:9e:de:d0:be:9f:b2:03:8e:0f:67:58:46:e4: 3a:68:f6:78:c3:f4:48:02:41:62:e2:b0:93:d7:7f:19: 07:ce:59:fd:9d:ab:03:8c:08:03:d3:ca:1e:13:56:77: 91:86:69:1c:64:f1:88:8f:c5:03:a6:ee:32:36:1f:5d: 71:07:08:4f:6c:47:50:ea:a7:7d:3d:d0:d4:4e:52:a4: 82:08:d2:55:97:e0:ff:b5:13:94 Fingerprint (SHA-256): 80:D0:DF:4D:1F:C1:53:D4:DB:DC:AA:D0:39:86:87:98:33:8C:C8:EE:FF:C3:22:19:71:0E:2F:9A:DB:03:4B:80 Fingerprint (SHA1): A6:5A:5A:5E:91:86:89:E8:CB:4E:B8:7D:AF:6B:35:39:10:8B:8F:31 Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 06:12:18 2015 Not After : Tue May 19 06:12:18 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:cd:27:b7:7e:fb:e5:56:ca:cf:11:6c:cd:41:d4:a8: 5e:c1:a8:c2:37:b6:d6:b7:cb:a4:81:f7:96:39:66:f5: 32:f7:63:ba:04:00:38:f9:f0:6a:82:0d:3e:c0:09:76: 43:55:ae:c7:b8:1b:85:d2:48:c6:36:25:79:15:02:1f: 4a:bb:bb:19:fc:c9:5b:09:d2:67:be:54:89:fc:83:93: 6b:e5:1e:c6:e2:a4:70:0f:ee:a5:39:5e:40:52:90:ed: be Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:42:01:c7:8f:06:5a:25:69:83:0a:0e:1e: ff:8e:84:4f:e3:6d:b4:c6:da:3d:bb:e3:af:b1:41:a2: 4d:71:72:1d:51:12:0b:81:05:a8:73:84:88:cb:71:b6: 72:de:e2:cd:c7:3b:b2:b6:26:f9:5f:14:25:0e:6a:16: 1b:db:61:b5:6d:46:7a:02:41:6f:cc:60:b1:f1:3d:4d: e2:b5:07:15:16:47:60:71:d1:08:9e:ec:24:ea:af:7a: 40:f5:c9:96:6e:ad:9d:4a:c7:d5:d9:ed:f9:1d:c1:e0: 6f:05:47:6d:a3:e2:d1:0c:8f:43:ac:69:84:e0:33:1b: ca:3f:97:45:89:bf:48:6f:be:dc Fingerprint (SHA-256): 6C:19:0A:B4:D2:31:67:1F:30:5F:4D:E8:3B:86:31:B6:74:7C:68:1C:B6:56:26:C9:C0:D3:5E:86:BD:3F:F4:10 Fingerprint (SHA1): A3:15:A1:0D:E0:B3:B4:3A:D4:B1:3E:B6:F5:52:05:D9:9D:96:24:AC Friendly Name: Alice-ec tools.sh: #2802: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2803: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: e4:bf:56:66:25:17:75:27:9d:90:0b:76:51:c2:90:31 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2804: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2805: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2806: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 3e:e5:44:44:01:5c:dd:ff:74:da:f6:ce:db:bf:3f:4a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2807: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2808: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2809: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 10:a7:24:7c:96:33:38:70:dd:36:b5:13:ba:40:63:8d Iteration Count: 2000 (0x7d0) tools.sh: #2810: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2811: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2812: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: bc:da:b6:22:9d:c5:66:21:a3:60:30:e3:aa:f0:de:f0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2813: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2814: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2815: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c8:44:0c:e0:49:03:b0:84:f1:31:2b:e5:55:c2:f2:60 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2816: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2817: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2818: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 35:cb:31:05:93:09:62:2d:e9:d9:89:13:26:c9:06:1a Iteration Count: 2000 (0x7d0) tools.sh: #2819: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2820: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2821: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: da:a0:7e:f3:15:1e:80:7a:e0:20:52:a8:27:2d:53:98 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:34:f3:3e:40:a8:c3:ea:51:f6:bb:9d:ac:a3:3b: 41:c2 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2822: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2823: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2824: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 65:e2:36:72:6b:ce:a9:13:d6:5f:49:3a:2e:d2:7c:29 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:68:f1:a4:a6:c3:96:b5:18:28:ba:5e:76:ed:34: 17:93 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2825: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2826: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2827: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 9a:b7:85:a8:f5:59:46:50:1a:35:1e:1d:0a:1e:ea:0c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:3e:1e:d6:d5:78:86:d8:05:04:50:3a:83:5a:54: aa:38 tools.sh: #2828: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2829: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2830: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ef:8c:58:76:80:4b:f2:cf:11:53:80:a5:b9:da:e3:6c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:ff:16:98:7d:80:f4:f6:e3:3f:24:54:af:8c:76: 91:9e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2831: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2832: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2833: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b3:8e:26:c9:e0:99:96:7a:c8:b8:50:17:e7:0e:60:ae Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:e2:1f:8e:7b:6d:62:31:56:cf:93:e7:33:b6:82: 3a:5e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2834: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2835: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2836: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 46:5c:c4:ae:2e:82:dd:3d:22:67:7c:0c:10:c0:8e:03 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:4f:1d:7d:85:0d:ea:dc:b8:81:50:e5:78:0a:be: 5a:fb tools.sh: #2837: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2838: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2839: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 8b:25:d9:a0:20:cd:ae:c8:7a:0b:84:4d:2a:02:83:af Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:93:97:d8:f2:84:59:34:b5:f8:d0:8a:4c:92:01: 03:e1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2840: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2841: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2842: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 57:5d:10:89:2f:c0:ba:19:e8:7f:ee:e9:db:25:ca:a5 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:0e:f6:47:52:63:5a:67:40:40:a0:73:b2:cd:9d: 93:ea Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2843: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2844: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2845: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 40:37:68:69:d6:d3:54:04:3a:7c:25:fd:e9:a7:31:17 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:dd:41:72:5b:ec:43:3e:4a:ae:bd:6f:5a:cb:16: 83:0e tools.sh: #2846: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2847: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2848: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 12:e9:33:4b:46:81:87:2e:18:87:90:42:ff:f3:f1:e7 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:50:89:3d:0c:63:ca:8f:ba:19:1d:fa:26:93:72: d6:15 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2849: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2850: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2851: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5a:12:9d:91:8f:4f:18:1d:9f:28:0a:fd:40:ef:dc:97 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:73:f7:87:f1:1d:72:70:ad:4f:89:7e:50:f3:12: e3:e1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2852: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2853: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2854: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 34:d8:48:67:8e:1d:35:2e:e2:c6:00:b2:21:f1:3c:3a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:90:90:87:3a:2c:02:09:f3:b5:dd:98:70:7d:b9: 17:fa tools.sh: #2855: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2856: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2857: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 11:4c:df:2a:a6:3e:15:50:da:d2:f5:23:8b:e0:f7:07 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:2e:fe:f7:04:f2:dd:ab:99:a8:6b:6c:4e:b8:83: 3a:6c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2858: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2859: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2860: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: e0:4c:d0:50:76:ea:56:35:26:d0:57:29:ec:db:8f:f2 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:39:5e:ef:df:95:dc:f1:df:e2:e9:ae:69:96:50: 24:28 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2861: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2862: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2863: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 05:c2:cd:9f:c8:f1:2e:9a:e6:ee:0c:fc:2c:91:fb:f8 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:21:ba:91:c5:00:3e:5d:65:a1:64:c4:42:d0:7b: 51:11 tools.sh: #2864: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2865: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2866: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: b9:3b:3e:13:bb:63:d7:3f:64:b7:d7:1d:c8:d6:3b:47 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:e5:97:bc:81:1e:3f:f5:cc:54:b5:c1:b4:e6:bd: 9b:8c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2867: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2868: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2869: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 34:59:e4:16:15:1b:20:e8:f5:2c:f2:1e:61:3d:57:ea Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:8a:48:82:59:f1:bd:38:7b:0e:35:8b:df:47:e5: 1a:1e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2870: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2871: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2872: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c6:01:ba:14:3a:8b:55:0d:fd:63:9b:b4:df:69:54:e7 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:78:20:50:39:70:94:22:9a:5a:fa:26:6d:20:df: 1d:bb tools.sh: #2873: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2874: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2875: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 90:d8:3a:af:cd:b7:e6:59:f4:f6:bf:8a:ad:f6:4e:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2876: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2877: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2878: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 24:5d:83:02:04:24:cf:ec:61:33:87:0f:99:39:50:37 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2879: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2880: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2881: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: f6:f0:6a:b9:15:1f:d5:4e:4f:14:ca:dc:68:43:ce:34 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2882: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2883: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2884: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 25:2f:13:dd:a0:b6:60:e3:27:31:c7:0f:bd:a1:ae:33 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2885: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2886: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2887: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 41:2e:72:ff:34:5f:9f:43:34:06:36:b3:4c:2d:ee:33 Iteration Count: 2000 (0x7d0) tools.sh: #2888: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2889: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2890: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: ee:c3:b0:29:6b:de:a0:70:7c:26:fe:45:0e:cf:e5:45 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2891: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2892: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2893: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: e7:19:b9:d0:57:77:ef:67:fa:d3:aa:17:a0:ab:3e:01 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2894: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2895: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2896: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 57:84:35:2e:6c:e0:43:0e:be:99:87:c6:47:7d:a0:3f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2897: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2898: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2899: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 1b:d8:66:45:fe:55:9b:7a:41:c8:cd:d7:ae:3f:aa:02 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2900: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2901: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2902: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: cc:cb:33:8a:8c:10:01:22:b7:76:4e:c6:bb:f9:e9:bc Iteration Count: 2000 (0x7d0) tools.sh: #2903: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2904: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2905: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 07:e6:ce:10:2b:75:ef:62:76:aa:eb:56:46:b9:f7:56 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2906: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2907: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2908: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 5e:82:3d:ad:89:58:c2:5d:96:88:a4:e1:64:ec:17:2e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2909: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2910: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2911: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 7e:4f:a8:13:ae:ab:c6:a6:77:ce:3c:93:25:02:50:3f Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2912: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2913: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2914: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 99:9d:ce:41:5c:7e:82:d9:bd:d6:d2:9c:56:d0:7b:f2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2915: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2916: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2917: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 4a:17:0d:ce:77:53:bd:67:37:69:e4:bf:b6:01:3e:8d Iteration Count: 2000 (0x7d0) tools.sh: #2918: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2919: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2920: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 12:4e:c9:63:2e:6b:9a:c1:ed:19:42:79:e6:5e:b9:da Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2921: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2922: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2923: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 09:ba:79:66:a6:ac:e4:ad:96:77:08:79:b5:67:d3:df Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2924: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2925: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2926: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ab:30:a4:e5:ed:e2:25:8f:5a:f2:46:d1:89:a8:b3:4e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2927: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2928: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2929: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 44:10:89:13:2b:a0:8b:f1:ff:d3:41:5c:ea:51:78:09 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2930: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2931: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2932: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 7f:6a:ab:b3:15:8c:b6:3a:fa:23:21:d1:d9:93:8e:20 Iteration Count: 2000 (0x7d0) tools.sh: #2933: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2934: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2935: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 4e:99:e7:d7:15:ac:4e:a4:57:9f:60:e5:fe:45:b6:4c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2936: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2937: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2938: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ec:59:ce:71:57:9a:2f:0f:ca:69:d3:07:9d:4d:43:c0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2939: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2940: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2941: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a7:7c:6b:84:5d:6a:a1:4a:0b:20:7a:66:38:70:dd:94 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2942: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2943: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2944: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 0a:36:72:7d:c4:b5:0f:d4:ba:c2:23:36:13:a5:e8:ef Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2945: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2946: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2947: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 42:67:bb:5e:a9:2e:38:d6:6a:67:7a:79:3d:a3:bc:3e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2948: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2949: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2950: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b2:10:85:af:92:b8:27:8b:97:25:0a:08:af:5b:d9:85 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2951: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2952: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2953: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c9:b5:14:1d:45:2e:9b:7d:5e:ee:6f:93:2c:98:96:2e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2954: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2955: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2956: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 89:f3:ff:67:9e:23:20:58:ed:3e:97:08:3e:6a:20:07 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2957: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2958: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2959: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: da:5c:15:ec:1e:03:ad:7d:8d:2e:62:f0:2f:dd:89:a8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2960: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2961: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2962: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b9:02:e2:32:3d:e1:14:58:3f:11:74:c8:de:2a:49:4d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:11:00 2015 Not After : Tue May 19 06:11:00 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9a:65:db:c2:b5:ab:70:e4:5c:1e:cc:29:1f:fe:83:ff: ee:02:67:5a:1f:74:13:82:63:3b:c0:db:0a:fb:af:ac: ce:fb:d4:8f:ed:11:e9:94:59:a4:f5:6a:19:20:34:8c: 3d:0f:a0:33:63:1e:de:eb:18:b7:70:fc:34:5f:97:b6: 0c:6c:fd:a0:dd:26:d1:2e:74:37:76:58:4e:a4:16:e6: de:d9:4a:1b:82:1d:95:3e:4b:4d:07:a0:cb:7b:c6:b0: 9b:ad:05:69:00:62:d6:3b:fb:44:8a:c9:91:ae:38:01: 63:05:3a:5b:3a:a2:bc:c2:a5:77:35:9f:d5:69:b7:e7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5d:aa:4b:cd:a5:22:34:9f:8b:98:e1:25:31:71:c5:0a: 72:33:cb:88:cf:34:f5:28:f9:f7:cb:25:40:73:5f:58: 7f:d2:d7:9c:33:14:26:95:9b:86:db:7e:93:cf:65:68: 10:a5:df:7e:47:fa:ef:a0:6f:9e:63:ad:c2:d5:dd:42: cb:3b:f3:91:b5:de:0d:d9:95:e5:66:f8:2e:7e:7f:b4: f1:95:54:35:48:8d:a2:41:03:21:07:38:af:79:97:68: 14:65:d9:c9:db:6d:62:43:70:5f:48:5c:76:ff:f7:cf: f9:02:4a:62:b2:8b:76:ef:7f:a3:1b:c4:14:91:a8:c6 Fingerprint (SHA-256): A6:90:45:BE:F2:47:FD:9D:A4:61:E5:63:83:E7:F9:0C:26:19:76:EE:9D:CB:B4:C6:22:EC:5A:B5:EC:A4:E5:A4 Fingerprint (SHA1): 26:FC:87:7F:0A:BE:22:38:32:F0:7F:73:A7:3A:F3:CD:97:3C:C5:9F Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:12:16 2015 Not After : Tue May 19 06:12:16 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:54:30:5b:2b:f2:b0:91:1d:77:af:ec:79:d7:7d:33: b0:30:17:49:04:10:e9:d8:14:a3:dd:94:60:12:fa:e2: 26:9d:6c:5f:60:09:12:cf:61:68:6e:36:95:fe:df:5c: c7:b3:83:a2:31:83:15:0f:2a:9f:ee:38:65:37:58:78: 55:27:0f:0d:ae:59:75:b7:00:1a:35:d9:82:52:38:a5: 4c:ec:2a:de:34:bc:73:48:e0:2f:3f:a9:55:a7:8b:23: d7:7c:ce:ab:c3:7d:53:42:2f:da:57:1a:be:e1:4d:e1: 3e:3f:86:cb:82:02:0c:47:d6:a5:ad:5a:8d:d0:8d:f3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:0f:c6:dd:1b:a0:4a:09:69:c8:78:07:8a:e2:f5:09: a2:2d:29:8c:94:78:e6:df:b8:26:5e:a2:23:14:1a:e9: d9:88:84:bc:08:5a:ef:5d:c3:0e:a9:3f:32:71:64:39: 01:fc:f4:48:9a:04:2f:f5:cd:07:09:aa:fd:aa:18:fe: fc:68:60:2b:94:b7:82:bf:91:6b:f9:13:d9:3d:e7:e4: 7a:86:d1:9c:a0:2a:84:92:64:92:f7:e2:e6:3e:8e:00: 59:67:57:95:53:4b:41:a3:3b:af:30:2d:5b:5a:9d:51: 20:ea:2e:4f:15:cb:a2:41:40:45:43:b7:79:cc:39:f0 Fingerprint (SHA-256): B0:CE:8E:14:82:A0:93:A1:B6:15:F7:1C:91:59:3E:EB:84:43:7D:F3:B9:AB:B8:34:8F:AC:28:48:9F:3A:C6:F3 Fingerprint (SHA1): 24:F6:B0:92:FE:18:6D:3A:7D:AB:5C:45:A2:B7:29:FD:D9:10:C4:DD Friendly Name: Alice tools.sh: #2963: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #2964: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #2965: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #2966: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #2967: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #2968: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2969: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2970: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #2971: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #2972: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #2973: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Tue May 19 02:17:28 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Tue May 19 02:17:28 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #2974: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2975: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 1f440c0578f907559d6b23812f1ae591f2e82513 NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #2976: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #2977: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #2978: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #2979: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #2980: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #2981: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #2982: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2983: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #2984: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2985: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2986: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 1f440c0578f907559d6b23812f1ae591f2e82513 FIPS_PUB_140_Test_Certificate fips.sh: #2987: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #2988: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #2989: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #2990: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #2991: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 1f440c0578f907559d6b23812f1ae591f2e82513 FIPS_PUB_140_Test_Certificate fips.sh: #2992: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #2993: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #2994: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/fips/mangle dbtest -r -d ../fips fips.sh: #2995: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Tue May 19 02:18:32 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Tue May 19 02:18:32 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Tue May 19 02:18:32 EDT 2015 Running tests for ocsp TIMESTAMP ocsp BEGIN: Tue May 19 02:18:32 EDT 2015 ocsp.sh: OCSP tests =============================== TIMESTAMP ocsp END: Tue May 19 02:18:32 EDT 2015 Running tests for pkits TIMESTAMP pkits BEGIN: Tue May 19 02:18:32 EDT 2015 pkits.sh: PKITS data directory not defined, skipping. TIMESTAMP pkits END: Tue May 19 02:18:32 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Tue May 19 02:18:32 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #2996: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021833 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #2997: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #2998: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #2999: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #3000: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3001: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3002: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3003: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3004: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #3005: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3006: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3007: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3008: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3009: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #3010: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3011: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3012: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3013: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #3014: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #3015: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3016: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3017: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3018: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #3019: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3020: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3021: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3022: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #3023: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3024: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3025: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3026: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #3027: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3028: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3029: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3030: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #3031: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3032: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3033: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3034: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #3035: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3036: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3037: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3038: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #3039: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3040: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3041: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3042: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #3043: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3044: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3045: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3046: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #3047: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3048: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3049: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3050: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #3051: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3052: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3053: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3054: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #3055: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3056: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3057: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3058: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519061920Z nextupdate=20160519061920Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 06:19:20 2015 Next Update: Thu May 19 06:19:20 2016 CRL Extensions: chains.sh: #3059: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519061921Z addcert 2 20150519061921Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 06:19:21 2015 Next Update: Thu May 19 06:19:20 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:21 2015 CRL Extensions: chains.sh: #3060: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519061922Z nextupdate=20160519061922Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:19:22 2015 Next Update: Thu May 19 06:19:22 2016 CRL Extensions: chains.sh: #3061: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519061923Z addcert 2 20150519061923Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:19:23 2015 Next Update: Thu May 19 06:19:22 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:23 2015 CRL Extensions: chains.sh: #3062: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519061924Z addcert 4 20150519061924Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:19:24 2015 Next Update: Thu May 19 06:19:22 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:23 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Tue May 19 06:19:24 2015 CRL Extensions: chains.sh: #3063: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519061925Z nextupdate=20160519061925Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:19:25 2015 Next Update: Thu May 19 06:19:25 2016 CRL Extensions: chains.sh: #3064: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519061926Z addcert 2 20150519061926Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:19:26 2015 Next Update: Thu May 19 06:19:25 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:26 2015 CRL Extensions: chains.sh: #3065: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519061927Z addcert 3 20150519061927Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:19:27 2015 Next Update: Thu May 19 06:19:25 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:26 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 06:19:27 2015 CRL Extensions: chains.sh: #3066: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519061927Z nextupdate=20160519061927Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:19:27 2015 Next Update: Thu May 19 06:19:27 2016 CRL Extensions: chains.sh: #3067: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519061928Z addcert 2 20150519061928Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:19:28 2015 Next Update: Thu May 19 06:19:27 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:28 2015 CRL Extensions: chains.sh: #3068: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519061929Z addcert 3 20150519061929Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:19:29 2015 Next Update: Thu May 19 06:19:27 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:19:28 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 06:19:29 2015 CRL Extensions: chains.sh: #3069: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #3070: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #3071: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #3072: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3073: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3074: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3075: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #3076: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #3077: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #3078: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #3079: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #3080: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #3081: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #3082: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #3083: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #3084: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #3085: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #3086: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #3087: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #3088: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #3089: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #3090: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #3091: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #3092: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #3093: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Tue May 19 02:19:42 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:19:42 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:19:48 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3094: Waiting for Server - FAILED kill -0 18117 >/dev/null 2>/dev/null httpserv with PID 18117 found at Tue May 19 02:19:48 EDT 2015 httpserv with PID 18117 started at Tue May 19 02:19:48 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3095: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 18117 at Tue May 19 02:19:50 EDT 2015 kill -USR1 18117 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 18117 killed at Tue May 19 02:19:50 EDT 2015 httpserv starting at Tue May 19 02:19:50 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:19:50 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:19:56 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3096: Waiting for Server - FAILED kill -0 18203 >/dev/null 2>/dev/null httpserv with PID 18203 found at Tue May 19 02:19:56 EDT 2015 httpserv with PID 18203 started at Tue May 19 02:19:56 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3097: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 18203 at Tue May 19 02:19:57 EDT 2015 kill -USR1 18203 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 18203 killed at Tue May 19 02:19:58 EDT 2015 httpserv starting at Tue May 19 02:19:58 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:19:58 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:20:03 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3098: Waiting for Server - FAILED kill -0 18288 >/dev/null 2>/dev/null httpserv with PID 18288 found at Tue May 19 02:20:04 EDT 2015 httpserv with PID 18288 started at Tue May 19 02:20:04 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3099: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021834 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3100: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3101: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3102: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021835 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3103: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3104: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3105: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3106: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519021836 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3107: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3108: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519021837 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3109: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3110: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3111: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3112: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3113: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519021838 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3114: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3115: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3116: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3117: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3118: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021835 (0x1eefa50b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:20:08 2015 Not After : Tue May 19 06:20:08 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 94:5a:ff:36:80:b3:86:60:d2:70:6c:4f:5a:0f:d8:67: 13:ed:a6:4e:c3:4a:ba:5f:1a:61:e4:f8:eb:bb:d3:d9: 6a:b3:70:63:fc:ca:44:28:96:5c:a7:97:e3:27:14:d3: 27:c2:0f:0a:41:d2:97:d2:d2:d1:a4:04:e0:7b:78:02: 63:50:c1:44:d0:7a:25:ee:3a:06:52:70:85:b3:ee:2d: 2b:82:20:1e:80:ab:c5:4b:42:1f:f6:ec:46:61:3f:44: 52:c2:de:bf:5c:bc:93:61:e2:b7:e5:81:05:bc:89:24: 3f:57:dd:ce:8b:ff:d4:49:62:2a:45:2c:65:7c:96:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:1f:1b:79:04:92:fe:46:23:bf:7d:02:32:f8:57:8c: e0:32:b3:c3:d5:97:1f:2a:fe:1c:7d:8b:ac:f8:f5:d7: a6:5c:48:18:40:e8:4a:37:92:f4:5d:83:4e:20:61:a1: 27:fe:6e:fb:ed:c3:dc:b6:33:18:55:59:76:f4:f7:c5: 14:70:d5:d4:fa:4f:63:3a:b0:ea:75:ed:96:37:a8:52: 41:33:29:64:b9:a0:c5:ee:13:1f:12:3a:bf:cb:d9:45: 5e:6c:b4:d1:89:c0:a2:e2:89:ac:2c:81:f9:df:d0:ff: 85:71:47:bc:83:df:90:a3:8a:bd:7e:d1:97:70:d6:72 Fingerprint (SHA-256): 1B:98:77:67:AA:5B:BF:9C:97:E0:8F:AA:22:12:44:12:31:C6:79:5F:64:B3:E1:34:A9:58:BF:F3:54:7F:F8:9D Fingerprint (SHA1): 08:9B:71:74:B0:9C:7E:C0:2F:C1:F0:1F:2C:C7:70:B3:CD:21:91:D9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3119: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021834 (0x1eefa50a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:20:06 2015 Not After : Tue May 19 06:20:06 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:ce:3e:9e:9c:74:70:80:c6:0c:ae:ba:b6:c1:04: f2:6d:8a:95:3b:ad:cc:51:7d:19:3b:28:0f:95:dd:62: ee:08:8a:1b:99:4b:d7:0d:2d:34:0c:87:b9:9d:b5:ca: b7:03:b8:7d:c5:86:50:6f:4c:47:28:e6:9d:1f:ba:f3: 1a:96:39:38:76:81:da:dd:47:13:cf:b6:15:93:4d:92: 79:04:20:b8:8d:ed:68:da:d7:4b:c9:0b:32:0f:d2:c2: 76:4f:21:f4:59:8d:c1:0a:36:0c:a4:eb:bd:8f:eb:03: 0e:35:54:40:4b:03:6e:8d:d7:69:52:6e:69:87:33:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 63:42:f4:51:ab:26:66:cc:19:cc:d1:80:cd:5c:6e:89: f2:b0:30:59:71:bd:6b:4e:9a:7e:cd:bb:a7:00:69:1a: 19:fd:18:c9:34:9b:5e:23:19:0b:3f:b4:ea:fa:08:76: 4d:55:48:36:83:b8:90:3d:ed:a5:a9:22:99:81:3e:d8: cf:d7:f9:24:73:91:96:ef:a6:4b:96:35:f3:3c:57:46: 75:75:44:db:55:64:52:be:9f:79:c0:21:62:76:81:07: 0d:d9:c5:a3:b6:d4:a1:20:bc:85:af:42:3c:c3:a0:d4: d9:b8:13:19:e1:01:a0:4b:30:60:0f:cd:b0:97:e1:0d Fingerprint (SHA-256): 8E:27:6B:DE:1F:69:71:15:EB:E0:A9:12:1D:55:28:DB:EF:5F:6C:A9:AA:5A:8E:7B:BD:12:87:84:08:3D:51:35 Fingerprint (SHA1): 3B:96:6A:6C:67:21:7A:DA:CA:0A:6A:BA:B1:99:14:98:E9:00:CB:13 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3120: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3121: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3122: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3123: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021834 (0x1eefa50a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:20:06 2015 Not After : Tue May 19 06:20:06 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:ce:3e:9e:9c:74:70:80:c6:0c:ae:ba:b6:c1:04: f2:6d:8a:95:3b:ad:cc:51:7d:19:3b:28:0f:95:dd:62: ee:08:8a:1b:99:4b:d7:0d:2d:34:0c:87:b9:9d:b5:ca: b7:03:b8:7d:c5:86:50:6f:4c:47:28:e6:9d:1f:ba:f3: 1a:96:39:38:76:81:da:dd:47:13:cf:b6:15:93:4d:92: 79:04:20:b8:8d:ed:68:da:d7:4b:c9:0b:32:0f:d2:c2: 76:4f:21:f4:59:8d:c1:0a:36:0c:a4:eb:bd:8f:eb:03: 0e:35:54:40:4b:03:6e:8d:d7:69:52:6e:69:87:33:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 63:42:f4:51:ab:26:66:cc:19:cc:d1:80:cd:5c:6e:89: f2:b0:30:59:71:bd:6b:4e:9a:7e:cd:bb:a7:00:69:1a: 19:fd:18:c9:34:9b:5e:23:19:0b:3f:b4:ea:fa:08:76: 4d:55:48:36:83:b8:90:3d:ed:a5:a9:22:99:81:3e:d8: cf:d7:f9:24:73:91:96:ef:a6:4b:96:35:f3:3c:57:46: 75:75:44:db:55:64:52:be:9f:79:c0:21:62:76:81:07: 0d:d9:c5:a3:b6:d4:a1:20:bc:85:af:42:3c:c3:a0:d4: d9:b8:13:19:e1:01:a0:4b:30:60:0f:cd:b0:97:e1:0d Fingerprint (SHA-256): 8E:27:6B:DE:1F:69:71:15:EB:E0:A9:12:1D:55:28:DB:EF:5F:6C:A9:AA:5A:8E:7B:BD:12:87:84:08:3D:51:35 Fingerprint (SHA1): 3B:96:6A:6C:67:21:7A:DA:CA:0A:6A:BA:B1:99:14:98:E9:00:CB:13 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3124: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021835 (0x1eefa50b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:20:08 2015 Not After : Tue May 19 06:20:08 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 94:5a:ff:36:80:b3:86:60:d2:70:6c:4f:5a:0f:d8:67: 13:ed:a6:4e:c3:4a:ba:5f:1a:61:e4:f8:eb:bb:d3:d9: 6a:b3:70:63:fc:ca:44:28:96:5c:a7:97:e3:27:14:d3: 27:c2:0f:0a:41:d2:97:d2:d2:d1:a4:04:e0:7b:78:02: 63:50:c1:44:d0:7a:25:ee:3a:06:52:70:85:b3:ee:2d: 2b:82:20:1e:80:ab:c5:4b:42:1f:f6:ec:46:61:3f:44: 52:c2:de:bf:5c:bc:93:61:e2:b7:e5:81:05:bc:89:24: 3f:57:dd:ce:8b:ff:d4:49:62:2a:45:2c:65:7c:96:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:1f:1b:79:04:92:fe:46:23:bf:7d:02:32:f8:57:8c: e0:32:b3:c3:d5:97:1f:2a:fe:1c:7d:8b:ac:f8:f5:d7: a6:5c:48:18:40:e8:4a:37:92:f4:5d:83:4e:20:61:a1: 27:fe:6e:fb:ed:c3:dc:b6:33:18:55:59:76:f4:f7:c5: 14:70:d5:d4:fa:4f:63:3a:b0:ea:75:ed:96:37:a8:52: 41:33:29:64:b9:a0:c5:ee:13:1f:12:3a:bf:cb:d9:45: 5e:6c:b4:d1:89:c0:a2:e2:89:ac:2c:81:f9:df:d0:ff: 85:71:47:bc:83:df:90:a3:8a:bd:7e:d1:97:70:d6:72 Fingerprint (SHA-256): 1B:98:77:67:AA:5B:BF:9C:97:E0:8F:AA:22:12:44:12:31:C6:79:5F:64:B3:E1:34:A9:58:BF:F3:54:7F:F8:9D Fingerprint (SHA1): 08:9B:71:74:B0:9C:7E:C0:2F:C1:F0:1F:2C:C7:70:B3:CD:21:91:D9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3125: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3126: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3127: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3128: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3129: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3130: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021835 (0x1eefa50b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:20:08 2015 Not After : Tue May 19 06:20:08 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 94:5a:ff:36:80:b3:86:60:d2:70:6c:4f:5a:0f:d8:67: 13:ed:a6:4e:c3:4a:ba:5f:1a:61:e4:f8:eb:bb:d3:d9: 6a:b3:70:63:fc:ca:44:28:96:5c:a7:97:e3:27:14:d3: 27:c2:0f:0a:41:d2:97:d2:d2:d1:a4:04:e0:7b:78:02: 63:50:c1:44:d0:7a:25:ee:3a:06:52:70:85:b3:ee:2d: 2b:82:20:1e:80:ab:c5:4b:42:1f:f6:ec:46:61:3f:44: 52:c2:de:bf:5c:bc:93:61:e2:b7:e5:81:05:bc:89:24: 3f:57:dd:ce:8b:ff:d4:49:62:2a:45:2c:65:7c:96:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:1f:1b:79:04:92:fe:46:23:bf:7d:02:32:f8:57:8c: e0:32:b3:c3:d5:97:1f:2a:fe:1c:7d:8b:ac:f8:f5:d7: a6:5c:48:18:40:e8:4a:37:92:f4:5d:83:4e:20:61:a1: 27:fe:6e:fb:ed:c3:dc:b6:33:18:55:59:76:f4:f7:c5: 14:70:d5:d4:fa:4f:63:3a:b0:ea:75:ed:96:37:a8:52: 41:33:29:64:b9:a0:c5:ee:13:1f:12:3a:bf:cb:d9:45: 5e:6c:b4:d1:89:c0:a2:e2:89:ac:2c:81:f9:df:d0:ff: 85:71:47:bc:83:df:90:a3:8a:bd:7e:d1:97:70:d6:72 Fingerprint (SHA-256): 1B:98:77:67:AA:5B:BF:9C:97:E0:8F:AA:22:12:44:12:31:C6:79:5F:64:B3:E1:34:A9:58:BF:F3:54:7F:F8:9D Fingerprint (SHA1): 08:9B:71:74:B0:9C:7E:C0:2F:C1:F0:1F:2C:C7:70:B3:CD:21:91:D9 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3131: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021835 (0x1eefa50b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:20:08 2015 Not After : Tue May 19 06:20:08 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 94:5a:ff:36:80:b3:86:60:d2:70:6c:4f:5a:0f:d8:67: 13:ed:a6:4e:c3:4a:ba:5f:1a:61:e4:f8:eb:bb:d3:d9: 6a:b3:70:63:fc:ca:44:28:96:5c:a7:97:e3:27:14:d3: 27:c2:0f:0a:41:d2:97:d2:d2:d1:a4:04:e0:7b:78:02: 63:50:c1:44:d0:7a:25:ee:3a:06:52:70:85:b3:ee:2d: 2b:82:20:1e:80:ab:c5:4b:42:1f:f6:ec:46:61:3f:44: 52:c2:de:bf:5c:bc:93:61:e2:b7:e5:81:05:bc:89:24: 3f:57:dd:ce:8b:ff:d4:49:62:2a:45:2c:65:7c:96:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:1f:1b:79:04:92:fe:46:23:bf:7d:02:32:f8:57:8c: e0:32:b3:c3:d5:97:1f:2a:fe:1c:7d:8b:ac:f8:f5:d7: a6:5c:48:18:40:e8:4a:37:92:f4:5d:83:4e:20:61:a1: 27:fe:6e:fb:ed:c3:dc:b6:33:18:55:59:76:f4:f7:c5: 14:70:d5:d4:fa:4f:63:3a:b0:ea:75:ed:96:37:a8:52: 41:33:29:64:b9:a0:c5:ee:13:1f:12:3a:bf:cb:d9:45: 5e:6c:b4:d1:89:c0:a2:e2:89:ac:2c:81:f9:df:d0:ff: 85:71:47:bc:83:df:90:a3:8a:bd:7e:d1:97:70:d6:72 Fingerprint (SHA-256): 1B:98:77:67:AA:5B:BF:9C:97:E0:8F:AA:22:12:44:12:31:C6:79:5F:64:B3:E1:34:A9:58:BF:F3:54:7F:F8:9D Fingerprint (SHA1): 08:9B:71:74:B0:9C:7E:C0:2F:C1:F0:1F:2C:C7:70:B3:CD:21:91:D9 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3132: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3133: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3134: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3135: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3136: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3137: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021834 (0x1eefa50a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:20:06 2015 Not After : Tue May 19 06:20:06 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:ce:3e:9e:9c:74:70:80:c6:0c:ae:ba:b6:c1:04: f2:6d:8a:95:3b:ad:cc:51:7d:19:3b:28:0f:95:dd:62: ee:08:8a:1b:99:4b:d7:0d:2d:34:0c:87:b9:9d:b5:ca: b7:03:b8:7d:c5:86:50:6f:4c:47:28:e6:9d:1f:ba:f3: 1a:96:39:38:76:81:da:dd:47:13:cf:b6:15:93:4d:92: 79:04:20:b8:8d:ed:68:da:d7:4b:c9:0b:32:0f:d2:c2: 76:4f:21:f4:59:8d:c1:0a:36:0c:a4:eb:bd:8f:eb:03: 0e:35:54:40:4b:03:6e:8d:d7:69:52:6e:69:87:33:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 63:42:f4:51:ab:26:66:cc:19:cc:d1:80:cd:5c:6e:89: f2:b0:30:59:71:bd:6b:4e:9a:7e:cd:bb:a7:00:69:1a: 19:fd:18:c9:34:9b:5e:23:19:0b:3f:b4:ea:fa:08:76: 4d:55:48:36:83:b8:90:3d:ed:a5:a9:22:99:81:3e:d8: cf:d7:f9:24:73:91:96:ef:a6:4b:96:35:f3:3c:57:46: 75:75:44:db:55:64:52:be:9f:79:c0:21:62:76:81:07: 0d:d9:c5:a3:b6:d4:a1:20:bc:85:af:42:3c:c3:a0:d4: d9:b8:13:19:e1:01:a0:4b:30:60:0f:cd:b0:97:e1:0d Fingerprint (SHA-256): 8E:27:6B:DE:1F:69:71:15:EB:E0:A9:12:1D:55:28:DB:EF:5F:6C:A9:AA:5A:8E:7B:BD:12:87:84:08:3D:51:35 Fingerprint (SHA1): 3B:96:6A:6C:67:21:7A:DA:CA:0A:6A:BA:B1:99:14:98:E9:00:CB:13 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3138: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021834 (0x1eefa50a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:20:06 2015 Not After : Tue May 19 06:20:06 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:0d:ce:3e:9e:9c:74:70:80:c6:0c:ae:ba:b6:c1:04: f2:6d:8a:95:3b:ad:cc:51:7d:19:3b:28:0f:95:dd:62: ee:08:8a:1b:99:4b:d7:0d:2d:34:0c:87:b9:9d:b5:ca: b7:03:b8:7d:c5:86:50:6f:4c:47:28:e6:9d:1f:ba:f3: 1a:96:39:38:76:81:da:dd:47:13:cf:b6:15:93:4d:92: 79:04:20:b8:8d:ed:68:da:d7:4b:c9:0b:32:0f:d2:c2: 76:4f:21:f4:59:8d:c1:0a:36:0c:a4:eb:bd:8f:eb:03: 0e:35:54:40:4b:03:6e:8d:d7:69:52:6e:69:87:33:c5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 63:42:f4:51:ab:26:66:cc:19:cc:d1:80:cd:5c:6e:89: f2:b0:30:59:71:bd:6b:4e:9a:7e:cd:bb:a7:00:69:1a: 19:fd:18:c9:34:9b:5e:23:19:0b:3f:b4:ea:fa:08:76: 4d:55:48:36:83:b8:90:3d:ed:a5:a9:22:99:81:3e:d8: cf:d7:f9:24:73:91:96:ef:a6:4b:96:35:f3:3c:57:46: 75:75:44:db:55:64:52:be:9f:79:c0:21:62:76:81:07: 0d:d9:c5:a3:b6:d4:a1:20:bc:85:af:42:3c:c3:a0:d4: d9:b8:13:19:e1:01:a0:4b:30:60:0f:cd:b0:97:e1:0d Fingerprint (SHA-256): 8E:27:6B:DE:1F:69:71:15:EB:E0:A9:12:1D:55:28:DB:EF:5F:6C:A9:AA:5A:8E:7B:BD:12:87:84:08:3D:51:35 Fingerprint (SHA1): 3B:96:6A:6C:67:21:7A:DA:CA:0A:6A:BA:B1:99:14:98:E9:00:CB:13 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3139: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3140: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021839 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3141: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3142: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3143: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021840 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3144: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3145: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3146: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021841 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3147: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3148: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3149: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021842 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3150: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3151: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3152: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021843 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3153: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3154: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3155: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021844 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3156: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3157: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3158: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021845 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3159: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3160: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3161: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021846 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3162: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3163: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3164: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021847 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3165: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3166: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3167: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3168: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519021848 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3169: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3170: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519021849 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3171: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3172: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519021850 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3173: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3174: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3175: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3176: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3177: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519021851 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3178: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3179: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519021852 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3180: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3181: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519021853 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3182: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3183: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3184: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3185: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3186: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519021854 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3187: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3188: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519021855 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3189: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3190: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519021856 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3191: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3192: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #3193: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #3194: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3195: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519021857 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3196: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3197: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519021858 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3198: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3199: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519021859 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3200: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3201: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #3202: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3203: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3204: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519021860 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3205: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3206: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3207: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3208: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021861 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3209: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3210: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021839 (0x1eefa50f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 06:20:32 2015 Not After : Tue May 19 06:20:32 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:dc:32:3f:c0:55:7d:fa:4f:0f:4a:d6:e3:dc:4d:73: db:6c:c7:2b:a8:d0:a4:b6:72:d8:f6:f2:06:42:49:99: b1:f7:bc:68:43:6c:29:40:23:13:5c:12:4d:1a:1f:31: 50:d6:f5:c0:71:b2:ce:9b:5b:eb:3b:41:75:f2:c2:af: 0a:e2:5e:3c:fb:45:a6:dc:2e:3c:48:fe:9c:09:aa:c6: e2:1a:28:11:9d:00:6f:ec:91:2b:a1:98:c2:c6:0c:e2: 3b:4d:60:87:24:ff:3c:97:6c:03:ac:ca:41:f4:c8:6e: 69:22:ec:ad:fb:fa:26:a5:47:0e:1c:56:a2:82:0c:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 51:56:3e:aa:e1:9e:df:53:cf:ed:c8:32:90:28:47:2f: b0:5a:5b:a6:b6:0b:96:a3:2d:46:b7:f9:15:64:75:d4: 59:51:76:df:67:fa:06:55:95:12:ca:1b:03:7d:45:46: 32:90:be:a1:96:fc:64:0f:c5:d2:89:82:f5:e6:0f:37: 17:ea:e1:75:6d:6d:b1:95:fa:b9:45:e9:0a:5f:48:59: ae:5d:63:b6:93:a8:98:5a:1c:56:f6:c9:2b:68:8f:af: cc:ba:5f:14:c6:89:b7:37:a5:62:39:1b:ef:17:33:da: 09:ec:fa:1f:fd:da:b3:06:95:73:3a:70:d9:8b:c2:2e Fingerprint (SHA-256): 96:A8:A5:14:48:B4:B9:0D:F4:9D:5E:9C:3D:90:FF:4C:AD:3D:AF:14:77:FE:D6:C9:B8:6E:2B:44:63:76:32:33 Fingerprint (SHA1): 73:26:AD:95:C8:6E:0D:20:21:69:72:21:90:00:C1:20:B6:2E:11:5B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3211: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021840 (0x1eefa510) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 06:20:34 2015 Not After : Tue May 19 06:20:34 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:db:04:58:47:85:61:e2:15:d6:5f:4c:6c:7e:f9:7c: 43:cf:bc:6e:32:2d:cb:df:28:d8:46:8a:ec:5c:dd:f4: 27:19:f5:3b:fd:52:59:db:c0:ec:f5:17:66:4f:cf:15: bc:d8:a1:b6:70:ad:ed:2c:40:28:ec:24:1c:e2:61:51: 90:59:63:ff:63:6e:34:e9:64:f7:27:87:68:ed:71:71: 2e:b2:2d:06:4f:6f:0f:3f:b9:6e:b8:fe:04:8c:17:43: 5f:00:65:89:18:90:23:c2:d9:19:9f:be:c3:5e:20:54: f0:fa:4d:d7:46:e7:90:6c:56:07:a9:af:82:e4:f1:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:1f:d4:57:a7:9e:3f:b5:ea:2f:54:49:75:36:c4:d9: 21:fd:9e:5c:18:cf:dc:39:26:7c:f8:f3:40:f1:ac:ac: e9:88:cb:0c:38:5b:ad:97:d9:e3:c3:de:f4:20:74:0a: df:8d:38:77:e5:3a:ed:30:b4:34:c9:23:73:94:6c:11: 43:da:67:8e:d6:45:62:a6:e7:3f:36:68:53:8d:07:ea: 95:dd:25:93:37:87:7a:3d:d1:7f:be:e1:6d:97:cf:00: bd:a1:a7:1d:1f:a3:01:75:20:4e:b8:6e:ab:7e:d7:78: f4:c7:c3:a5:b0:6b:e3:92:ae:6c:d7:4b:ff:4a:c6:73 Fingerprint (SHA-256): 1F:F8:1A:C0:B6:F9:10:7C:0F:39:F4:98:E1:A8:F7:99:0C:C2:E0:B6:00:80:62:F9:84:F9:8C:FE:19:09:F0:8B Fingerprint (SHA1): 82:5D:DB:BC:AE:11:12:34:C9:F7:B8:CA:2C:DC:71:D3:44:C9:F2:45 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3212: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021841 (0x1eefa511) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 06:20:37 2015 Not After : Tue May 19 06:20:37 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:af:4c:28:12:5d:19:ff:a2:71:c4:30:9f:83:68:f2: 9a:27:1c:94:80:70:79:09:59:6f:78:c2:a4:a4:c1:7e: a4:c7:02:87:67:9d:95:bd:9c:1b:33:12:8d:86:60:b9: 91:3b:09:5f:33:03:75:b1:07:59:a7:ab:30:e7:0a:27: 71:32:96:7e:65:68:b3:d7:3c:1a:53:0f:de:db:70:ee: 2f:bb:46:42:27:f5:68:0f:96:3c:e6:fa:d9:0d:93:5a: 9b:a9:92:39:5d:13:fb:54:c1:8d:e3:bf:bf:0f:b2:d6: f3:81:2a:10:f9:95:83:e3:e6:f3:73:03:ea:8c:a2:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:65:61:68:55:73:cd:9e:87:40:1f:4b:f8:b8:2e:cc: 5e:06:ba:68:d0:5a:b7:25:e1:53:82:3a:ad:94:19:c6: 05:8c:ac:d8:1b:8b:1e:f9:8f:23:27:e8:fb:09:e7:97: 92:99:77:f1:92:1e:40:61:cd:50:fd:3a:7b:09:3c:fb: 1a:69:10:55:95:90:cf:44:7e:b1:45:11:f1:13:b6:46: 62:cb:3f:b0:13:69:cd:e9:36:d8:7e:df:59:b8:f6:7d: d7:2a:e7:f1:ee:39:e2:e3:05:04:f7:61:af:cc:3d:6c: 18:65:3e:e5:d0:4b:82:8f:30:81:28:6e:46:e7:b8:58 Fingerprint (SHA-256): 72:79:46:38:7A:42:D7:EA:98:3A:85:48:2F:0F:15:78:26:2B:2B:B0:C8:C0:40:60:FD:7C:62:40:0F:75:DF:87 Fingerprint (SHA1): BC:1B:DD:BE:9C:FE:22:1F:3D:B1:E5:A9:5D:B6:68:56:85:66:AE:73 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #3213: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021842 (0x1eefa512) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 06:20:39 2015 Not After : Tue May 19 06:20:39 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:35:22:68:33:5d:91:6c:50:fb:99:37:f7:bc:2f:a4: b6:b0:a2:79:66:7b:85:30:2e:45:95:80:96:5d:3f:ec: 3e:58:e4:b4:c5:cf:c1:50:c1:e4:2c:88:67:e4:f2:10: c3:b0:57:ad:9d:ae:6a:f8:f1:4c:32:39:e1:7a:ec:08: c3:93:b6:6e:08:6e:d0:bb:7b:df:24:a6:a6:ca:63:46: c5:fd:b7:65:40:e1:0d:fb:79:a5:b2:fc:1a:4a:9c:5c: 5d:29:77:70:8d:66:6f:23:51:d4:db:92:45:c1:b4:b6: 10:67:16:eb:8b:91:44:c4:26:f7:66:03:0e:75:08:f7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 07:89:7d:f7:72:6e:69:0c:c9:e4:6c:08:56:56:bf:06: 4c:01:b9:e3:0c:7b:14:28:d1:e1:2e:62:67:ce:0b:32: 92:85:3e:35:2d:3a:88:1c:22:de:c8:87:d1:f1:d4:47: 9b:bf:f7:99:ab:e4:21:4c:27:f1:1a:c1:e3:5b:37:aa: 11:34:25:4d:3a:d5:2f:12:ae:c7:70:ed:d3:1f:d5:62: 00:9e:35:21:bf:07:dc:f9:3d:49:8e:80:93:be:63:06: bf:3e:a1:da:5f:21:d5:e5:af:7c:56:79:9f:11:36:b3: 8b:66:e3:c0:e4:73:98:05:5c:a4:e1:54:2b:a4:13:98 Fingerprint (SHA-256): 33:9A:27:A3:93:83:A8:B2:14:11:C3:E7:44:F5:DC:B5:06:B1:4A:AF:8F:52:38:9B:25:5C:77:78:47:E0:CC:75 Fingerprint (SHA1): 87:1B:D4:C8:00:95:8D:25:FF:F6:B9:C9:18:35:D8:F9:7E:F1:DD:91 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3214: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021843 (0x1eefa513) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 06:20:42 2015 Not After : Tue May 19 06:20:42 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:ca:49:10:0a:86:f8:71:10:43:2a:e3:90:50:5e:d4: 49:8c:da:7d:57:f0:aa:a9:0f:71:f0:d2:14:ad:29:f4: 15:af:f3:62:12:88:a5:b6:c9:b2:4f:e0:25:48:6d:6f: ef:93:98:a6:d3:06:65:a0:24:90:b3:b5:55:07:1a:7f: 96:09:9f:33:1a:ee:d5:3d:aa:fb:cb:7b:4c:ed:87:01: f3:96:f0:6f:31:7d:1c:e7:82:a3:29:51:38:2e:01:ad: b1:32:fe:d2:19:53:0f:be:22:61:55:ff:88:aa:88:53: 32:af:e7:a9:e4:7e:cc:11:63:ed:fd:7d:b3:39:e3:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:44:93:1a:f2:81:64:9e:dc:60:42:aa:21:68:6e:62: 37:70:a3:8f:67:74:2c:b3:13:af:7e:77:18:98:82:9a: 86:fa:86:43:af:70:95:27:76:d8:e8:7d:87:2b:58:f4: 62:9e:38:a1:96:39:a3:1d:36:87:d4:13:f6:71:90:f3: 4a:e8:6b:80:80:2b:a5:92:e8:c6:91:cf:c3:5c:de:07: b5:fa:da:91:5b:d7:39:99:a7:cc:ae:94:7f:1a:bd:c8: 1c:5f:77:b9:8a:76:39:3c:11:ef:f3:f6:e3:8e:4c:38: 37:b6:2e:c2:51:0e:85:b9:b9:b5:c8:cb:97:c3:72:67 Fingerprint (SHA-256): C8:F4:F5:57:FD:53:33:90:BD:8A:B6:5B:C0:2F:43:20:D9:55:9E:9A:A2:10:C3:75:D0:D4:2C:AB:9A:64:B9:81 Fingerprint (SHA1): 15:F3:7D:D9:F5:22:0E:A6:4D:7E:CA:CD:3D:33:DC:7B:38:A5:9E:CF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3215: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021844 (0x1eefa514) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 06:20:45 2015 Not After : Tue May 19 06:20:45 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:73:e2:d2:49:a7:10:cf:66:0b:7c:7c:dd:eb:bd:82: 5a:91:14:71:e7:4c:83:3e:e0:ec:72:31:b9:cb:6f:98: 0f:71:fc:97:8d:53:85:b4:ef:52:5c:f3:db:57:07:64: 2c:29:2d:9c:5f:2a:ba:d7:6e:a4:ca:87:c7:0e:53:47: 1d:f2:d9:25:82:15:aa:e6:51:9e:da:3b:5e:f7:cd:66: 72:80:bf:5f:9f:5d:a7:41:45:0a:e3:dc:f1:27:c2:47: 30:3b:36:22:f1:ae:13:82:1a:7d:87:40:56:68:aa:f8: eb:7a:94:e8:c0:78:db:8f:d2:b4:5d:ae:05:6d:6a:47 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9d:f2:60:5d:af:3c:3f:6d:70:ab:91:ff:78:65:0f:47: fa:d0:ad:2f:67:f4:06:34:bc:23:7f:6b:3d:68:f0:94: c7:20:e6:03:3e:6e:8a:06:98:d7:8f:76:b9:ce:71:b7: 76:f1:b8:a6:f8:d5:39:22:a3:ac:0c:ed:87:60:69:4b: 3d:cb:50:a2:7d:b2:13:25:9d:7e:bd:3c:72:f3:ef:ee: ba:4b:de:d0:31:99:e5:0d:bf:c4:46:e2:8d:72:43:84: d3:b7:c3:8a:32:2d:9c:af:d9:6d:8b:15:08:00:7d:7f: 57:26:4a:8c:0b:83:ce:2f:db:79:f3:40:5e:80:f9:f4 Fingerprint (SHA-256): 10:C1:68:30:37:80:43:99:85:AF:9A:2A:17:FA:63:D1:0C:40:95:14:9A:3C:99:2C:25:F4:42:82:B3:90:45:87 Fingerprint (SHA1): E6:1F:06:A5:71:01:C2:5A:54:55:6D:07:B9:B3:9B:C1:7D:2A:33:2A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #3216: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021845 (0x1eefa515) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 06:20:47 2015 Not After : Tue May 19 06:20:47 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:06:a1:7e:25:07:b0:4b:4e:00:81:13:5e:6b:40:96: 1b:65:38:de:e4:69:76:d7:31:9b:4a:f3:72:8e:6b:c2: 59:0d:22:51:7e:6b:54:58:fd:41:14:27:3e:eb:98:b6: 54:7f:8f:cf:8e:1d:96:08:8e:3c:86:c6:46:51:7f:cb: a1:74:a5:4b:8a:d9:a4:bb:d7:84:d4:7e:69:27:a3:02: fb:95:b1:2f:f6:1c:5e:94:ec:70:e0:bf:2a:01:93:d4: 0d:9e:f3:c5:91:a5:4f:77:87:74:15:51:75:65:7e:ed: b5:c1:f5:5f:52:98:df:f1:7a:49:80:77:9d:a5:d2:67 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:36:b8:56:96:89:91:c3:5b:bd:d0:d8:68:bd:89:4f: 54:3e:86:d6:53:ec:22:a9:a6:7c:93:c6:0e:f7:9e:61: 74:55:28:01:bb:d8:b0:57:a7:75:4c:c7:6d:ef:a7:1e: 01:3c:ad:ee:64:8c:5a:10:e7:86:a2:cd:fd:f3:8f:14: 6e:e9:fc:1a:c4:fc:9c:b9:f8:1b:93:93:72:f3:34:d0: 2a:83:8c:0e:90:4e:96:e4:4c:71:f3:6c:aa:67:5e:85: 19:41:29:88:6e:65:3b:77:df:ea:2b:d5:b1:8b:a6:e2: b8:9a:32:e6:01:52:c9:48:31:a3:bd:64:1b:34:bd:5a Fingerprint (SHA-256): E4:D6:4C:3F:57:14:DC:DF:C5:3B:90:F5:9A:BF:C9:10:F6:DE:0F:29:4B:64:9E:17:A6:B3:EA:BC:35:92:C9:88 Fingerprint (SHA1): 1A:21:79:03:49:FD:AB:5C:2C:90:14:26:62:14:6A:D8:C0:B6:A0:7B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3217: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021846 (0x1eefa516) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 06:20:50 2015 Not After : Tue May 19 06:20:50 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:b9:b0:9a:b9:fa:5f:08:6b:97:d8:11:2f:b3:72:e8: af:ae:43:09:12:e9:6e:89:27:bd:cc:23:ec:76:68:76: dc:d4:0a:cc:a2:16:98:fc:26:a0:4b:97:4c:4d:14:a2: 41:e1:4f:b2:50:7a:2f:aa:88:7f:4c:10:9c:77:76:6c: 7a:3a:97:60:7a:2b:88:8f:eb:b4:59:7b:0c:c7:75:41: a0:b8:54:d8:36:17:74:7f:7f:2e:35:8b:a1:3b:1f:b1: 1b:20:ce:34:52:43:49:44:b7:4c:39:58:e1:0e:6e:c2: 7a:3e:90:20:8e:bf:d7:78:a3:02:32:97:f3:2f:e4:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 74:a8:31:33:85:52:b9:92:86:66:d6:f2:b3:50:79:f1: f0:07:04:76:8c:c5:a3:5d:b4:43:68:da:1e:ca:0f:9b: ef:38:53:6b:83:b2:43:be:18:2a:16:6c:39:a8:5b:a2: 16:12:54:76:da:e2:e6:31:99:fb:c3:9e:b1:ba:51:bb: c9:d1:cf:a3:0a:bc:10:b9:ff:7d:ef:89:c6:28:31:eb: 46:3c:56:7a:f4:1d:2d:d3:98:f2:6a:b4:d6:d1:d7:26: f0:cd:1a:7e:cc:56:92:c4:85:86:d8:fe:ea:74:ee:4b: bf:92:e8:3f:0f:1c:5c:51:b9:c3:99:3c:b6:2f:49:e0 Fingerprint (SHA-256): 03:43:4F:F2:66:34:37:59:EC:DC:C2:D7:06:8C:9F:12:CC:F2:13:5D:7E:16:35:DC:27:BE:5B:F6:34:BB:0B:68 Fingerprint (SHA1): 45:33:AC:60:DE:50:5F:B9:A6:E4:53:C0:55:4F:D9:19:41:B8:C6:9C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3218: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021847 (0x1eefa517) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 06:20:53 2015 Not After : Tue May 19 06:20:53 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:92:b3:62:f7:81:e2:bb:cd:dd:19:c6:64:7a:0a:96: d3:a0:1f:ba:a6:32:f9:7c:36:b4:f2:ba:6f:aa:81:60: 57:03:2a:35:6d:0c:37:83:cc:5a:97:42:9e:0c:2a:c7: 52:14:51:b4:f0:03:2c:6d:28:f7:e9:4f:60:20:fc:e1: 87:46:bf:1c:6b:94:e5:ab:73:1b:cf:ed:b2:e3:7a:b3: e1:7d:50:3f:55:69:47:bf:37:53:34:3e:58:b2:22:01: 1c:60:d2:c9:b9:90:21:73:70:90:39:bf:1f:32:f6:f8: 30:d8:fb:7c:12:88:dd:db:33:99:57:d8:e3:8f:68:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 23:54:51:ec:92:73:eb:04:51:b3:9a:7d:23:17:bd:15: 33:02:0c:a4:21:30:fe:97:f4:d0:58:3b:43:9f:75:d8: db:be:b1:87:a9:50:82:96:cb:f7:af:4f:a4:92:cb:76: cb:1f:66:ff:14:19:4d:b2:f8:59:7a:6d:28:a8:3a:94: d0:f5:c2:af:9a:5c:a5:e8:86:55:56:d1:81:64:71:49: b4:16:26:c5:b8:88:20:dd:cc:8c:05:25:db:26:95:36: 6a:39:e0:ed:f0:fc:2d:41:3d:8c:12:a4:bc:63:70:66: 92:30:9e:b6:85:fc:91:9c:24:5f:78:e4:73:81:bd:c7 Fingerprint (SHA-256): 8D:D5:53:EA:D1:F2:E2:F0:01:AF:27:2A:ED:04:1D:67:19:32:3D:53:D0:79:41:A6:79:6F:00:09:3D:67:01:A4 Fingerprint (SHA1): 88:CA:BE:29:52:D6:B8:51:C8:D0:87:47:11:02:68:C7:AF:6B:0B:AC Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #3219: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3220: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021862 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3221: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3222: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3223: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3224: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021863 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3225: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3226: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3227: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3228: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021864 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3229: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3230: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3231: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3232: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519021865 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3233: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3234: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3235: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021862 (0x1eefa526) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:31 2015 Not After : Tue May 19 06:21:31 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:6b:ae:eb:9b:fa:4a:23:a2:4b:90:0d:ca:cd:2e:e7: bc:ba:fa:83:8c:da:78:18:94:ec:e9:d3:d4:01:a9:51: ec:18:98:e4:06:a1:4f:7f:99:d9:f0:5b:b7:55:79:33: a3:b9:21:9a:fc:1a:c0:97:7f:9f:1f:73:d9:4c:b3:02: a2:74:03:91:1e:d7:b6:8a:64:33:aa:cc:bf:4b:09:1c: f3:77:a6:12:75:07:68:a6:4f:9a:26:4f:3e:e2:39:fd: 6a:7f:20:c4:88:29:f5:c2:dd:78:d8:aa:a2:df:8c:e3: 0d:28:a6:a2:e0:00:93:f5:c7:e7:70:80:ba:bd:97:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:c0:8c:73:f6:25:7e:d3:08:e9:36:31:1f:db:21:fb: 6e:9c:ea:f9:48:e2:a9:e0:88:5a:31:a6:d8:3c:96:d7: f1:ab:1a:54:85:e6:94:15:0f:9b:9d:38:65:47:df:4c: b9:0d:ff:2f:0f:1a:a3:64:e8:3a:e8:72:38:53:23:ae: ff:2d:94:43:a9:e4:6e:1d:41:3c:38:ac:c7:4f:6c:b4: d7:36:69:72:4d:38:e7:9b:a7:91:1d:a7:90:69:33:d7: aa:e0:00:8a:39:af:ce:6d:d2:1a:b8:a5:d9:88:14:74: 6e:2a:18:37:d7:d0:20:0b:6a:0b:30:72:e5:f2:2d:2e Fingerprint (SHA-256): 8E:F5:87:DD:33:04:71:54:E2:49:9C:54:55:17:4D:F9:4C:FD:89:C9:71:AA:8E:7D:B2:A7:08:30:D3:93:FF:99 Fingerprint (SHA1): CE:A0:23:B2:EE:AB:DD:A7:33:EC:68:03:B5:70:60:60:BF:D3:26:D2 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3236: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3237: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021863 (0x1eefa527) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:34 2015 Not After : Tue May 19 06:21:34 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:5c:9b:00:61:e7:54:7c:9b:0f:20:85:f4:a1:25:04: c7:fe:e5:0c:b1:07:36:8c:88:c2:45:a9:09:12:e8:d0: fc:ce:e7:93:48:bf:f9:52:08:92:c6:f2:8b:f2:6d:c9: 45:e1:7b:5d:72:5e:2b:80:cb:52:7f:a8:b1:4d:52:2f: 1a:13:3a:cc:70:77:41:67:9a:55:c2:1c:a2:9e:21:27: b6:9a:99:f5:36:5b:41:0d:32:46:85:6f:7e:b1:2e:86: d2:0a:b3:b2:93:90:72:fc:94:82:86:32:d9:48:6f:5b: 74:e8:fa:b0:96:97:02:7e:6b:b6:5f:09:51:61:e8:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:7b:09:a8:69:f5:d7:62:b6:c5:15:6d:0d:ae:4e:3f: 33:0a:44:47:16:bb:6c:63:77:03:b5:ac:f8:59:9b:c2: f0:1c:31:31:26:d2:7e:37:7d:83:b1:cc:09:9f:00:38: 76:1a:27:b1:a9:0c:c3:cb:a4:f4:df:aa:51:1e:87:0f: 85:c0:8f:aa:27:8b:10:f8:25:db:a7:4e:08:53:c6:8c: 15:de:4e:92:c7:cb:b1:97:00:9f:ab:fa:e5:29:33:e9: d5:c9:c1:43:64:16:5f:6d:32:73:7a:ce:f6:e6:e5:16: bd:53:14:86:1e:74:77:ab:30:e6:13:2b:41:6a:be:8d Fingerprint (SHA-256): 99:D5:B0:54:DA:29:67:04:EA:14:A4:0E:D1:40:19:7B:91:5C:A0:4C:BF:FF:DF:28:87:90:86:68:2C:21:F6:19 Fingerprint (SHA1): 0A:85:98:7B:90:FE:F2:87:1F:0B:23:6F:C7:C2:10:E4:6E:8B:5B:28 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3238: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3239: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021864 (0x1eefa528) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:21:38 2015 Not After : Tue May 19 06:21:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:5b:b4:34:0b:12:eb:b3:c8:ba:50:cd:5b:cd:15:27: 77:f5:b7:02:d7:4d:78:1f:be:e5:e4:8a:c6:4c:7a:81: a9:61:53:8f:0c:6d:b8:2f:16:76:65:1e:53:64:98:b0: ec:00:1d:30:fb:19:a5:ad:8c:a0:af:53:21:38:15:17: 03:2f:d7:30:24:31:cd:c1:79:93:3a:09:cb:e2:59:58: f4:4c:b9:73:92:ac:3a:f7:4b:12:63:d0:eb:04:aa:f7: 31:1b:8c:b7:b9:08:ed:3d:ee:df:54:4a:c5:d0:a7:e6: 6e:d5:65:ef:af:60:c2:36:af:37:27:8c:e8:ed:22:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:36:28:a7:8b:6b:f7:37:e1:da:13:ff:d3:e0:f8:98: ba:b6:f0:31:f9:f8:4e:50:d6:a9:31:be:75:19:62:67: 34:22:12:ce:b5:64:6f:c0:1b:4f:e7:07:b2:25:05:22: 2c:58:f5:b7:bc:aa:4b:85:0d:5a:ae:bf:d0:f9:33:65: 44:ab:6b:dc:cd:73:ae:65:79:4e:d6:43:55:86:30:8b: 04:f2:5f:75:10:5c:2e:41:17:e8:e4:30:f2:ab:12:18: f5:cf:82:aa:8a:5d:75:64:0d:dc:f7:a3:54:31:c0:a2: 4e:89:f6:f8:83:30:2d:d1:65:f1:b9:5e:6c:4f:0f:51 Fingerprint (SHA-256): 00:B6:DF:97:FA:9D:75:9B:63:98:77:84:58:A6:07:09:29:2A:C6:1E:40:A0:DE:21:12:2A:A6:57:D8:19:65:E8 Fingerprint (SHA1): BD:6F:7A:FF:2D:DE:62:F9:FA:ED:D2:BE:B7:E0:24:A0:6E:C9:DC:09 Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3240: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3241: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3242: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3243: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3244: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021862 (0x1eefa526) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:31 2015 Not After : Tue May 19 06:21:31 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:6b:ae:eb:9b:fa:4a:23:a2:4b:90:0d:ca:cd:2e:e7: bc:ba:fa:83:8c:da:78:18:94:ec:e9:d3:d4:01:a9:51: ec:18:98:e4:06:a1:4f:7f:99:d9:f0:5b:b7:55:79:33: a3:b9:21:9a:fc:1a:c0:97:7f:9f:1f:73:d9:4c:b3:02: a2:74:03:91:1e:d7:b6:8a:64:33:aa:cc:bf:4b:09:1c: f3:77:a6:12:75:07:68:a6:4f:9a:26:4f:3e:e2:39:fd: 6a:7f:20:c4:88:29:f5:c2:dd:78:d8:aa:a2:df:8c:e3: 0d:28:a6:a2:e0:00:93:f5:c7:e7:70:80:ba:bd:97:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:c0:8c:73:f6:25:7e:d3:08:e9:36:31:1f:db:21:fb: 6e:9c:ea:f9:48:e2:a9:e0:88:5a:31:a6:d8:3c:96:d7: f1:ab:1a:54:85:e6:94:15:0f:9b:9d:38:65:47:df:4c: b9:0d:ff:2f:0f:1a:a3:64:e8:3a:e8:72:38:53:23:ae: ff:2d:94:43:a9:e4:6e:1d:41:3c:38:ac:c7:4f:6c:b4: d7:36:69:72:4d:38:e7:9b:a7:91:1d:a7:90:69:33:d7: aa:e0:00:8a:39:af:ce:6d:d2:1a:b8:a5:d9:88:14:74: 6e:2a:18:37:d7:d0:20:0b:6a:0b:30:72:e5:f2:2d:2e Fingerprint (SHA-256): 8E:F5:87:DD:33:04:71:54:E2:49:9C:54:55:17:4D:F9:4C:FD:89:C9:71:AA:8E:7D:B2:A7:08:30:D3:93:FF:99 Fingerprint (SHA1): CE:A0:23:B2:EE:AB:DD:A7:33:EC:68:03:B5:70:60:60:BF:D3:26:D2 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3245: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3246: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021863 (0x1eefa527) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:34 2015 Not After : Tue May 19 06:21:34 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:5c:9b:00:61:e7:54:7c:9b:0f:20:85:f4:a1:25:04: c7:fe:e5:0c:b1:07:36:8c:88:c2:45:a9:09:12:e8:d0: fc:ce:e7:93:48:bf:f9:52:08:92:c6:f2:8b:f2:6d:c9: 45:e1:7b:5d:72:5e:2b:80:cb:52:7f:a8:b1:4d:52:2f: 1a:13:3a:cc:70:77:41:67:9a:55:c2:1c:a2:9e:21:27: b6:9a:99:f5:36:5b:41:0d:32:46:85:6f:7e:b1:2e:86: d2:0a:b3:b2:93:90:72:fc:94:82:86:32:d9:48:6f:5b: 74:e8:fa:b0:96:97:02:7e:6b:b6:5f:09:51:61:e8:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:7b:09:a8:69:f5:d7:62:b6:c5:15:6d:0d:ae:4e:3f: 33:0a:44:47:16:bb:6c:63:77:03:b5:ac:f8:59:9b:c2: f0:1c:31:31:26:d2:7e:37:7d:83:b1:cc:09:9f:00:38: 76:1a:27:b1:a9:0c:c3:cb:a4:f4:df:aa:51:1e:87:0f: 85:c0:8f:aa:27:8b:10:f8:25:db:a7:4e:08:53:c6:8c: 15:de:4e:92:c7:cb:b1:97:00:9f:ab:fa:e5:29:33:e9: d5:c9:c1:43:64:16:5f:6d:32:73:7a:ce:f6:e6:e5:16: bd:53:14:86:1e:74:77:ab:30:e6:13:2b:41:6a:be:8d Fingerprint (SHA-256): 99:D5:B0:54:DA:29:67:04:EA:14:A4:0E:D1:40:19:7B:91:5C:A0:4C:BF:FF:DF:28:87:90:86:68:2C:21:F6:19 Fingerprint (SHA1): 0A:85:98:7B:90:FE:F2:87:1F:0B:23:6F:C7:C2:10:E4:6E:8B:5B:28 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3247: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3248: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021864 (0x1eefa528) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:21:38 2015 Not After : Tue May 19 06:21:38 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:5b:b4:34:0b:12:eb:b3:c8:ba:50:cd:5b:cd:15:27: 77:f5:b7:02:d7:4d:78:1f:be:e5:e4:8a:c6:4c:7a:81: a9:61:53:8f:0c:6d:b8:2f:16:76:65:1e:53:64:98:b0: ec:00:1d:30:fb:19:a5:ad:8c:a0:af:53:21:38:15:17: 03:2f:d7:30:24:31:cd:c1:79:93:3a:09:cb:e2:59:58: f4:4c:b9:73:92:ac:3a:f7:4b:12:63:d0:eb:04:aa:f7: 31:1b:8c:b7:b9:08:ed:3d:ee:df:54:4a:c5:d0:a7:e6: 6e:d5:65:ef:af:60:c2:36:af:37:27:8c:e8:ed:22:5f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:36:28:a7:8b:6b:f7:37:e1:da:13:ff:d3:e0:f8:98: ba:b6:f0:31:f9:f8:4e:50:d6:a9:31:be:75:19:62:67: 34:22:12:ce:b5:64:6f:c0:1b:4f:e7:07:b2:25:05:22: 2c:58:f5:b7:bc:aa:4b:85:0d:5a:ae:bf:d0:f9:33:65: 44:ab:6b:dc:cd:73:ae:65:79:4e:d6:43:55:86:30:8b: 04:f2:5f:75:10:5c:2e:41:17:e8:e4:30:f2:ab:12:18: f5:cf:82:aa:8a:5d:75:64:0d:dc:f7:a3:54:31:c0:a2: 4e:89:f6:f8:83:30:2d:d1:65:f1:b9:5e:6c:4f:0f:51 Fingerprint (SHA-256): 00:B6:DF:97:FA:9D:75:9B:63:98:77:84:58:A6:07:09:29:2A:C6:1E:40:A0:DE:21:12:2A:A6:57:D8:19:65:E8 Fingerprint (SHA1): BD:6F:7A:FF:2D:DE:62:F9:FA:ED:D2:BE:B7:E0:24:A0:6E:C9:DC:09 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3249: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3250: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3251: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021866 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3252: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3253: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3254: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3255: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021867 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3256: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3257: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3258: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3259: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021868 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3260: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3261: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3262: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3263: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519021869 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3264: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3265: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3266: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3267: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519021870 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3268: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3269: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3270: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021866 (0x1eefa52a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:54 2015 Not After : Tue May 19 06:21:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:20:6f:f2:80:1b:97:ec:0e:af:29:b9:8e:cc:5d:ff: c9:d6:b1:6d:2c:88:a2:5b:8b:d9:c8:06:de:a2:d4:da: 43:5b:ea:ad:6f:22:36:0d:e5:c7:f1:9a:45:96:7d:26: 3f:bd:2f:13:7f:45:fd:f4:f0:79:ba:71:da:04:41:f2: 8e:cc:bd:1b:f8:67:1f:21:02:13:f5:3b:c8:a8:b9:9f: 9c:17:ea:4b:1e:38:ed:e9:28:5f:0e:7e:db:b9:8f:1b: 0a:2c:13:c7:11:70:3c:8e:3a:da:00:34:84:6d:36:c1: 6b:cb:62:d4:f1:ff:0b:ab:24:a3:6a:e9:33:96:7c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:f9:25:cd:f2:d0:d6:a0:e1:09:d7:63:e7:2b:d4:78: 5d:64:10:ca:63:15:9b:e5:e0:34:11:6f:de:4c:88:cb: d8:98:6a:22:17:40:55:53:20:6e:54:bf:9e:96:5f:ec: b5:5d:f8:ab:3f:0a:77:91:9f:fb:dc:84:3c:95:d4:51: 57:27:fc:d5:8c:2d:94:ce:0e:f1:46:b6:80:f4:5e:15: 32:b1:32:c9:be:8b:88:2a:48:03:e2:72:5c:b0:05:a9: c0:28:4b:7c:21:88:04:04:d5:d8:61:6d:34:98:35:06: fa:88:9a:ed:33:0d:5c:01:d2:97:12:12:1f:e2:cd:4b Fingerprint (SHA-256): 41:3C:EB:7D:91:5E:3D:D4:98:2E:B7:50:16:B0:17:64:85:72:1F:B1:59:3C:C2:CE:DA:EA:92:83:EF:EA:BB:2B Fingerprint (SHA1): AE:CE:B0:F3:E7:EA:B6:B7:C1:D9:0E:13:DD:51:DA:19:FC:F8:1A:92 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3271: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3272: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021867 (0x1eefa52b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:57 2015 Not After : Tue May 19 06:21:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:9f:d2:c5:69:20:78:fa:dc:dc:3a:09:a9:9b:1f:94: 24:33:79:4d:18:f6:26:66:0e:3c:dd:cd:6a:30:42:8d: 2a:68:8a:5b:8f:c4:ca:94:e2:88:2c:9f:31:05:87:85: 7a:77:99:b8:a0:64:ee:2b:f3:24:45:5f:06:d8:e2:5f: b5:33:c9:08:a0:b2:f8:4b:59:a4:e8:b4:b3:33:f4:1d: 11:6f:f5:a6:2e:a0:56:23:20:05:76:d6:f9:14:b2:0a: 52:14:3c:d2:90:e8:a6:ab:66:41:0c:53:8e:b2:71:5c: 1b:fe:05:4b:6a:fc:54:68:da:03:7d:5e:c8:19:4f:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8d:02:e9:d5:da:01:6e:fd:3b:84:f1:a4:37:5e:9e:0a: f3:a4:73:3b:31:d9:a6:e5:f0:ab:81:9e:d6:54:7d:f3: a1:bd:8c:00:5b:a7:78:31:f7:5d:c9:ba:bb:01:77:95: 46:0b:bd:b0:b2:6c:1e:72:b2:87:ac:80:d7:79:01:0c: 27:60:40:c0:2c:41:44:e5:12:80:e2:a3:06:8e:40:8c: 3e:ba:b8:eb:60:10:c1:c8:76:5b:58:8d:60:57:bf:3f: cf:d5:51:e7:9d:99:6d:fb:9d:fd:b1:6c:b6:c8:4c:d2: f7:e4:ae:20:e0:d5:af:d2:67:30:45:65:9c:18:37:dd Fingerprint (SHA-256): 83:09:A0:BD:24:9E:8C:92:B0:EE:5F:FC:0B:EE:CC:26:62:12:B4:D8:01:71:E4:29:F8:64:99:33:3B:71:20:F5 Fingerprint (SHA1): 9A:72:AB:81:88:31:A2:74:24:B1:75:A5:54:51:97:5D:8F:98:A9:A1 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3273: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3274: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021868 (0x1eefa52c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:22:01 2015 Not After : Tue May 19 06:22:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:cc:ce:2f:76:e4:50:b2:5a:81:d0:64:f8:c0:e0:c9: 47:d9:d1:f3:82:ac:7c:c6:46:0f:21:94:b3:6f:82:8a: 43:e2:11:df:c5:84:54:54:54:4c:d5:9d:c9:18:62:e5: f7:f5:8a:e3:c6:72:54:e6:a1:88:38:c5:ab:d1:34:bf: e5:12:32:6c:62:70:2a:6f:2f:67:e3:99:e1:c8:c0:91: b1:24:07:bd:18:53:09:df:d3:89:98:9e:79:82:cf:29: de:4d:cc:52:7c:f7:0f:3a:97:c8:ec:75:88:e3:16:5f: 2a:93:b9:4f:8e:6d:f8:ef:74:8e:61:e5:47:0d:74:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:c2:28:0a:d0:50:4d:2e:9d:f0:fb:ec:56:af:a1:3c: ea:47:f5:70:d1:32:04:6a:d4:56:75:76:0e:de:c5:56: b9:cd:94:e6:3d:f1:da:4a:47:76:45:7c:33:94:88:4d: 88:d7:22:88:d8:77:96:7b:99:e6:b4:ea:4b:db:44:ae: cb:ed:bd:2d:7b:34:cb:c0:e5:b0:b5:19:1a:c1:8f:fd: 82:76:42:b6:f5:c6:58:57:b9:ac:d1:90:bf:62:12:ae: c8:37:89:29:6c:ab:9e:5b:e7:8b:59:02:a1:13:ab:dd: c5:cd:1c:2f:43:69:c8:ad:a6:99:60:9d:93:21:29:68 Fingerprint (SHA-256): 7E:37:76:32:6D:86:E5:E4:DD:C3:22:62:6C:A5:14:DD:C2:B9:4F:A7:96:2D:C7:34:60:4B:B7:67:4D:A8:D6:18 Fingerprint (SHA1): 9A:A3:08:57:34:B6:73:EA:C0:48:62:03:8C:6D:D5:26:D8:32:4F:9A Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3275: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3276: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3277: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3278: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3279: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021866 (0x1eefa52a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:54 2015 Not After : Tue May 19 06:21:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:20:6f:f2:80:1b:97:ec:0e:af:29:b9:8e:cc:5d:ff: c9:d6:b1:6d:2c:88:a2:5b:8b:d9:c8:06:de:a2:d4:da: 43:5b:ea:ad:6f:22:36:0d:e5:c7:f1:9a:45:96:7d:26: 3f:bd:2f:13:7f:45:fd:f4:f0:79:ba:71:da:04:41:f2: 8e:cc:bd:1b:f8:67:1f:21:02:13:f5:3b:c8:a8:b9:9f: 9c:17:ea:4b:1e:38:ed:e9:28:5f:0e:7e:db:b9:8f:1b: 0a:2c:13:c7:11:70:3c:8e:3a:da:00:34:84:6d:36:c1: 6b:cb:62:d4:f1:ff:0b:ab:24:a3:6a:e9:33:96:7c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:f9:25:cd:f2:d0:d6:a0:e1:09:d7:63:e7:2b:d4:78: 5d:64:10:ca:63:15:9b:e5:e0:34:11:6f:de:4c:88:cb: d8:98:6a:22:17:40:55:53:20:6e:54:bf:9e:96:5f:ec: b5:5d:f8:ab:3f:0a:77:91:9f:fb:dc:84:3c:95:d4:51: 57:27:fc:d5:8c:2d:94:ce:0e:f1:46:b6:80:f4:5e:15: 32:b1:32:c9:be:8b:88:2a:48:03:e2:72:5c:b0:05:a9: c0:28:4b:7c:21:88:04:04:d5:d8:61:6d:34:98:35:06: fa:88:9a:ed:33:0d:5c:01:d2:97:12:12:1f:e2:cd:4b Fingerprint (SHA-256): 41:3C:EB:7D:91:5E:3D:D4:98:2E:B7:50:16:B0:17:64:85:72:1F:B1:59:3C:C2:CE:DA:EA:92:83:EF:EA:BB:2B Fingerprint (SHA1): AE:CE:B0:F3:E7:EA:B6:B7:C1:D9:0E:13:DD:51:DA:19:FC:F8:1A:92 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3280: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3281: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021867 (0x1eefa52b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:57 2015 Not After : Tue May 19 06:21:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:9f:d2:c5:69:20:78:fa:dc:dc:3a:09:a9:9b:1f:94: 24:33:79:4d:18:f6:26:66:0e:3c:dd:cd:6a:30:42:8d: 2a:68:8a:5b:8f:c4:ca:94:e2:88:2c:9f:31:05:87:85: 7a:77:99:b8:a0:64:ee:2b:f3:24:45:5f:06:d8:e2:5f: b5:33:c9:08:a0:b2:f8:4b:59:a4:e8:b4:b3:33:f4:1d: 11:6f:f5:a6:2e:a0:56:23:20:05:76:d6:f9:14:b2:0a: 52:14:3c:d2:90:e8:a6:ab:66:41:0c:53:8e:b2:71:5c: 1b:fe:05:4b:6a:fc:54:68:da:03:7d:5e:c8:19:4f:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8d:02:e9:d5:da:01:6e:fd:3b:84:f1:a4:37:5e:9e:0a: f3:a4:73:3b:31:d9:a6:e5:f0:ab:81:9e:d6:54:7d:f3: a1:bd:8c:00:5b:a7:78:31:f7:5d:c9:ba:bb:01:77:95: 46:0b:bd:b0:b2:6c:1e:72:b2:87:ac:80:d7:79:01:0c: 27:60:40:c0:2c:41:44:e5:12:80:e2:a3:06:8e:40:8c: 3e:ba:b8:eb:60:10:c1:c8:76:5b:58:8d:60:57:bf:3f: cf:d5:51:e7:9d:99:6d:fb:9d:fd:b1:6c:b6:c8:4c:d2: f7:e4:ae:20:e0:d5:af:d2:67:30:45:65:9c:18:37:dd Fingerprint (SHA-256): 83:09:A0:BD:24:9E:8C:92:B0:EE:5F:FC:0B:EE:CC:26:62:12:B4:D8:01:71:E4:29:F8:64:99:33:3B:71:20:F5 Fingerprint (SHA1): 9A:72:AB:81:88:31:A2:74:24:B1:75:A5:54:51:97:5D:8F:98:A9:A1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3282: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3283: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021868 (0x1eefa52c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:22:01 2015 Not After : Tue May 19 06:22:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:cc:ce:2f:76:e4:50:b2:5a:81:d0:64:f8:c0:e0:c9: 47:d9:d1:f3:82:ac:7c:c6:46:0f:21:94:b3:6f:82:8a: 43:e2:11:df:c5:84:54:54:54:4c:d5:9d:c9:18:62:e5: f7:f5:8a:e3:c6:72:54:e6:a1:88:38:c5:ab:d1:34:bf: e5:12:32:6c:62:70:2a:6f:2f:67:e3:99:e1:c8:c0:91: b1:24:07:bd:18:53:09:df:d3:89:98:9e:79:82:cf:29: de:4d:cc:52:7c:f7:0f:3a:97:c8:ec:75:88:e3:16:5f: 2a:93:b9:4f:8e:6d:f8:ef:74:8e:61:e5:47:0d:74:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:c2:28:0a:d0:50:4d:2e:9d:f0:fb:ec:56:af:a1:3c: ea:47:f5:70:d1:32:04:6a:d4:56:75:76:0e:de:c5:56: b9:cd:94:e6:3d:f1:da:4a:47:76:45:7c:33:94:88:4d: 88:d7:22:88:d8:77:96:7b:99:e6:b4:ea:4b:db:44:ae: cb:ed:bd:2d:7b:34:cb:c0:e5:b0:b5:19:1a:c1:8f:fd: 82:76:42:b6:f5:c6:58:57:b9:ac:d1:90:bf:62:12:ae: c8:37:89:29:6c:ab:9e:5b:e7:8b:59:02:a1:13:ab:dd: c5:cd:1c:2f:43:69:c8:ad:a6:99:60:9d:93:21:29:68 Fingerprint (SHA-256): 7E:37:76:32:6D:86:E5:E4:DD:C3:22:62:6C:A5:14:DD:C2:B9:4F:A7:96:2D:C7:34:60:4B:B7:67:4D:A8:D6:18 Fingerprint (SHA1): 9A:A3:08:57:34:B6:73:EA:C0:48:62:03:8C:6D:D5:26:D8:32:4F:9A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #3284: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3285: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021866 (0x1eefa52a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:54 2015 Not After : Tue May 19 06:21:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:20:6f:f2:80:1b:97:ec:0e:af:29:b9:8e:cc:5d:ff: c9:d6:b1:6d:2c:88:a2:5b:8b:d9:c8:06:de:a2:d4:da: 43:5b:ea:ad:6f:22:36:0d:e5:c7:f1:9a:45:96:7d:26: 3f:bd:2f:13:7f:45:fd:f4:f0:79:ba:71:da:04:41:f2: 8e:cc:bd:1b:f8:67:1f:21:02:13:f5:3b:c8:a8:b9:9f: 9c:17:ea:4b:1e:38:ed:e9:28:5f:0e:7e:db:b9:8f:1b: 0a:2c:13:c7:11:70:3c:8e:3a:da:00:34:84:6d:36:c1: 6b:cb:62:d4:f1:ff:0b:ab:24:a3:6a:e9:33:96:7c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:f9:25:cd:f2:d0:d6:a0:e1:09:d7:63:e7:2b:d4:78: 5d:64:10:ca:63:15:9b:e5:e0:34:11:6f:de:4c:88:cb: d8:98:6a:22:17:40:55:53:20:6e:54:bf:9e:96:5f:ec: b5:5d:f8:ab:3f:0a:77:91:9f:fb:dc:84:3c:95:d4:51: 57:27:fc:d5:8c:2d:94:ce:0e:f1:46:b6:80:f4:5e:15: 32:b1:32:c9:be:8b:88:2a:48:03:e2:72:5c:b0:05:a9: c0:28:4b:7c:21:88:04:04:d5:d8:61:6d:34:98:35:06: fa:88:9a:ed:33:0d:5c:01:d2:97:12:12:1f:e2:cd:4b Fingerprint (SHA-256): 41:3C:EB:7D:91:5E:3D:D4:98:2E:B7:50:16:B0:17:64:85:72:1F:B1:59:3C:C2:CE:DA:EA:92:83:EF:EA:BB:2B Fingerprint (SHA1): AE:CE:B0:F3:E7:EA:B6:B7:C1:D9:0E:13:DD:51:DA:19:FC:F8:1A:92 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3286: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021866 (0x1eefa52a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:54 2015 Not After : Tue May 19 06:21:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:20:6f:f2:80:1b:97:ec:0e:af:29:b9:8e:cc:5d:ff: c9:d6:b1:6d:2c:88:a2:5b:8b:d9:c8:06:de:a2:d4:da: 43:5b:ea:ad:6f:22:36:0d:e5:c7:f1:9a:45:96:7d:26: 3f:bd:2f:13:7f:45:fd:f4:f0:79:ba:71:da:04:41:f2: 8e:cc:bd:1b:f8:67:1f:21:02:13:f5:3b:c8:a8:b9:9f: 9c:17:ea:4b:1e:38:ed:e9:28:5f:0e:7e:db:b9:8f:1b: 0a:2c:13:c7:11:70:3c:8e:3a:da:00:34:84:6d:36:c1: 6b:cb:62:d4:f1:ff:0b:ab:24:a3:6a:e9:33:96:7c:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6c:f9:25:cd:f2:d0:d6:a0:e1:09:d7:63:e7:2b:d4:78: 5d:64:10:ca:63:15:9b:e5:e0:34:11:6f:de:4c:88:cb: d8:98:6a:22:17:40:55:53:20:6e:54:bf:9e:96:5f:ec: b5:5d:f8:ab:3f:0a:77:91:9f:fb:dc:84:3c:95:d4:51: 57:27:fc:d5:8c:2d:94:ce:0e:f1:46:b6:80:f4:5e:15: 32:b1:32:c9:be:8b:88:2a:48:03:e2:72:5c:b0:05:a9: c0:28:4b:7c:21:88:04:04:d5:d8:61:6d:34:98:35:06: fa:88:9a:ed:33:0d:5c:01:d2:97:12:12:1f:e2:cd:4b Fingerprint (SHA-256): 41:3C:EB:7D:91:5E:3D:D4:98:2E:B7:50:16:B0:17:64:85:72:1F:B1:59:3C:C2:CE:DA:EA:92:83:EF:EA:BB:2B Fingerprint (SHA1): AE:CE:B0:F3:E7:EA:B6:B7:C1:D9:0E:13:DD:51:DA:19:FC:F8:1A:92 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3287: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021867 (0x1eefa52b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:57 2015 Not After : Tue May 19 06:21:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:9f:d2:c5:69:20:78:fa:dc:dc:3a:09:a9:9b:1f:94: 24:33:79:4d:18:f6:26:66:0e:3c:dd:cd:6a:30:42:8d: 2a:68:8a:5b:8f:c4:ca:94:e2:88:2c:9f:31:05:87:85: 7a:77:99:b8:a0:64:ee:2b:f3:24:45:5f:06:d8:e2:5f: b5:33:c9:08:a0:b2:f8:4b:59:a4:e8:b4:b3:33:f4:1d: 11:6f:f5:a6:2e:a0:56:23:20:05:76:d6:f9:14:b2:0a: 52:14:3c:d2:90:e8:a6:ab:66:41:0c:53:8e:b2:71:5c: 1b:fe:05:4b:6a:fc:54:68:da:03:7d:5e:c8:19:4f:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8d:02:e9:d5:da:01:6e:fd:3b:84:f1:a4:37:5e:9e:0a: f3:a4:73:3b:31:d9:a6:e5:f0:ab:81:9e:d6:54:7d:f3: a1:bd:8c:00:5b:a7:78:31:f7:5d:c9:ba:bb:01:77:95: 46:0b:bd:b0:b2:6c:1e:72:b2:87:ac:80:d7:79:01:0c: 27:60:40:c0:2c:41:44:e5:12:80:e2:a3:06:8e:40:8c: 3e:ba:b8:eb:60:10:c1:c8:76:5b:58:8d:60:57:bf:3f: cf:d5:51:e7:9d:99:6d:fb:9d:fd:b1:6c:b6:c8:4c:d2: f7:e4:ae:20:e0:d5:af:d2:67:30:45:65:9c:18:37:dd Fingerprint (SHA-256): 83:09:A0:BD:24:9E:8C:92:B0:EE:5F:FC:0B:EE:CC:26:62:12:B4:D8:01:71:E4:29:F8:64:99:33:3B:71:20:F5 Fingerprint (SHA1): 9A:72:AB:81:88:31:A2:74:24:B1:75:A5:54:51:97:5D:8F:98:A9:A1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3288: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021867 (0x1eefa52b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:21:57 2015 Not After : Tue May 19 06:21:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:9f:d2:c5:69:20:78:fa:dc:dc:3a:09:a9:9b:1f:94: 24:33:79:4d:18:f6:26:66:0e:3c:dd:cd:6a:30:42:8d: 2a:68:8a:5b:8f:c4:ca:94:e2:88:2c:9f:31:05:87:85: 7a:77:99:b8:a0:64:ee:2b:f3:24:45:5f:06:d8:e2:5f: b5:33:c9:08:a0:b2:f8:4b:59:a4:e8:b4:b3:33:f4:1d: 11:6f:f5:a6:2e:a0:56:23:20:05:76:d6:f9:14:b2:0a: 52:14:3c:d2:90:e8:a6:ab:66:41:0c:53:8e:b2:71:5c: 1b:fe:05:4b:6a:fc:54:68:da:03:7d:5e:c8:19:4f:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8d:02:e9:d5:da:01:6e:fd:3b:84:f1:a4:37:5e:9e:0a: f3:a4:73:3b:31:d9:a6:e5:f0:ab:81:9e:d6:54:7d:f3: a1:bd:8c:00:5b:a7:78:31:f7:5d:c9:ba:bb:01:77:95: 46:0b:bd:b0:b2:6c:1e:72:b2:87:ac:80:d7:79:01:0c: 27:60:40:c0:2c:41:44:e5:12:80:e2:a3:06:8e:40:8c: 3e:ba:b8:eb:60:10:c1:c8:76:5b:58:8d:60:57:bf:3f: cf:d5:51:e7:9d:99:6d:fb:9d:fd:b1:6c:b6:c8:4c:d2: f7:e4:ae:20:e0:d5:af:d2:67:30:45:65:9c:18:37:dd Fingerprint (SHA-256): 83:09:A0:BD:24:9E:8C:92:B0:EE:5F:FC:0B:EE:CC:26:62:12:B4:D8:01:71:E4:29:F8:64:99:33:3B:71:20:F5 Fingerprint (SHA1): 9A:72:AB:81:88:31:A2:74:24:B1:75:A5:54:51:97:5D:8F:98:A9:A1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3289: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021868 (0x1eefa52c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:22:01 2015 Not After : Tue May 19 06:22:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:cc:ce:2f:76:e4:50:b2:5a:81:d0:64:f8:c0:e0:c9: 47:d9:d1:f3:82:ac:7c:c6:46:0f:21:94:b3:6f:82:8a: 43:e2:11:df:c5:84:54:54:54:4c:d5:9d:c9:18:62:e5: f7:f5:8a:e3:c6:72:54:e6:a1:88:38:c5:ab:d1:34:bf: e5:12:32:6c:62:70:2a:6f:2f:67:e3:99:e1:c8:c0:91: b1:24:07:bd:18:53:09:df:d3:89:98:9e:79:82:cf:29: de:4d:cc:52:7c:f7:0f:3a:97:c8:ec:75:88:e3:16:5f: 2a:93:b9:4f:8e:6d:f8:ef:74:8e:61:e5:47:0d:74:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:c2:28:0a:d0:50:4d:2e:9d:f0:fb:ec:56:af:a1:3c: ea:47:f5:70:d1:32:04:6a:d4:56:75:76:0e:de:c5:56: b9:cd:94:e6:3d:f1:da:4a:47:76:45:7c:33:94:88:4d: 88:d7:22:88:d8:77:96:7b:99:e6:b4:ea:4b:db:44:ae: cb:ed:bd:2d:7b:34:cb:c0:e5:b0:b5:19:1a:c1:8f:fd: 82:76:42:b6:f5:c6:58:57:b9:ac:d1:90:bf:62:12:ae: c8:37:89:29:6c:ab:9e:5b:e7:8b:59:02:a1:13:ab:dd: c5:cd:1c:2f:43:69:c8:ad:a6:99:60:9d:93:21:29:68 Fingerprint (SHA-256): 7E:37:76:32:6D:86:E5:E4:DD:C3:22:62:6C:A5:14:DD:C2:B9:4F:A7:96:2D:C7:34:60:4B:B7:67:4D:A8:D6:18 Fingerprint (SHA1): 9A:A3:08:57:34:B6:73:EA:C0:48:62:03:8C:6D:D5:26:D8:32:4F:9A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3290: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021868 (0x1eefa52c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:22:01 2015 Not After : Tue May 19 06:22:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:cc:ce:2f:76:e4:50:b2:5a:81:d0:64:f8:c0:e0:c9: 47:d9:d1:f3:82:ac:7c:c6:46:0f:21:94:b3:6f:82:8a: 43:e2:11:df:c5:84:54:54:54:4c:d5:9d:c9:18:62:e5: f7:f5:8a:e3:c6:72:54:e6:a1:88:38:c5:ab:d1:34:bf: e5:12:32:6c:62:70:2a:6f:2f:67:e3:99:e1:c8:c0:91: b1:24:07:bd:18:53:09:df:d3:89:98:9e:79:82:cf:29: de:4d:cc:52:7c:f7:0f:3a:97:c8:ec:75:88:e3:16:5f: 2a:93:b9:4f:8e:6d:f8:ef:74:8e:61:e5:47:0d:74:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bc:c2:28:0a:d0:50:4d:2e:9d:f0:fb:ec:56:af:a1:3c: ea:47:f5:70:d1:32:04:6a:d4:56:75:76:0e:de:c5:56: b9:cd:94:e6:3d:f1:da:4a:47:76:45:7c:33:94:88:4d: 88:d7:22:88:d8:77:96:7b:99:e6:b4:ea:4b:db:44:ae: cb:ed:bd:2d:7b:34:cb:c0:e5:b0:b5:19:1a:c1:8f:fd: 82:76:42:b6:f5:c6:58:57:b9:ac:d1:90:bf:62:12:ae: c8:37:89:29:6c:ab:9e:5b:e7:8b:59:02:a1:13:ab:dd: c5:cd:1c:2f:43:69:c8:ad:a6:99:60:9d:93:21:29:68 Fingerprint (SHA-256): 7E:37:76:32:6D:86:E5:E4:DD:C3:22:62:6C:A5:14:DD:C2:B9:4F:A7:96:2D:C7:34:60:4B:B7:67:4D:A8:D6:18 Fingerprint (SHA1): 9A:A3:08:57:34:B6:73:EA:C0:48:62:03:8C:6D:D5:26:D8:32:4F:9A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #3291: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3292: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021871 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3293: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3294: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3295: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3296: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519021872 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3297: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3298: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3299: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3300: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021873 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3301: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3302: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3303: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3304: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519021874 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3305: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3306: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #3307: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3308: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519021875 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3309: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3310: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #3311: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3312: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519021876 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3313: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3314: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #3315: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3316: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519021877 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3317: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3318: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3319: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #3320: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #3321: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3322: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #3323: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021871 (0x1eefa52f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:24 2015 Not After : Tue May 19 06:22:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:74:8e:5b:7b:f4:81:00:4c:f9:7c:13:f9:70:98:f2: 44:32:12:6a:ac:1d:c3:b2:3e:ec:cd:7c:e0:47:90:39: fa:50:c6:f2:58:90:d0:22:e2:e3:13:bb:8f:57:d6:22: 20:a5:87:22:cb:bf:66:bc:07:ed:e5:df:91:fd:38:c3: 52:91:c6:a7:e4:97:d7:02:fe:c2:b5:2f:bc:19:30:23: a5:6f:3f:ad:23:c3:f5:66:89:2a:c7:26:ed:f8:0e:19: 42:19:db:99:36:81:b0:56:fd:5b:ec:f2:93:08:d4:58: 56:8d:c9:4f:15:be:b1:f7:dd:fa:ff:9a:e8:51:a3:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: db:5c:d2:51:4c:15:b7:83:31:48:1d:6b:04:ad:6b:75: d2:7f:86:34:62:f8:d4:8f:09:43:67:49:ca:7f:80:ef: b7:13:91:71:b2:23:8a:53:b1:57:1f:2d:08:85:29:0d: 93:db:9e:86:3d:6a:54:69:52:26:ef:7e:04:6d:f9:0c: 2b:77:cc:48:40:19:0f:7d:4c:a1:d5:ac:87:4f:3e:aa: 2f:5a:c1:34:d3:5b:50:d3:2c:dc:52:e5:13:60:8c:db: b9:50:d4:5b:6f:86:76:67:c3:bf:a4:d5:1c:ae:75:f2: f4:f3:ff:c3:3f:b9:4e:51:1a:fd:e3:89:20:d7:48:4e Fingerprint (SHA-256): A8:CC:89:04:FE:0C:11:53:A2:54:C3:52:DE:24:AC:58:82:73:66:DA:0E:9A:D1:33:E5:30:39:E7:DF:7F:80:4D Fingerprint (SHA1): 09:73:0D:DE:99:B0:D9:8A:EC:41:82:1D:37:56:20:E7:6E:63:D3:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3324: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3325: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3326: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3327: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021871 (0x1eefa52f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:24 2015 Not After : Tue May 19 06:22:24 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:74:8e:5b:7b:f4:81:00:4c:f9:7c:13:f9:70:98:f2: 44:32:12:6a:ac:1d:c3:b2:3e:ec:cd:7c:e0:47:90:39: fa:50:c6:f2:58:90:d0:22:e2:e3:13:bb:8f:57:d6:22: 20:a5:87:22:cb:bf:66:bc:07:ed:e5:df:91:fd:38:c3: 52:91:c6:a7:e4:97:d7:02:fe:c2:b5:2f:bc:19:30:23: a5:6f:3f:ad:23:c3:f5:66:89:2a:c7:26:ed:f8:0e:19: 42:19:db:99:36:81:b0:56:fd:5b:ec:f2:93:08:d4:58: 56:8d:c9:4f:15:be:b1:f7:dd:fa:ff:9a:e8:51:a3:c1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: db:5c:d2:51:4c:15:b7:83:31:48:1d:6b:04:ad:6b:75: d2:7f:86:34:62:f8:d4:8f:09:43:67:49:ca:7f:80:ef: b7:13:91:71:b2:23:8a:53:b1:57:1f:2d:08:85:29:0d: 93:db:9e:86:3d:6a:54:69:52:26:ef:7e:04:6d:f9:0c: 2b:77:cc:48:40:19:0f:7d:4c:a1:d5:ac:87:4f:3e:aa: 2f:5a:c1:34:d3:5b:50:d3:2c:dc:52:e5:13:60:8c:db: b9:50:d4:5b:6f:86:76:67:c3:bf:a4:d5:1c:ae:75:f2: f4:f3:ff:c3:3f:b9:4e:51:1a:fd:e3:89:20:d7:48:4e Fingerprint (SHA-256): A8:CC:89:04:FE:0C:11:53:A2:54:C3:52:DE:24:AC:58:82:73:66:DA:0E:9A:D1:33:E5:30:39:E7:DF:7F:80:4D Fingerprint (SHA1): 09:73:0D:DE:99:B0:D9:8A:EC:41:82:1D:37:56:20:E7:6E:63:D3:5D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3328: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3329: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3330: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021878 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3331: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3332: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3333: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3334: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519021879 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3335: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3336: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #3337: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3338: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519021880 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3339: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3340: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #3341: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3342: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519021881 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3343: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3344: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3345: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3346: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519021882 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3347: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3348: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #3349: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3350: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519021883 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3351: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3352: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #3353: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3354: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519021884 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3355: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3356: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3357: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3358: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519021885 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3359: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3360: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #3361: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3362: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519021886 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3363: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3364: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #3365: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3366: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519021887 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3367: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3368: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3369: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3370: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519021888 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3371: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3372: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #3373: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3374: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519021889 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3375: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3376: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #3377: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3378: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519021890 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3379: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3380: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3381: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3382: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519021891 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3383: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3384: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #3385: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3386: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519021892 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3387: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3388: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #3389: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3390: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519021893 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3391: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3392: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #3393: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3394: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519021894 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3395: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3396: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #3397: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3398: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519021895 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #3399: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3400: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #3401: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3402: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519021896 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3403: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3404: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #3405: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3406: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519021897 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3407: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3408: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #3409: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3410: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519021898 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3411: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3412: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #3413: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3414: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519021899 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3415: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3416: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #3417: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3418: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519021900 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3419: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3420: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #3421: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3422: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519021901 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3423: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3424: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #3425: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3426: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519021902 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3427: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3428: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #3429: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3430: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519021903 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3431: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3432: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #3433: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3434: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519021904 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3435: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3436: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #3437: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3438: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519021905 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3439: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3440: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #3441: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3442: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519021906 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3443: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3444: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #3445: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3446: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519021907 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3447: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3448: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3449: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3450: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3451: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3452: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3453: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3454: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3455: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3456: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3457: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3458: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3459: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3460: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3461: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3462: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3463: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3464: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3465: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3466: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3467: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3468: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3469: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3470: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3471: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021878 (0x1eefa536) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:22:52 2015 Not After : Tue May 19 06:22:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:c6:0f:70:86:78:69:fd:00:d1:a0:19:b6:86:4c:16: b8:56:3e:1b:c9:04:b2:90:5a:7d:a6:bf:3f:a1:1a:22: a4:e5:18:b9:92:65:c0:a6:f5:55:9d:15:9d:20:30:d6: ae:27:d5:bd:fc:2c:32:26:3a:76:9e:67:09:4c:ef:3d: 77:d8:a2:5c:64:44:b9:a5:bc:22:c8:26:f3:52:7a:be: ed:d7:d9:c1:99:98:65:bc:3d:12:73:82:62:94:77:71: 93:e7:70:b4:84:55:b0:83:c9:7b:36:d9:99:be:36:32: 58:32:b4:25:cd:79:ee:34:f1:12:37:87:ac:97:8b:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3b:4d:b1:a9:d5:87:45:85:e9:dc:a9:45:15:c0:86:ff: 03:2b:cf:ee:05:ce:bd:ac:d4:32:1f:51:60:7b:0f:d1: b0:ed:83:29:1d:77:14:6b:76:4f:43:07:86:dd:9d:ef: 4f:06:bd:60:ed:c2:90:9a:8b:42:44:a6:f4:8d:47:6b: ad:11:d2:83:f2:d8:7f:bd:f8:1e:f3:4f:a0:0b:79:65: e8:8b:f0:a5:b8:6d:81:b0:c4:61:43:27:cd:65:a7:5e: c4:9e:8b:68:d4:db:09:3e:00:f2:28:f2:78:74:e1:f8: fa:f0:12:87:ab:b5:46:6b:7b:c6:f7:63:6c:a3:bf:ae Fingerprint (SHA-256): E0:BD:84:33:AB:05:3A:ED:E2:99:F2:11:57:C7:5F:35:CD:32:07:E6:58:37:2C:4C:28:78:C1:3C:91:0D:54:51 Fingerprint (SHA1): 06:73:57:1C:17:BD:1A:13:77:65:EF:FD:4E:A4:1E:2A:C7:93:F2:4D Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #3472: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3473: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3474: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021908 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3475: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3476: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #3477: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3478: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519021909 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3479: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3480: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #3481: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3482: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519021910 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3483: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3484: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #3485: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3486: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519021911 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3487: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3488: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #3489: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3490: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519021912 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3491: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3492: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #3493: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3494: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519021913 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3495: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3496: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #3497: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3498: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519021914 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3499: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3500: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3501: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021908 (0x1eefa554) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:24:49 2015 Not After : Tue May 19 06:24:49 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b3:b6:b8:fb:87:d7:43:26:72:32:3d:3f:83:2f:8c: 00:4f:f3:3d:62:6d:69:78:71:b6:c6:a8:c5:c7:51:b3: fe:2b:c8:d5:9a:68:ad:7e:d1:8d:16:90:15:3b:d5:8c: 8a:3c:7e:a1:a7:9c:f9:46:1b:2f:93:6e:a0:49:a7:e4: fb:74:c7:3b:8e:e0:a7:bd:ad:3e:97:b2:fa:0e:3c:3c: 90:0a:51:7f:89:0a:99:41:66:cd:e3:a5:a5:bd:95:1a: 32:42:cd:ed:da:1b:44:19:22:18:6b:f8:02:31:05:ca: 4a:0d:5b:e2:0b:70:2e:1c:00:2a:97:a1:15:e1:07:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: db:a2:11:cd:3e:0a:28:4c:3b:14:b5:5a:9c:53:4b:1e: 0f:b3:16:7d:77:e1:e0:57:d7:f1:5f:91:77:53:b5:d6: 63:77:67:1d:47:d0:ad:63:e3:38:ac:58:b0:61:47:24: 3f:a6:f8:29:a3:02:30:e2:a3:4d:fd:e6:cd:a2:f8:ba: 79:6b:75:12:52:6e:f1:64:4b:81:79:40:93:5d:6e:11: 90:a4:e9:2b:36:c9:58:27:9c:3e:f3:dc:49:9a:a9:2b: 82:7e:c1:08:13:76:c7:04:88:b9:32:ff:c1:8a:ab:67: ef:37:aa:ce:67:cc:35:51:da:c8:ec:c6:25:bd:11:14 Fingerprint (SHA-256): C8:9D:11:5E:36:86:70:82:B5:7C:A0:90:1A:51:86:3B:EA:FB:D5:CA:17:1D:C5:1E:7A:E2:4E:BA:06:3C:DB:13 Fingerprint (SHA1): B6:3E:37:3E:06:C6:BC:A5:7D:B9:D6:FB:3B:8C:A6:B7:23:37:6A:AC Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3502: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3503: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3504: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3505: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021908 (0x1eefa554) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:24:49 2015 Not After : Tue May 19 06:24:49 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:b3:b6:b8:fb:87:d7:43:26:72:32:3d:3f:83:2f:8c: 00:4f:f3:3d:62:6d:69:78:71:b6:c6:a8:c5:c7:51:b3: fe:2b:c8:d5:9a:68:ad:7e:d1:8d:16:90:15:3b:d5:8c: 8a:3c:7e:a1:a7:9c:f9:46:1b:2f:93:6e:a0:49:a7:e4: fb:74:c7:3b:8e:e0:a7:bd:ad:3e:97:b2:fa:0e:3c:3c: 90:0a:51:7f:89:0a:99:41:66:cd:e3:a5:a5:bd:95:1a: 32:42:cd:ed:da:1b:44:19:22:18:6b:f8:02:31:05:ca: 4a:0d:5b:e2:0b:70:2e:1c:00:2a:97:a1:15:e1:07:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: db:a2:11:cd:3e:0a:28:4c:3b:14:b5:5a:9c:53:4b:1e: 0f:b3:16:7d:77:e1:e0:57:d7:f1:5f:91:77:53:b5:d6: 63:77:67:1d:47:d0:ad:63:e3:38:ac:58:b0:61:47:24: 3f:a6:f8:29:a3:02:30:e2:a3:4d:fd:e6:cd:a2:f8:ba: 79:6b:75:12:52:6e:f1:64:4b:81:79:40:93:5d:6e:11: 90:a4:e9:2b:36:c9:58:27:9c:3e:f3:dc:49:9a:a9:2b: 82:7e:c1:08:13:76:c7:04:88:b9:32:ff:c1:8a:ab:67: ef:37:aa:ce:67:cc:35:51:da:c8:ec:c6:25:bd:11:14 Fingerprint (SHA-256): C8:9D:11:5E:36:86:70:82:B5:7C:A0:90:1A:51:86:3B:EA:FB:D5:CA:17:1D:C5:1E:7A:E2:4E:BA:06:3C:DB:13 Fingerprint (SHA1): B6:3E:37:3E:06:C6:BC:A5:7D:B9:D6:FB:3B:8C:A6:B7:23:37:6A:AC Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #3506: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3507: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3508: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3509: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021915 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3510: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3511: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3512: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3513: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021916 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3514: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3515: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3516: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3517: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021917 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3518: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3519: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3520: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3521: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519021918 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3522: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3523: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3524: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3525: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3526: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3527: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021915 (0x1eefa55b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:25:18 2015 Not After : Tue May 19 06:25:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:90:c6:84:b5:c3:56:b3:f4:bb:b8:1b:06:01:1c:c6: be:bd:2c:2b:bc:16:bf:4b:7f:28:88:fb:cd:f5:84:0f: 59:78:a9:ce:0d:46:19:5d:18:34:72:b7:3a:c7:79:ef: b0:6b:6e:d7:33:66:a6:0d:27:61:22:33:85:31:24:97: 13:4e:0e:16:4a:42:fe:33:07:f8:04:e3:e3:59:18:ac: eb:4a:4f:83:00:19:15:21:55:56:13:6c:60:d0:25:f9: 84:7d:c4:f9:3b:39:73:5d:7a:5f:6b:de:5f:bc:0d:11: 60:33:08:04:69:b2:f9:b7:4d:41:07:dc:ae:ef:fb:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 69:b9:a2:56:51:5b:12:fc:95:50:87:05:7e:71:48:be: b2:a9:32:60:97:65:91:13:91:58:3f:b9:52:6e:7c:ab: d1:3b:36:fc:19:88:f1:42:2a:4b:a9:88:06:64:1f:ce: ae:72:80:46:26:e1:d8:0f:28:4a:94:2f:a0:b5:69:6f: 75:1e:1f:fe:55:6c:5f:0b:b7:9c:78:8c:62:e7:e6:23: b0:d0:4c:78:c3:f5:39:f0:ec:fd:cf:e2:95:f4:bb:9c: d0:28:4a:73:8b:a7:0f:0f:d6:1a:25:df:7a:e8:2f:5c: 5d:55:c0:cf:b2:92:e7:e0:28:bc:85:2d:e3:81:8f:be Fingerprint (SHA-256): 5B:F7:7A:92:A6:21:CB:CE:4A:FB:F2:66:99:7F:DF:60:06:91:F9:EE:5E:50:DF:EE:F9:93:A3:97:3B:07:18:9B Fingerprint (SHA1): AB:C6:8E:26:D0:B1:C9:92:39:F3:37:DA:BC:B5:BD:EC:0B:DA:7C:3C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3528: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3529: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3530: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021916 (0x1eefa55c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:25:21 2015 Not After : Tue May 19 06:25:21 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:a7:03:dd:79:ac:f0:4c:38:74:5d:47:e8:90:7a:c2: 3b:55:0f:e8:69:3e:0e:bc:cd:a6:d2:8b:96:c9:f8:03: 13:20:1b:5f:5f:42:86:76:b7:ad:19:8b:f0:37:aa:33: c3:d6:b5:e8:68:9a:84:e5:b9:0c:9b:cd:43:59:d1:96: bd:4c:c4:64:4f:8a:d9:d8:ee:f6:57:1e:d6:16:1d:95: bd:38:27:8e:0d:02:17:d0:81:68:fc:0d:60:bc:86:e2: 8b:98:3b:1c:10:54:8c:af:b1:24:99:03:e3:dd:64:b1: 1a:7d:a3:3a:19:90:42:24:8b:45:b1:62:d4:1d:39:89 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 19:59:fd:1a:84:c2:73:55:9b:2b:04:b0:cd:bd:c0:df: 99:1b:6a:92:44:b0:8e:6c:99:fc:db:ce:6c:fb:db:09: 7d:ce:06:e2:a4:e0:1a:ac:3e:b4:1d:f1:9e:2c:c2:1a: b7:35:5f:78:b6:7a:9a:d5:66:30:a3:5f:a2:14:5a:10: 8a:7a:fa:3a:a6:2b:13:13:4e:f1:6a:c2:19:c8:0d:b2: 37:63:c9:aa:8d:f4:44:cc:4e:76:16:58:8e:5d:59:1a: 9d:e9:d1:21:65:0e:93:a4:7f:2d:3f:d9:74:b5:58:5f: 45:41:23:11:0d:73:5f:cf:c3:cf:03:2b:92:7f:f0:9d Fingerprint (SHA-256): 3E:1C:46:B4:07:D6:9D:84:74:AA:A4:2B:CE:79:53:4A:2A:F3:82:40:B0:C5:88:D9:4D:12:36:05:68:09:D9:6D Fingerprint (SHA1): 12:66:14:9F:F5:51:D8:98:76:FD:A9:75:2D:04:F1:80:EF:E1:35:6A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3531: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3532: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021917 (0x1eefa55d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:25:24 2015 Not After : Tue May 19 06:25:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:8f:a8:f3:90:9e:6a:fe:3f:30:63:0e:e3:1a:ac:8c: 3e:9c:16:4e:77:35:4b:b7:d6:8b:c7:a9:97:5f:95:3a: 57:25:05:4a:de:87:66:76:ee:f2:06:4b:1a:50:02:76: 01:97:4c:5d:23:1f:10:c5:f1:4c:5c:8c:fd:39:09:72: e8:98:07:28:83:bd:43:3b:6c:f0:d7:f6:f3:16:d2:f9: ae:af:09:82:6f:b6:ba:f8:b5:13:f5:6e:31:2d:76:81: b9:ea:f3:ec:55:b9:77:9a:75:91:bb:5b:ef:36:e6:bf: cb:e2:b0:0a:c3:4b:47:1c:25:12:1b:8a:58:83:48:25 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 71:57:3c:3f:d1:0d:c3:8c:c2:4b:c8:3d:78:cf:27:85: 0c:00:dc:64:63:73:b5:63:bf:b7:e6:be:9b:98:fa:37: 5a:d2:45:d4:fa:77:39:24:d3:db:4d:e9:68:26:09:48: 88:53:c5:1b:b6:6a:b9:21:a7:32:1f:1f:c7:f8:1d:4c: 5f:1a:cd:b9:5b:b7:08:3f:1f:5e:f6:b1:7f:d7:30:9b: 12:05:c4:8f:07:58:5d:e6:02:d9:dd:e5:2b:c5:5c:93: 79:07:d2:56:dd:af:30:43:5e:67:16:be:ce:fd:8f:3b: 27:51:09:0b:a7:f3:e5:c2:10:89:5c:26:d3:45:8c:bf Fingerprint (SHA-256): 8E:4A:22:DF:31:57:BD:01:3B:AF:80:D5:AD:A9:CC:2D:71:4B:4C:9D:36:8E:59:2F:CC:66:B0:EC:62:13:93:42 Fingerprint (SHA1): 50:72:DE:9C:3A:D1:2E:93:AD:39:A5:52:41:18:00:6A:43:A0:22:F4 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #3533: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3534: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021919 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3535: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3536: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3537: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3538: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021920 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3539: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3540: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3541: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3542: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021921 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3543: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3544: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3545: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3546: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519021922 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3547: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3548: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3549: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3550: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519021923 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3551: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3552: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3553: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #3554: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #3555: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #3556: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #3557: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021919 (0x1eefa55f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:25:35 2015 Not After : Tue May 19 06:25:35 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:ac:81:5c:4a:9f:a2:fc:c1:3c:7b:f5:bf:1a:4f:be: b9:66:7b:3a:61:d6:50:ea:61:22:d6:38:31:e2:22:b5: a0:83:ab:0b:3f:68:f6:7f:88:99:79:58:0c:66:ed:e4: 41:dc:9a:ff:86:c1:08:28:36:9d:88:57:a7:dc:8f:c9: d7:29:18:da:75:1d:a5:5d:a0:78:5c:48:5f:a1:9a:0b: e4:f5:96:f4:f9:87:7a:03:dc:10:9a:ec:a8:87:ba:de: c3:b3:f2:c7:8a:16:40:fc:35:2e:37:52:b4:02:d9:6a: 1f:43:ce:23:8b:b7:c6:98:3e:ea:e6:4c:5e:dd:a5:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:9a:12:9c:bf:4c:a7:3d:dc:11:31:4c:3d:c0:8a:78: ac:1e:6f:01:ac:ce:22:33:9e:f9:df:b1:ba:05:65:88: 0b:e3:1c:72:06:28:92:28:86:5c:83:31:c2:7f:54:86: 21:7f:ea:4b:83:74:99:6a:78:c0:82:47:53:57:de:2d: 65:7c:ec:8e:01:7c:f6:5b:f3:2f:dc:0a:8b:2c:ca:8c: 94:83:8a:50:fd:0a:f8:a5:54:9b:2c:b7:ce:0c:35:05: 9c:55:58:74:67:17:fc:40:f5:03:0d:c3:25:ea:f1:13: c6:19:78:ff:7c:88:09:2e:f5:8d:fd:0e:55:2d:c3:81 Fingerprint (SHA-256): 36:75:DF:66:D9:B6:42:60:C8:56:05:24:47:BE:BA:DA:59:B0:A2:9E:7B:8A:C0:0F:0B:34:F4:94:97:D8:EE:55 Fingerprint (SHA1): 20:5A:79:90:28:BA:42:2E:B3:A8:E0:BA:6F:0E:F0:86:B0:59:81:D6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3558: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3559: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021920 (0x1eefa560) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:25:40 2015 Not After : Tue May 19 06:25:40 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:9a:36:a7:92:9e:83:e4:b1:65:c0:e9:d5:30:61:52: 50:29:a5:39:ff:07:78:02:15:1d:03:b1:48:c2:9b:3c: 10:87:46:2f:67:fb:4f:5c:73:95:c9:0c:ae:0e:6b:2d: f0:80:7a:36:56:28:e2:30:80:85:7b:3b:5a:12:b8:d8: 35:8e:69:3e:a9:3d:e8:3b:60:c0:4f:f5:c7:2e:cc:1c: 6d:66:de:ea:f9:3a:7d:09:4d:05:38:20:43:27:12:a1: 47:b5:3e:5e:71:49:de:dc:51:ec:38:55:c4:5c:93:e8: 3a:e7:25:ac:38:3a:ed:00:80:fd:88:65:3e:87:4a:a5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 02:88:d2:f5:e9:67:a5:17:7e:99:0d:19:74:7b:50:ad: 53:e0:94:3d:03:3a:ad:04:9e:b4:0b:af:cf:98:5c:8f: 21:7d:ff:b7:c0:8d:39:77:bd:21:a8:ab:bf:df:e3:5d: 47:1e:64:12:66:01:f2:84:54:55:46:12:89:66:f9:32: 05:3f:61:16:3f:23:a4:25:32:a4:46:40:60:d9:b7:1e: df:98:4e:05:14:b4:f6:88:95:41:3a:61:82:eb:86:66: fa:a4:06:3c:c7:31:12:0f:d6:35:58:aa:09:11:86:b9: ce:49:18:a3:07:f4:75:8a:89:c1:1a:c2:47:d9:2e:e9 Fingerprint (SHA-256): 95:F2:73:52:E1:B2:11:2C:38:94:73:02:DD:D3:6B:A2:1B:CF:DF:A0:E9:34:93:BA:59:78:2D:CD:26:63:02:89 Fingerprint (SHA1): F8:4F:72:17:EE:6B:25:79:52:47:9E:BE:C9:9C:65:8B:D8:42:94:EF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3560: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3561: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3562: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021921 (0x1eefa561) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:25:43 2015 Not After : Tue May 19 06:25:43 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:70:9b:2d:6f:35:d3:e7:6a:6d:1d:2f:cf:25:17:a9: b4:38:7e:8d:60:78:77:3f:28:5c:90:43:75:a1:af:11: bd:8d:02:f9:10:39:12:fa:94:31:eb:c2:66:5e:4b:5f: 2c:0b:eb:8c:0f:f7:04:d6:d3:57:2c:bf:15:f8:a0:e9: 3d:b4:43:12:94:9e:1b:fa:37:22:19:f5:92:da:00:ee: c5:78:ba:7b:fa:8c:6e:40:7a:2f:a9:50:39:09:31:ed: 5c:f0:e3:94:50:9f:c8:df:27:e9:68:1c:4b:86:39:2c: eb:71:3c:ae:c6:ae:82:26:a4:e3:de:91:f0:31:f4:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:a0:17:87:5c:c2:0d:c7:05:89:f2:60:80:3f:c0:54: 00:2c:c7:6c:93:07:b3:e9:3e:df:f7:d2:46:30:6c:82: ef:5c:28:06:6c:e9:80:7b:48:ab:46:15:e5:05:8c:57: 55:56:03:27:7e:61:b8:04:7d:f0:f4:99:7d:60:03:83: 28:00:5a:72:4d:17:29:36:f4:f9:b8:4f:e0:40:82:45: ed:f1:5a:41:0a:94:0a:20:41:cf:f7:ab:da:da:a2:73: 6d:2f:59:6e:8b:c6:12:7e:8e:d3:af:de:cb:18:c8:fd: c9:6d:0a:b7:fa:ce:59:bb:6d:51:b6:3b:42:ff:ab:a6 Fingerprint (SHA-256): 0A:59:DF:1B:DA:E9:00:3A:EB:0E:EA:C2:3F:F2:80:24:30:47:88:0A:50:72:CF:06:ED:DD:5A:48:DB:42:51:10 Fingerprint (SHA1): 96:91:CA:1B:5E:7B:D4:A4:59:05:88:72:DF:86:D1:83:15:E9:1F:C7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3563: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3564: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021924 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3565: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3566: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3567: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3568: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021925 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3569: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3570: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3571: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3572: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021926 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519021833.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3573: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3574: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3575: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3576: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519021927 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3577: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3578: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #3579: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021924 (0x1eefa564) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:26:02 2015 Not After : Tue May 19 06:26:02 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:fa:52:a8:fc:c0:a3:b4:05:50:ca:2e:a9:e8:cd:dc: 89:14:95:bb:59:a6:ac:b5:76:09:10:87:29:06:bf:f9: 17:4c:87:60:11:02:00:a1:2f:b6:b2:8b:1f:83:2a:10: 3f:66:05:a1:33:eb:58:d2:af:35:89:ee:35:93:6e:c4: ad:23:3c:46:cc:90:36:41:95:d8:52:f5:14:d9:d6:da: 06:40:f6:59:a9:bf:51:3d:f1:b8:01:77:93:57:2b:d9: e3:e1:6a:b5:be:be:86:3d:fe:f0:28:85:bf:e0:48:fb: ab:78:16:a9:93:ce:c4:ad:24:78:32:7d:a3:90:35:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9d:a1:76:41:e5:99:94:e7:dd:b1:fd:f9:8f:1f:88:b7: f6:31:0f:28:bd:d9:e1:bb:f9:95:a5:65:15:31:ae:d1: e8:d4:c9:e5:a7:28:6d:fc:5f:e2:8f:d6:a6:b1:4e:8f: 17:0f:77:64:15:d6:21:a7:be:37:72:0d:42:90:1a:2e: db:87:8b:cb:17:41:15:ed:b4:60:dc:42:c0:00:b1:7f: c0:c0:76:eb:aa:b2:8a:65:ff:40:ce:ae:47:0b:8a:f4: f5:ba:d6:f5:93:25:93:45:31:07:31:dd:43:a5:ba:2b: 99:99:a6:7b:fe:6b:2b:2a:d5:49:c6:56:69:06:35:98 Fingerprint (SHA-256): C1:67:29:29:11:58:56:CF:5F:BD:AD:79:18:59:16:04:AB:36:9D:17:63:17:D1:99:4A:02:1A:28:EC:04:DC:9E Fingerprint (SHA1): 29:13:22:6F:65:46:F5:FF:4E:31:28:81:5C:E6:4A:D5:78:6D:A4:3E Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3580: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3581: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021928 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3582: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3583: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3584: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021929 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3585: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3586: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3587: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3588: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519021930 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3589: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3590: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519021931 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3591: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3592: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3593: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3594: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3595: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519021932 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519021834.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3596: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3597: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3598: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3599: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021933 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3600: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3601: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3602: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3603: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021929 (0x1eefa569) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:20 2015 Not After : Tue May 19 06:26:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:ca:a3:d7:e3:00:f5:0e:af:f7:f4:f3:7e:c1:16:81: 32:b2:b2:4f:ff:f4:a1:f0:21:73:88:58:18:0b:e3:a0: 28:41:4e:4e:d9:c9:2c:06:8d:ac:35:49:a5:85:b3:e6: 53:0d:21:3c:8d:14:4d:3e:dd:ce:ce:26:13:52:a5:e4: fc:80:af:93:df:32:f3:74:65:ba:ff:b8:26:c7:bc:fd: 01:bd:c2:31:f8:7d:dc:95:df:9c:7e:6b:ad:2e:77:a7: 0b:be:32:ea:47:9e:e4:3f:23:17:ba:61:6c:2c:b8:d1: b0:1b:54:6e:a3:b6:d2:90:ab:d1:fa:e0:0d:a8:3e:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: be:26:76:50:27:f9:85:1d:6b:80:07:d5:75:bf:74:55: 66:64:a0:f1:a0:f5:54:6c:48:ba:a2:82:6b:26:4c:81: 83:b2:4d:68:d9:64:9e:e6:08:81:1d:80:95:25:bd:bf: c4:b9:57:e4:51:62:ad:77:60:81:93:a4:9d:f9:39:db: 67:5d:4a:74:6a:86:25:82:88:21:fb:21:f2:c9:14:11: d5:4f:a8:77:b1:e5:5d:40:71:d7:8d:90:6d:0d:21:cc: 20:34:05:8b:48:ba:8b:7c:7c:23:49:c6:5d:81:00:bd: d1:c9:46:6b:3b:57:25:0d:a6:e0:69:2c:7f:3c:40:b5 Fingerprint (SHA-256): 2C:CE:E6:DF:EF:53:4A:F1:97:61:04:57:82:40:61:45:37:73:4C:7F:DF:53:BD:8A:07:E9:23:18:DB:B3:1F:0A Fingerprint (SHA1): 48:B6:35:59:A2:4E:35:70:5C:29:52:2D:13:20:82:0C:35:34:DC:FA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3604: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021929 (0x1eefa569) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:20 2015 Not After : Tue May 19 06:26:20 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:ca:a3:d7:e3:00:f5:0e:af:f7:f4:f3:7e:c1:16:81: 32:b2:b2:4f:ff:f4:a1:f0:21:73:88:58:18:0b:e3:a0: 28:41:4e:4e:d9:c9:2c:06:8d:ac:35:49:a5:85:b3:e6: 53:0d:21:3c:8d:14:4d:3e:dd:ce:ce:26:13:52:a5:e4: fc:80:af:93:df:32:f3:74:65:ba:ff:b8:26:c7:bc:fd: 01:bd:c2:31:f8:7d:dc:95:df:9c:7e:6b:ad:2e:77:a7: 0b:be:32:ea:47:9e:e4:3f:23:17:ba:61:6c:2c:b8:d1: b0:1b:54:6e:a3:b6:d2:90:ab:d1:fa:e0:0d:a8:3e:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: be:26:76:50:27:f9:85:1d:6b:80:07:d5:75:bf:74:55: 66:64:a0:f1:a0:f5:54:6c:48:ba:a2:82:6b:26:4c:81: 83:b2:4d:68:d9:64:9e:e6:08:81:1d:80:95:25:bd:bf: c4:b9:57:e4:51:62:ad:77:60:81:93:a4:9d:f9:39:db: 67:5d:4a:74:6a:86:25:82:88:21:fb:21:f2:c9:14:11: d5:4f:a8:77:b1:e5:5d:40:71:d7:8d:90:6d:0d:21:cc: 20:34:05:8b:48:ba:8b:7c:7c:23:49:c6:5d:81:00:bd: d1:c9:46:6b:3b:57:25:0d:a6:e0:69:2c:7f:3c:40:b5 Fingerprint (SHA-256): 2C:CE:E6:DF:EF:53:4A:F1:97:61:04:57:82:40:61:45:37:73:4C:7F:DF:53:BD:8A:07:E9:23:18:DB:B3:1F:0A Fingerprint (SHA1): 48:B6:35:59:A2:4E:35:70:5C:29:52:2D:13:20:82:0C:35:34:DC:FA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3605: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3606: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021934 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3607: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3608: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3609: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021935 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3610: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3611: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3612: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3613: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519021936 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3614: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3615: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519021937 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3616: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3617: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3618: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3619: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3620: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519021938 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519021835.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3621: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3622: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3623: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3624: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021939 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3625: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3626: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3627: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3628: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519021940 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519021836.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3629: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3630: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3631: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3632: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519021941 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3633: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3634: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3635: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3636: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021935 (0x1eefa56f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:38 2015 Not After : Tue May 19 06:26:38 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b9:75:07:c6:72:b3:f8:a6:ed:d8:fe:1c:7b:b0:02: f9:4f:d9:64:e5:a9:14:79:19:f0:35:26:e9:c3:77:a9: 03:2e:88:7e:d4:5a:e4:c0:e2:c1:39:d4:15:4b:e8:8f: a4:e4:c3:78:4f:4b:a4:82:98:0f:0f:23:ce:e1:6a:bd: 11:d2:8d:f1:26:49:3c:be:cc:46:d3:8c:64:11:82:57: ba:fd:a5:7c:ac:0d:2d:05:bd:8b:27:89:03:5d:bf:67: 89:3a:ab:46:7b:bd:32:dd:80:97:c2:c3:b5:25:17:63: 64:96:78:c3:d4:a3:c1:7e:d7:0c:c5:fd:c7:54:d6:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:e8:b5:0e:ea:db:b9:9b:2e:9a:62:fb:db:6b:62:08: 61:c2:e3:33:82:2f:46:36:06:fb:37:4d:90:08:70:7c: 71:2f:0f:a4:12:5d:c9:86:ce:86:3e:6a:34:9d:48:ef: 20:a4:fc:af:4c:57:cd:06:ea:69:b5:a3:4b:94:81:df: 4e:49:a3:01:18:d9:95:ab:01:2d:cb:ed:5a:09:06:fb: e7:1a:ba:e9:3b:3c:af:ed:f1:87:54:98:cf:12:0d:19: 8a:a0:2d:45:74:76:9e:f4:89:fe:39:69:75:c3:b1:d8: 5c:e0:c7:c6:16:65:99:ae:d4:8f:84:92:fa:b8:db:2c Fingerprint (SHA-256): 15:45:F2:73:5B:07:56:EB:05:F4:5F:1C:9A:6D:23:97:93:D1:71:04:AC:82:42:4E:AC:E3:23:69:E2:2C:79:AE Fingerprint (SHA1): 7C:FB:C8:B9:72:3E:55:76:FB:FB:09:D3:59:03:03:36:2B:5D:C8:06 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3637: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021935 (0x1eefa56f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:38 2015 Not After : Tue May 19 06:26:38 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b9:75:07:c6:72:b3:f8:a6:ed:d8:fe:1c:7b:b0:02: f9:4f:d9:64:e5:a9:14:79:19:f0:35:26:e9:c3:77:a9: 03:2e:88:7e:d4:5a:e4:c0:e2:c1:39:d4:15:4b:e8:8f: a4:e4:c3:78:4f:4b:a4:82:98:0f:0f:23:ce:e1:6a:bd: 11:d2:8d:f1:26:49:3c:be:cc:46:d3:8c:64:11:82:57: ba:fd:a5:7c:ac:0d:2d:05:bd:8b:27:89:03:5d:bf:67: 89:3a:ab:46:7b:bd:32:dd:80:97:c2:c3:b5:25:17:63: 64:96:78:c3:d4:a3:c1:7e:d7:0c:c5:fd:c7:54:d6:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:e8:b5:0e:ea:db:b9:9b:2e:9a:62:fb:db:6b:62:08: 61:c2:e3:33:82:2f:46:36:06:fb:37:4d:90:08:70:7c: 71:2f:0f:a4:12:5d:c9:86:ce:86:3e:6a:34:9d:48:ef: 20:a4:fc:af:4c:57:cd:06:ea:69:b5:a3:4b:94:81:df: 4e:49:a3:01:18:d9:95:ab:01:2d:cb:ed:5a:09:06:fb: e7:1a:ba:e9:3b:3c:af:ed:f1:87:54:98:cf:12:0d:19: 8a:a0:2d:45:74:76:9e:f4:89:fe:39:69:75:c3:b1:d8: 5c:e0:c7:c6:16:65:99:ae:d4:8f:84:92:fa:b8:db:2c Fingerprint (SHA-256): 15:45:F2:73:5B:07:56:EB:05:F4:5F:1C:9A:6D:23:97:93:D1:71:04:AC:82:42:4E:AC:E3:23:69:E2:2C:79:AE Fingerprint (SHA1): 7C:FB:C8:B9:72:3E:55:76:FB:FB:09:D3:59:03:03:36:2B:5D:C8:06 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3638: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #3639: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021934 (0x1eefa56e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:26:35 2015 Not After : Tue May 19 06:26:35 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:86:89:8e:77:7a:a1:15:e5:1e:5c:a3:d4:a1:7b:e4: d5:5a:76:ba:9d:bf:08:8d:6f:fe:2e:67:98:e2:95:9e: e2:1c:46:9d:75:79:11:a4:7a:6e:91:7b:2d:b2:d9:ea: 79:d5:a4:6b:2f:e1:ea:98:01:b5:10:ac:89:50:de:75: f9:59:55:cc:bf:c1:5d:3f:4c:1c:d4:60:0c:d8:91:46: f1:a2:84:d0:79:63:15:5e:e7:97:12:bc:19:fc:19:d2: 79:37:11:16:d9:6d:c5:ff:83:61:b1:cb:55:39:f5:56: 3b:a4:f1:b2:8d:f5:75:78:77:03:32:cc:07:78:db:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 98:5d:03:7e:21:62:7d:fe:13:92:70:7e:60:f9:82:a2: de:66:66:d7:a9:88:83:27:03:56:b2:02:0e:d0:70:4d: 82:0d:54:14:f2:d6:a9:83:bb:87:84:01:1a:68:0e:cb: 64:34:c9:44:32:44:7e:23:d9:ae:b0:b2:67:3a:e0:48: d8:b0:28:df:dc:ea:6a:c0:79:19:39:dd:cc:38:79:81: 98:c1:7a:59:48:80:3d:51:6d:b2:39:06:fc:3c:0f:38: ba:42:38:04:1a:fc:9d:d7:2a:57:12:70:6d:d1:51:cb: 21:64:7f:61:a6:09:14:76:c9:fc:cc:9d:91:fb:d8:2b Fingerprint (SHA-256): CA:82:CB:3B:A1:FD:50:88:89:84:51:0A:BA:00:FD:B7:2C:77:F5:AD:51:62:D7:1B:DB:2B:DB:C3:39:36:E7:85 Fingerprint (SHA1): 2C:24:DD:6E:2E:27:5E:58:1E:47:A2:9D:22:A3:50:48:5B:3E:3F:8A Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3640: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021935 (0x1eefa56f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:38 2015 Not After : Tue May 19 06:26:38 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b9:75:07:c6:72:b3:f8:a6:ed:d8:fe:1c:7b:b0:02: f9:4f:d9:64:e5:a9:14:79:19:f0:35:26:e9:c3:77:a9: 03:2e:88:7e:d4:5a:e4:c0:e2:c1:39:d4:15:4b:e8:8f: a4:e4:c3:78:4f:4b:a4:82:98:0f:0f:23:ce:e1:6a:bd: 11:d2:8d:f1:26:49:3c:be:cc:46:d3:8c:64:11:82:57: ba:fd:a5:7c:ac:0d:2d:05:bd:8b:27:89:03:5d:bf:67: 89:3a:ab:46:7b:bd:32:dd:80:97:c2:c3:b5:25:17:63: 64:96:78:c3:d4:a3:c1:7e:d7:0c:c5:fd:c7:54:d6:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:e8:b5:0e:ea:db:b9:9b:2e:9a:62:fb:db:6b:62:08: 61:c2:e3:33:82:2f:46:36:06:fb:37:4d:90:08:70:7c: 71:2f:0f:a4:12:5d:c9:86:ce:86:3e:6a:34:9d:48:ef: 20:a4:fc:af:4c:57:cd:06:ea:69:b5:a3:4b:94:81:df: 4e:49:a3:01:18:d9:95:ab:01:2d:cb:ed:5a:09:06:fb: e7:1a:ba:e9:3b:3c:af:ed:f1:87:54:98:cf:12:0d:19: 8a:a0:2d:45:74:76:9e:f4:89:fe:39:69:75:c3:b1:d8: 5c:e0:c7:c6:16:65:99:ae:d4:8f:84:92:fa:b8:db:2c Fingerprint (SHA-256): 15:45:F2:73:5B:07:56:EB:05:F4:5F:1C:9A:6D:23:97:93:D1:71:04:AC:82:42:4E:AC:E3:23:69:E2:2C:79:AE Fingerprint (SHA1): 7C:FB:C8:B9:72:3E:55:76:FB:FB:09:D3:59:03:03:36:2B:5D:C8:06 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3641: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021935 (0x1eefa56f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:26:38 2015 Not After : Tue May 19 06:26:38 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:b9:75:07:c6:72:b3:f8:a6:ed:d8:fe:1c:7b:b0:02: f9:4f:d9:64:e5:a9:14:79:19:f0:35:26:e9:c3:77:a9: 03:2e:88:7e:d4:5a:e4:c0:e2:c1:39:d4:15:4b:e8:8f: a4:e4:c3:78:4f:4b:a4:82:98:0f:0f:23:ce:e1:6a:bd: 11:d2:8d:f1:26:49:3c:be:cc:46:d3:8c:64:11:82:57: ba:fd:a5:7c:ac:0d:2d:05:bd:8b:27:89:03:5d:bf:67: 89:3a:ab:46:7b:bd:32:dd:80:97:c2:c3:b5:25:17:63: 64:96:78:c3:d4:a3:c1:7e:d7:0c:c5:fd:c7:54:d6:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 94:e8:b5:0e:ea:db:b9:9b:2e:9a:62:fb:db:6b:62:08: 61:c2:e3:33:82:2f:46:36:06:fb:37:4d:90:08:70:7c: 71:2f:0f:a4:12:5d:c9:86:ce:86:3e:6a:34:9d:48:ef: 20:a4:fc:af:4c:57:cd:06:ea:69:b5:a3:4b:94:81:df: 4e:49:a3:01:18:d9:95:ab:01:2d:cb:ed:5a:09:06:fb: e7:1a:ba:e9:3b:3c:af:ed:f1:87:54:98:cf:12:0d:19: 8a:a0:2d:45:74:76:9e:f4:89:fe:39:69:75:c3:b1:d8: 5c:e0:c7:c6:16:65:99:ae:d4:8f:84:92:fa:b8:db:2c Fingerprint (SHA-256): 15:45:F2:73:5B:07:56:EB:05:F4:5F:1C:9A:6D:23:97:93:D1:71:04:AC:82:42:4E:AC:E3:23:69:E2:2C:79:AE Fingerprint (SHA1): 7C:FB:C8:B9:72:3E:55:76:FB:FB:09:D3:59:03:03:36:2B:5D:C8:06 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3642: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3643: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021942 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3644: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3645: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3646: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021943 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3647: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3648: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #3649: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3650: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519021944 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3651: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3652: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #3653: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3654: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519021945 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3655: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3656: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3657: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3658: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519021946 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3659: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3660: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519021947 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #3661: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3662: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #3663: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3664: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3665: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519021948 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3666: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3667: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3668: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3669: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519021949 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3670: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3671: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3672: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3673: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021950 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3674: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3675: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3676: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3677: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519021951 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #3678: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3679: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3680: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021942 (0x1eefa576) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:27:03 2015 Not After : Tue May 19 06:27:03 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:a4:b6:8a:3d:5b:e6:c3:48:cd:6e:5f:a7:aa:d5:3f: 9a:ba:fb:66:27:2e:d9:5d:04:44:d1:90:74:52:d0:7d: 82:e5:85:5b:a9:2a:85:fa:b2:b2:1b:b5:a7:2c:66:69: 56:57:c5:d7:22:ef:f4:8d:a2:fa:ee:ff:d4:c2:7e:88: 34:db:ea:a9:63:32:b1:75:7b:e7:04:31:10:e9:f9:4e: be:22:be:00:37:c3:e0:fc:b0:f8:4b:3b:dc:ba:d1:a2: 3e:9b:19:1d:77:6b:38:b7:7c:75:b1:c3:75:9f:49:1f: ec:db:2b:94:81:af:6f:bf:26:a8:c9:4e:f6:b8:cf:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 78:9a:7e:cd:3b:df:d7:77:d8:5b:6e:f5:ca:01:72:4c: ae:6d:2d:17:5b:06:e4:35:3f:25:86:9a:85:45:14:19: 1c:e6:c2:e1:f3:38:19:d0:4d:1a:17:b8:6b:17:b9:97: f5:61:f3:f1:0d:e3:47:c5:8a:14:a9:e4:e6:7e:ef:5c: 2e:a2:61:dd:97:63:93:57:5b:62:de:6d:97:d4:40:72: cf:29:db:5a:fb:58:99:4f:18:be:11:90:6f:43:72:16: 0b:b2:bd:ee:42:46:46:6e:c2:ae:08:dc:21:be:88:78: 62:67:46:54:9e:b8:4c:bf:16:76:d3:9b:56:63:e7:9d Fingerprint (SHA-256): 07:20:17:FB:F7:FF:EF:61:0E:A6:0D:07:98:F2:E3:C7:9C:CE:E3:5D:1A:CE:E4:C0:B9:E0:6B:1D:11:74:C8:26 Fingerprint (SHA1): BC:8C:71:7D:AB:A5:CE:11:C5:EC:62:11:8B:2D:61:03:CC:ED:B9:FF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #3681: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3682: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3683: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3684: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3685: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3686: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3687: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3688: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3689: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021943 (0x1eefa577) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:27:06 2015 Not After : Tue May 19 06:27:06 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:1b:11:4a:84:c7:6f:03:2f:32:2e:0c:78:97:e9:74: f7:c0:e3:e1:a8:41:67:15:cf:98:ce:d6:87:93:57:0f: d2:63:1c:60:10:d1:a8:2f:d5:8c:45:cd:28:f0:bc:a9: 57:64:0a:3c:20:af:8d:2b:90:a2:ce:45:a6:88:4c:14: f0:61:25:7d:26:48:4a:03:b5:36:17:1b:49:9a:4c:d7: e9:5a:6a:d2:7e:4b:24:5b:33:68:dd:6f:91:06:f5:f3: df:ba:e0:11:0a:8a:20:8e:b2:41:cf:f0:9f:62:8b:fd: b8:75:7e:bc:c8:88:ec:d9:97:42:19:94:e7:a2:1b:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 68:a5:d3:2b:82:ae:94:13:85:a5:5f:a3:f0:24:0b:c3: 1c:5c:3d:e2:60:f4:5f:80:b9:d6:63:7a:74:62:ef:16: ad:2a:bc:98:0d:57:49:75:d1:bc:f9:fb:22:6c:a9:43: 74:7a:8c:58:2c:92:55:de:95:41:16:18:f5:44:90:f0: d7:7f:39:e9:d2:29:30:bd:fa:84:8c:89:9d:4a:40:09: c4:c0:1a:c1:b7:4f:ce:c2:1a:7a:80:ad:aa:60:c6:66: 16:b7:45:80:e3:17:1a:31:26:f5:57:f1:9f:43:92:f7: eb:95:2a:bf:7e:18:b5:fe:ce:7c:e9:cb:0a:cd:66:cd Fingerprint (SHA-256): F4:B0:6D:34:3E:91:76:0D:D8:AD:4C:7E:1F:0A:F1:C2:56:6B:FC:91:DC:73:99:2E:2F:1E:98:E4:A8:A4:D0:81 Fingerprint (SHA1): 17:75:D4:CC:07:A7:5C:02:3C:95:AB:20:4A:11:26:E2:85:5D:96:6E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #3690: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3691: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3692: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3693: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3694: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #3695: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3696: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #3697: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #3698: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #3699: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #3700: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #3701: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #3702: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #3703: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3704: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #3705: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3706: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #3707: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3708: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021952 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3709: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3710: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3711: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3712: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519021953 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3713: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3714: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3715: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3716: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021954 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3717: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3718: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3719: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3720: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519021955 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3721: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3722: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3723: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3724: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519021956 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3725: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3726: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #3727: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3728: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519021957 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3729: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3730: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #3731: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3732: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519021958 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3733: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3734: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #3735: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3736: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519021959 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3737: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3738: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #3739: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3740: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519021960 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3741: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3742: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3743: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021952 (0x1eefa580) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:27:47 2015 Not After : Tue May 19 06:27:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 93:7c:b6:c7:5d:f3:cb:4c:16:b4:5c:75:a8:8c:d1:cd: e2:c3:b5:0e:9f:d6:25:de:b9:ec:59:23:68:90:25:33: 7e:aa:22:91:f6:70:07:b4:3e:42:c9:1b:a3:43:11:a2: 8f:83:78:a0:ae:af:31:6a:98:ca:71:ea:fa:45:9c:2d: ba:e6:5c:90:25:44:30:97:c0:c8:bb:03:8d:1d:c5:8a: 80:5f:3a:42:ff:a7:18:ea:07:60:7d:53:0b:38:20:2a: 9a:68:cc:32:cd:21:3b:4c:17:e4:1d:c6:41:9e:fb:22: 50:56:b7:b5:f8:9a:57:8c:08:cc:7a:6c:38:51:9c:35 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:25:a6:c2:ea:28:14:34:98:6d:7c:e0: cc:14:32:f5:9e:ea:3c:02:02:15:00:80:cb:cb:04:9f: 7e:c9:37:4b:81:a3:a0:f4:5d:af:b7:35:7c:bd:a3 Fingerprint (SHA-256): 80:E5:E2:59:CD:D7:8A:3B:A1:0A:27:F4:FD:0F:0F:87:19:C3:DE:7B:21:78:91:01:E8:61:9E:25:2F:F0:0A:CC Fingerprint (SHA1): BB:66:A6:8D:C7:A4:71:C3:92:82:07:69:84:0C:08:78:5E:E7:38:F2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3744: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021952 (0x1eefa580) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:27:47 2015 Not After : Tue May 19 06:27:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 93:7c:b6:c7:5d:f3:cb:4c:16:b4:5c:75:a8:8c:d1:cd: e2:c3:b5:0e:9f:d6:25:de:b9:ec:59:23:68:90:25:33: 7e:aa:22:91:f6:70:07:b4:3e:42:c9:1b:a3:43:11:a2: 8f:83:78:a0:ae:af:31:6a:98:ca:71:ea:fa:45:9c:2d: ba:e6:5c:90:25:44:30:97:c0:c8:bb:03:8d:1d:c5:8a: 80:5f:3a:42:ff:a7:18:ea:07:60:7d:53:0b:38:20:2a: 9a:68:cc:32:cd:21:3b:4c:17:e4:1d:c6:41:9e:fb:22: 50:56:b7:b5:f8:9a:57:8c:08:cc:7a:6c:38:51:9c:35 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:25:a6:c2:ea:28:14:34:98:6d:7c:e0: cc:14:32:f5:9e:ea:3c:02:02:15:00:80:cb:cb:04:9f: 7e:c9:37:4b:81:a3:a0:f4:5d:af:b7:35:7c:bd:a3 Fingerprint (SHA-256): 80:E5:E2:59:CD:D7:8A:3B:A1:0A:27:F4:FD:0F:0F:87:19:C3:DE:7B:21:78:91:01:E8:61:9E:25:2F:F0:0A:CC Fingerprint (SHA1): BB:66:A6:8D:C7:A4:71:C3:92:82:07:69:84:0C:08:78:5E:E7:38:F2 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #3745: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021952 (0x1eefa580) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:27:47 2015 Not After : Tue May 19 06:27:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 93:7c:b6:c7:5d:f3:cb:4c:16:b4:5c:75:a8:8c:d1:cd: e2:c3:b5:0e:9f:d6:25:de:b9:ec:59:23:68:90:25:33: 7e:aa:22:91:f6:70:07:b4:3e:42:c9:1b:a3:43:11:a2: 8f:83:78:a0:ae:af:31:6a:98:ca:71:ea:fa:45:9c:2d: ba:e6:5c:90:25:44:30:97:c0:c8:bb:03:8d:1d:c5:8a: 80:5f:3a:42:ff:a7:18:ea:07:60:7d:53:0b:38:20:2a: 9a:68:cc:32:cd:21:3b:4c:17:e4:1d:c6:41:9e:fb:22: 50:56:b7:b5:f8:9a:57:8c:08:cc:7a:6c:38:51:9c:35 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:25:a6:c2:ea:28:14:34:98:6d:7c:e0: cc:14:32:f5:9e:ea:3c:02:02:15:00:80:cb:cb:04:9f: 7e:c9:37:4b:81:a3:a0:f4:5d:af:b7:35:7c:bd:a3 Fingerprint (SHA-256): 80:E5:E2:59:CD:D7:8A:3B:A1:0A:27:F4:FD:0F:0F:87:19:C3:DE:7B:21:78:91:01:E8:61:9E:25:2F:F0:0A:CC Fingerprint (SHA1): BB:66:A6:8D:C7:A4:71:C3:92:82:07:69:84:0C:08:78:5E:E7:38:F2 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #3746: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021952 (0x1eefa580) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:27:47 2015 Not After : Tue May 19 06:27:47 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 93:7c:b6:c7:5d:f3:cb:4c:16:b4:5c:75:a8:8c:d1:cd: e2:c3:b5:0e:9f:d6:25:de:b9:ec:59:23:68:90:25:33: 7e:aa:22:91:f6:70:07:b4:3e:42:c9:1b:a3:43:11:a2: 8f:83:78:a0:ae:af:31:6a:98:ca:71:ea:fa:45:9c:2d: ba:e6:5c:90:25:44:30:97:c0:c8:bb:03:8d:1d:c5:8a: 80:5f:3a:42:ff:a7:18:ea:07:60:7d:53:0b:38:20:2a: 9a:68:cc:32:cd:21:3b:4c:17:e4:1d:c6:41:9e:fb:22: 50:56:b7:b5:f8:9a:57:8c:08:cc:7a:6c:38:51:9c:35 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:01:25:a6:c2:ea:28:14:34:98:6d:7c:e0: cc:14:32:f5:9e:ea:3c:02:02:15:00:80:cb:cb:04:9f: 7e:c9:37:4b:81:a3:a0:f4:5d:af:b7:35:7c:bd:a3 Fingerprint (SHA-256): 80:E5:E2:59:CD:D7:8A:3B:A1:0A:27:F4:FD:0F:0F:87:19:C3:DE:7B:21:78:91:01:E8:61:9E:25:2F:F0:0A:CC Fingerprint (SHA1): BB:66:A6:8D:C7:A4:71:C3:92:82:07:69:84:0C:08:78:5E:E7:38:F2 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #3747: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3748: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3749: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3750: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3751: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3752: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3753: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3754: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3755: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3756: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3757: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3758: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3759: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3760: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3761: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3762: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #3763: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3764: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3765: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3766: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3767: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3768: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3769: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3770: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3771: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3772: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3773: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3774: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519062831Z nextupdate=20160519062831Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:28:31 2015 Next Update: Thu May 19 06:28:31 2016 CRL Extensions: chains.sh: #3775: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519062832Z nextupdate=20160519062832Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:28:32 2015 Next Update: Thu May 19 06:28:32 2016 CRL Extensions: chains.sh: #3776: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519062832Z nextupdate=20160519062832Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:28:32 2015 Next Update: Thu May 19 06:28:32 2016 CRL Extensions: chains.sh: #3777: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519062833Z nextupdate=20160519062833Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:28:33 2015 Next Update: Thu May 19 06:28:33 2016 CRL Extensions: chains.sh: #3778: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519062834Z addcert 14 20150519062834Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:28:34 2015 Next Update: Thu May 19 06:28:32 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 06:28:34 2015 CRL Extensions: chains.sh: #3779: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519062835Z addcert 15 20150519062835Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:28:35 2015 Next Update: Thu May 19 06:28:32 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 06:28:35 2015 CRL Extensions: chains.sh: #3780: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3781: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3782: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3783: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #3784: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #3785: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #3786: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #3787: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #3788: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #3789: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:28:13 2015 Not After : Tue May 19 06:28:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:47:8f:5d:08:2b:b0:a0:a3:93:f2:ed:7d:fb:55:d4: 3f:84:ec:d9:4e:f9:e7:49:98:b9:e8:2d:de:9c:b6:39: 64:2e:ac:f6:54:65:1f:e3:40:70:f9:72:4e:4c:f5:31: b5:b3:e3:b7:b2:22:b1:4a:d0:11:35:5b:25:ea:65:e6: 4b:6d:86:e0:91:72:c4:f0:a8:66:02:66:f8:bd:83:16: 20:13:e9:ae:89:c4:a5:2e:01:9e:3f:7b:11:ad:fe:dd: fd:07:12:a2:41:0b:6b:38:06:d9:6e:13:97:9e:b1:68: 2d:d9:5d:e6:e1:e0:66:c9:66:7f:f3:53:0e:e0:a9:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:69:42:9b:55:fa:58:eb:92:75:32:fa:f1:59:8a:d6: 96:e4:d5:5f:74:a9:c6:4c:bf:b4:16:96:22:72:6b:e3: b1:b5:53:3d:6b:d3:6e:5b:85:89:8d:40:de:7c:94:ea: 28:c7:26:f2:e3:21:f3:80:81:f2:2b:69:fb:9c:03:a7: 20:bf:4d:42:52:33:5b:b5:cd:e2:c3:d1:9b:96:b7:09: 88:9d:67:f3:65:04:ea:d5:07:06:f1:db:5b:9c:2f:b8: 11:31:46:a9:26:31:3b:4b:06:1f:ab:f2:e0:f1:15:e1: d1:d4:9f:e9:57:19:14:a0:f9:88:ca:08:ab:ff:47:60 Fingerprint (SHA-256): 32:60:2A:34:C5:54:56:4A:68:2D:18:FC:0B:32:2B:B5:41:1C:66:B5:33:8F:24:F2:30:DD:6F:01:42:5B:7E:28 Fingerprint (SHA1): BF:41:A6:75:89:29:24:2D:6F:58:82:2A:F0:89:BA:1F:D5:EF:1F:30 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3790: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3791: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:28:13 2015 Not After : Tue May 19 06:28:13 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:47:8f:5d:08:2b:b0:a0:a3:93:f2:ed:7d:fb:55:d4: 3f:84:ec:d9:4e:f9:e7:49:98:b9:e8:2d:de:9c:b6:39: 64:2e:ac:f6:54:65:1f:e3:40:70:f9:72:4e:4c:f5:31: b5:b3:e3:b7:b2:22:b1:4a:d0:11:35:5b:25:ea:65:e6: 4b:6d:86:e0:91:72:c4:f0:a8:66:02:66:f8:bd:83:16: 20:13:e9:ae:89:c4:a5:2e:01:9e:3f:7b:11:ad:fe:dd: fd:07:12:a2:41:0b:6b:38:06:d9:6e:13:97:9e:b1:68: 2d:d9:5d:e6:e1:e0:66:c9:66:7f:f3:53:0e:e0:a9:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 75:69:42:9b:55:fa:58:eb:92:75:32:fa:f1:59:8a:d6: 96:e4:d5:5f:74:a9:c6:4c:bf:b4:16:96:22:72:6b:e3: b1:b5:53:3d:6b:d3:6e:5b:85:89:8d:40:de:7c:94:ea: 28:c7:26:f2:e3:21:f3:80:81:f2:2b:69:fb:9c:03:a7: 20:bf:4d:42:52:33:5b:b5:cd:e2:c3:d1:9b:96:b7:09: 88:9d:67:f3:65:04:ea:d5:07:06:f1:db:5b:9c:2f:b8: 11:31:46:a9:26:31:3b:4b:06:1f:ab:f2:e0:f1:15:e1: d1:d4:9f:e9:57:19:14:a0:f9:88:ca:08:ab:ff:47:60 Fingerprint (SHA-256): 32:60:2A:34:C5:54:56:4A:68:2D:18:FC:0B:32:2B:B5:41:1C:66:B5:33:8F:24:F2:30:DD:6F:01:42:5B:7E:28 Fingerprint (SHA1): BF:41:A6:75:89:29:24:2D:6F:58:82:2A:F0:89:BA:1F:D5:EF:1F:30 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3792: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3793: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #3794: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021961 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3795: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #3796: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #3797: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3798: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519021962 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3799: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3800: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3801: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021852.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3802: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021837.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3803: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3804: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #3805: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021852.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3806: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519021963 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3807: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3808: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3809: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021852.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3810: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021838.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3811: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3812: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #3813: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3814: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519021964 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3815: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3816: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3817: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021852.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3818: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021839.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3819: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3820: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3821: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021852.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #3822: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021840.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #3823: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3824: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519062909Z nextupdate=20160519062909Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:29:09 2015 Next Update: Thu May 19 06:29:09 2016 CRL Extensions: chains.sh: #3825: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519062909Z nextupdate=20160519062909Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:29:09 2015 Next Update: Thu May 19 06:29:09 2016 CRL Extensions: chains.sh: #3826: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519062910Z nextupdate=20160519062910Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:29:10 2015 Next Update: Thu May 19 06:29:10 2016 CRL Extensions: chains.sh: #3827: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519062910Z nextupdate=20160519062910Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:29:10 2015 Next Update: Thu May 19 06:29:10 2016 CRL Extensions: chains.sh: #3828: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519062911Z addcert 20 20150519062911Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:29:11 2015 Next Update: Thu May 19 06:29:09 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:29:11 2015 CRL Extensions: chains.sh: #3829: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519062912Z addcert 40 20150519062912Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:29:12 2015 Next Update: Thu May 19 06:29:09 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:29:11 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 06:29:12 2015 CRL Extensions: chains.sh: #3830: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3831: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3832: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #3833: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021961 (0x1eefa589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:28:45 2015 Not After : Tue May 19 06:28:45 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:58:d3:03:6c:47:ad:ad:d5:d0:91:51:6a:44:a5:20: 24:89:05:db:0a:77:d1:74:f9:69:64:a0:73:a5:14:30: 78:f2:23:4c:f8:77:ec:26:cf:21:73:2f:45:d8:7b:2d: d9:65:bb:c3:52:98:7a:25:06:d2:fb:15:54:81:89:ef: 67:4f:d4:4a:e2:e6:dc:e7:26:36:fa:b1:09:e5:ee:13: f6:f7:bd:4d:03:97:e5:1e:17:e2:4d:17:4f:f1:ff:e8: 47:a5:75:e4:67:95:92:11:0c:7b:2b:ec:e2:66:2a:fd: 5f:e4:f3:58:53:a5:33:52:55:cd:e3:34:26:e1:47:bb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:a7:66:7a:88:97:28:b0:7f:f9:25:4f:71:8d:04:77: 95:3a:02:9e:a6:75:d4:86:40:24:80:15:b2:b4:93:18: 9c:80:9d:82:55:e8:00:15:1b:ee:d3:86:5c:17:22:6d: 28:d1:31:b2:88:cf:fb:31:31:83:ed:f2:fe:09:5c:96: 55:2e:f6:c2:b3:9d:5c:97:d9:84:6e:50:96:95:4c:ee: 8c:c0:e5:c4:d1:3f:0f:03:98:d7:84:56:be:28:d1:3b: 3c:df:f6:db:70:2a:0c:aa:10:61:77:61:01:ce:dc:f7: a5:1a:9f:dd:af:56:44:51:61:53:e8:12:37:11:8e:8c Fingerprint (SHA-256): F6:CE:27:52:9B:93:4D:87:C5:00:AB:96:49:30:2D:3F:E3:A5:29:6D:F7:A4:D0:E2:A7:0E:95:6B:FF:EB:9E:9A Fingerprint (SHA1): EF:DF:8E:D4:CE:6A:DA:3D:4E:A1:D7:BA:53:7A:B1:F3:3C:77:36:0C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3834: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3835: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021961 (0x1eefa589) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:28:45 2015 Not After : Tue May 19 06:28:45 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:58:d3:03:6c:47:ad:ad:d5:d0:91:51:6a:44:a5:20: 24:89:05:db:0a:77:d1:74:f9:69:64:a0:73:a5:14:30: 78:f2:23:4c:f8:77:ec:26:cf:21:73:2f:45:d8:7b:2d: d9:65:bb:c3:52:98:7a:25:06:d2:fb:15:54:81:89:ef: 67:4f:d4:4a:e2:e6:dc:e7:26:36:fa:b1:09:e5:ee:13: f6:f7:bd:4d:03:97:e5:1e:17:e2:4d:17:4f:f1:ff:e8: 47:a5:75:e4:67:95:92:11:0c:7b:2b:ec:e2:66:2a:fd: 5f:e4:f3:58:53:a5:33:52:55:cd:e3:34:26:e1:47:bb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:a7:66:7a:88:97:28:b0:7f:f9:25:4f:71:8d:04:77: 95:3a:02:9e:a6:75:d4:86:40:24:80:15:b2:b4:93:18: 9c:80:9d:82:55:e8:00:15:1b:ee:d3:86:5c:17:22:6d: 28:d1:31:b2:88:cf:fb:31:31:83:ed:f2:fe:09:5c:96: 55:2e:f6:c2:b3:9d:5c:97:d9:84:6e:50:96:95:4c:ee: 8c:c0:e5:c4:d1:3f:0f:03:98:d7:84:56:be:28:d1:3b: 3c:df:f6:db:70:2a:0c:aa:10:61:77:61:01:ce:dc:f7: a5:1a:9f:dd:af:56:44:51:61:53:e8:12:37:11:8e:8c Fingerprint (SHA-256): F6:CE:27:52:9B:93:4D:87:C5:00:AB:96:49:30:2D:3F:E3:A5:29:6D:F7:A4:D0:E2:A7:0E:95:6B:FF:EB:9E:9A Fingerprint (SHA1): EF:DF:8E:D4:CE:6A:DA:3D:4E:A1:D7:BA:53:7A:B1:F3:3C:77:36:0C Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #3836: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #3837: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #3838: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021965 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3839: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #3840: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #3841: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3842: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519021966 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3843: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3844: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #3845: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3846: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519021967 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3847: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3848: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #3849: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3850: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519021968 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3851: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3852: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #3853: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021969 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3854: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #3855: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #3856: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3857: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519021970 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3858: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3859: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #3860: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3861: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519021971 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3862: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3863: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #3864: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #3865: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #3866: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021965 (0x1eefa58d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:29:18 2015 Not After : Tue May 19 06:29:18 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:f3:45:1e:37:56:3b:9f:b4:52:a8:d6:b2:a5:26: b1:68:8e:07:17:fc:41:16:6e:10:01:df:28:ad:37:9b: 4c:ea:47:85:95:13:7d:28:7b:b0:9a:ae:e2:62:8f:5b: da:7e:b5:2d:ce:c5:92:a7:d0:b3:3d:d9:26:06:23:54: 77:9a:c7:14:b2:e8:05:22:35:01:f4:2c:db:ee:aa:da: b5:1e:03:8a:88:8a:28:b1:27:6e:a9:ce:34:c3:91:97: 54:d0:47:f8:aa:95:14:7b:5c:03:83:71:03:27:dc:a0: fc:13:f2:5b:74:72:65:b7:26:4f:ab:a4:3b:12:a0:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:95:3c:3d:5f:0d:a5:de:f0:ee:d7:95:ed:d6:c5:ea: c1:b0:72:3f:a9:e2:8a:b5:05:77:7e:fe:0d:06:a8:fb: 53:9f:b8:29:bc:f0:65:c8:83:94:31:9b:ea:10:bb:f4: 46:cb:28:7f:63:8a:05:e2:b0:e6:69:af:98:3a:ec:e2: 8a:1a:fd:30:f5:c8:40:d9:45:20:72:1d:11:51:75:27: 59:2d:5e:4e:66:d0:aa:62:f5:a3:f4:1f:0c:5c:64:91: 31:da:f5:6f:75:54:90:3c:58:47:38:8e:fd:a3:c4:b2: c9:c9:04:8e:8e:48:e3:53:02:90:d1:e3:07:5d:4e:8e Fingerprint (SHA-256): 20:DE:A6:1D:5D:EE:89:60:3C:5D:FA:FE:8A:79:F0:A0:CB:6D:EA:3B:EA:5D:5C:F1:76:D2:3E:21:35:D4:7B:06 Fingerprint (SHA1): 89:ED:33:2C:D5:D3:22:3A:C3:2A:3F:FA:86:07:D1:ED:C0:C6:EA:E5 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3867: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021967 (0x1eefa58f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:29:24 2015 Not After : Tue May 19 06:29:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:bf:b9:0f:ad:05:03:cb:5b:74:75:b5:aa:73:39:95: b3:f5:91:45:b5:e7:8f:2e:89:6a:d3:6a:35:00:a4:7f: 98:2c:74:ad:a1:e8:0e:c4:5e:b2:f8:d1:3c:ea:67:b7: 96:80:ea:5c:3d:07:a8:9b:d2:a1:9f:b3:c3:ad:b4:96: 8b:5a:03:89:2e:25:f9:92:f6:ef:9c:17:13:c2:77:89: a9:72:72:f7:89:f6:f9:56:2e:24:fa:15:42:68:54:92: ae:5f:5c:2d:9c:42:18:80:8f:56:7c:de:8b:0c:6a:50: 12:a3:ea:0b:a4:7b:35:40:4b:8e:91:81:e3:8a:ca:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7b:62:e0:6b:9c:3c:56:86:d5:70:d3:3b:85:f2:fa:7b: a3:99:ab:56:5b:8e:03:0d:25:81:78:91:2e:12:18:74: ba:0c:40:b6:07:83:07:98:51:d4:20:3f:bd:32:86:93: 7d:37:4d:5d:57:70:fb:9e:0c:b4:df:34:ab:1b:33:35: 43:89:be:7d:a4:3a:d1:8e:d2:91:49:21:5a:49:c1:26: 18:dd:bd:38:92:be:80:30:9a:a1:04:8d:39:38:ac:0b: 51:52:b1:e7:2a:43:f5:61:42:49:dc:a1:46:04:53:2c: 0a:d1:f3:68:01:7a:8c:47:e6:5c:e9:f6:52:86:34:10 Fingerprint (SHA-256): B5:78:28:B7:E8:38:F7:19:69:BB:2F:07:74:ED:EA:B3:3F:A4:9B:E9:17:26:95:58:FE:23:5A:03:34:9E:33:3C Fingerprint (SHA1): BB:1C:C7:4F:B1:A0:57:ED:AB:B3:CE:DD:24:9E:4D:5C:22:CA:72:99 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3868: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021965 (0x1eefa58d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:29:18 2015 Not After : Tue May 19 06:29:18 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:f3:45:1e:37:56:3b:9f:b4:52:a8:d6:b2:a5:26: b1:68:8e:07:17:fc:41:16:6e:10:01:df:28:ad:37:9b: 4c:ea:47:85:95:13:7d:28:7b:b0:9a:ae:e2:62:8f:5b: da:7e:b5:2d:ce:c5:92:a7:d0:b3:3d:d9:26:06:23:54: 77:9a:c7:14:b2:e8:05:22:35:01:f4:2c:db:ee:aa:da: b5:1e:03:8a:88:8a:28:b1:27:6e:a9:ce:34:c3:91:97: 54:d0:47:f8:aa:95:14:7b:5c:03:83:71:03:27:dc:a0: fc:13:f2:5b:74:72:65:b7:26:4f:ab:a4:3b:12:a0:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:95:3c:3d:5f:0d:a5:de:f0:ee:d7:95:ed:d6:c5:ea: c1:b0:72:3f:a9:e2:8a:b5:05:77:7e:fe:0d:06:a8:fb: 53:9f:b8:29:bc:f0:65:c8:83:94:31:9b:ea:10:bb:f4: 46:cb:28:7f:63:8a:05:e2:b0:e6:69:af:98:3a:ec:e2: 8a:1a:fd:30:f5:c8:40:d9:45:20:72:1d:11:51:75:27: 59:2d:5e:4e:66:d0:aa:62:f5:a3:f4:1f:0c:5c:64:91: 31:da:f5:6f:75:54:90:3c:58:47:38:8e:fd:a3:c4:b2: c9:c9:04:8e:8e:48:e3:53:02:90:d1:e3:07:5d:4e:8e Fingerprint (SHA-256): 20:DE:A6:1D:5D:EE:89:60:3C:5D:FA:FE:8A:79:F0:A0:CB:6D:EA:3B:EA:5D:5C:F1:76:D2:3E:21:35:D4:7B:06 Fingerprint (SHA1): 89:ED:33:2C:D5:D3:22:3A:C3:2A:3F:FA:86:07:D1:ED:C0:C6:EA:E5 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3869: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #3870: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021965 (0x1eefa58d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:29:18 2015 Not After : Tue May 19 06:29:18 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:f3:45:1e:37:56:3b:9f:b4:52:a8:d6:b2:a5:26: b1:68:8e:07:17:fc:41:16:6e:10:01:df:28:ad:37:9b: 4c:ea:47:85:95:13:7d:28:7b:b0:9a:ae:e2:62:8f:5b: da:7e:b5:2d:ce:c5:92:a7:d0:b3:3d:d9:26:06:23:54: 77:9a:c7:14:b2:e8:05:22:35:01:f4:2c:db:ee:aa:da: b5:1e:03:8a:88:8a:28:b1:27:6e:a9:ce:34:c3:91:97: 54:d0:47:f8:aa:95:14:7b:5c:03:83:71:03:27:dc:a0: fc:13:f2:5b:74:72:65:b7:26:4f:ab:a4:3b:12:a0:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:95:3c:3d:5f:0d:a5:de:f0:ee:d7:95:ed:d6:c5:ea: c1:b0:72:3f:a9:e2:8a:b5:05:77:7e:fe:0d:06:a8:fb: 53:9f:b8:29:bc:f0:65:c8:83:94:31:9b:ea:10:bb:f4: 46:cb:28:7f:63:8a:05:e2:b0:e6:69:af:98:3a:ec:e2: 8a:1a:fd:30:f5:c8:40:d9:45:20:72:1d:11:51:75:27: 59:2d:5e:4e:66:d0:aa:62:f5:a3:f4:1f:0c:5c:64:91: 31:da:f5:6f:75:54:90:3c:58:47:38:8e:fd:a3:c4:b2: c9:c9:04:8e:8e:48:e3:53:02:90:d1:e3:07:5d:4e:8e Fingerprint (SHA-256): 20:DE:A6:1D:5D:EE:89:60:3C:5D:FA:FE:8A:79:F0:A0:CB:6D:EA:3B:EA:5D:5C:F1:76:D2:3E:21:35:D4:7B:06 Fingerprint (SHA1): 89:ED:33:2C:D5:D3:22:3A:C3:2A:3F:FA:86:07:D1:ED:C0:C6:EA:E5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3871: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021967 (0x1eefa58f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:29:24 2015 Not After : Tue May 19 06:29:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:bf:b9:0f:ad:05:03:cb:5b:74:75:b5:aa:73:39:95: b3:f5:91:45:b5:e7:8f:2e:89:6a:d3:6a:35:00:a4:7f: 98:2c:74:ad:a1:e8:0e:c4:5e:b2:f8:d1:3c:ea:67:b7: 96:80:ea:5c:3d:07:a8:9b:d2:a1:9f:b3:c3:ad:b4:96: 8b:5a:03:89:2e:25:f9:92:f6:ef:9c:17:13:c2:77:89: a9:72:72:f7:89:f6:f9:56:2e:24:fa:15:42:68:54:92: ae:5f:5c:2d:9c:42:18:80:8f:56:7c:de:8b:0c:6a:50: 12:a3:ea:0b:a4:7b:35:40:4b:8e:91:81:e3:8a:ca:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7b:62:e0:6b:9c:3c:56:86:d5:70:d3:3b:85:f2:fa:7b: a3:99:ab:56:5b:8e:03:0d:25:81:78:91:2e:12:18:74: ba:0c:40:b6:07:83:07:98:51:d4:20:3f:bd:32:86:93: 7d:37:4d:5d:57:70:fb:9e:0c:b4:df:34:ab:1b:33:35: 43:89:be:7d:a4:3a:d1:8e:d2:91:49:21:5a:49:c1:26: 18:dd:bd:38:92:be:80:30:9a:a1:04:8d:39:38:ac:0b: 51:52:b1:e7:2a:43:f5:61:42:49:dc:a1:46:04:53:2c: 0a:d1:f3:68:01:7a:8c:47:e6:5c:e9:f6:52:86:34:10 Fingerprint (SHA-256): B5:78:28:B7:E8:38:F7:19:69:BB:2F:07:74:ED:EA:B3:3F:A4:9B:E9:17:26:95:58:FE:23:5A:03:34:9E:33:3C Fingerprint (SHA1): BB:1C:C7:4F:B1:A0:57:ED:AB:B3:CE:DD:24:9E:4D:5C:22:CA:72:99 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #3872: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #3873: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #3874: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #3875: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021965 (0x1eefa58d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:29:18 2015 Not After : Tue May 19 06:29:18 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:f3:45:1e:37:56:3b:9f:b4:52:a8:d6:b2:a5:26: b1:68:8e:07:17:fc:41:16:6e:10:01:df:28:ad:37:9b: 4c:ea:47:85:95:13:7d:28:7b:b0:9a:ae:e2:62:8f:5b: da:7e:b5:2d:ce:c5:92:a7:d0:b3:3d:d9:26:06:23:54: 77:9a:c7:14:b2:e8:05:22:35:01:f4:2c:db:ee:aa:da: b5:1e:03:8a:88:8a:28:b1:27:6e:a9:ce:34:c3:91:97: 54:d0:47:f8:aa:95:14:7b:5c:03:83:71:03:27:dc:a0: fc:13:f2:5b:74:72:65:b7:26:4f:ab:a4:3b:12:a0:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:95:3c:3d:5f:0d:a5:de:f0:ee:d7:95:ed:d6:c5:ea: c1:b0:72:3f:a9:e2:8a:b5:05:77:7e:fe:0d:06:a8:fb: 53:9f:b8:29:bc:f0:65:c8:83:94:31:9b:ea:10:bb:f4: 46:cb:28:7f:63:8a:05:e2:b0:e6:69:af:98:3a:ec:e2: 8a:1a:fd:30:f5:c8:40:d9:45:20:72:1d:11:51:75:27: 59:2d:5e:4e:66:d0:aa:62:f5:a3:f4:1f:0c:5c:64:91: 31:da:f5:6f:75:54:90:3c:58:47:38:8e:fd:a3:c4:b2: c9:c9:04:8e:8e:48:e3:53:02:90:d1:e3:07:5d:4e:8e Fingerprint (SHA-256): 20:DE:A6:1D:5D:EE:89:60:3C:5D:FA:FE:8A:79:F0:A0:CB:6D:EA:3B:EA:5D:5C:F1:76:D2:3E:21:35:D4:7B:06 Fingerprint (SHA1): 89:ED:33:2C:D5:D3:22:3A:C3:2A:3F:FA:86:07:D1:ED:C0:C6:EA:E5 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3876: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021969 (0x1eefa591) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:29:29 2015 Not After : Tue May 19 06:29:29 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:af:10:25:78:da:0a:c7:70:2a:1f:87:b9:f6:32:47: ff:8b:dd:c2:47:e9:d5:3a:3d:29:87:0d:54:09:21:35: 31:59:cc:d2:f8:5d:a5:88:22:89:29:1f:0f:02:45:53: 97:26:c0:95:82:13:49:30:9c:e3:50:b2:45:cf:73:fc: 72:e8:50:ac:0a:58:8a:0c:00:89:7b:a4:fc:73:2c:dd: a3:af:eb:27:b2:ad:2f:ce:32:83:87:f9:6d:fe:19:89: f2:21:ce:4f:11:89:26:e5:8f:6b:72:a2:9f:ba:93:33: f8:41:9c:0c:d3:ec:96:7b:f6:6c:34:3b:bc:0b:16:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e0:ca:09:10:ee:42:3c:ec:a5:42:50:84:92:54:7b:2a: d0:2a:e1:7a:11:d6:69:94:c9:85:00:65:c5:f6:48:c5: 2c:80:d5:7b:35:73:1f:54:9d:d2:bb:c0:51:c8:3d:c4: 60:6f:b7:87:86:3b:1a:a5:17:ca:34:cb:58:c4:ae:a5: 51:b6:55:83:09:0f:13:25:31:95:09:25:dd:31:11:c6: 52:1a:7f:eb:de:ff:9a:2c:a6:a4:d5:85:69:b9:89:77: 09:a4:9e:3b:9c:88:36:ee:2a:1a:47:85:77:26:c7:2f: e2:95:da:2e:27:8e:70:1b:41:7b:d0:18:00:aa:74:1f Fingerprint (SHA-256): A4:CC:98:65:E8:4D:2B:7B:A6:FA:D1:64:D1:93:08:CF:27:B0:C7:36:9C:5B:4B:2B:33:95:FD:86:D3:7F:E8:DB Fingerprint (SHA1): 75:EF:36:35:3E:E7:25:2E:3A:44:A2:1E:40:BA:D2:95:B2:8E:87:A7 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #3877: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021965 (0x1eefa58d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:29:18 2015 Not After : Tue May 19 06:29:18 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:f3:45:1e:37:56:3b:9f:b4:52:a8:d6:b2:a5:26: b1:68:8e:07:17:fc:41:16:6e:10:01:df:28:ad:37:9b: 4c:ea:47:85:95:13:7d:28:7b:b0:9a:ae:e2:62:8f:5b: da:7e:b5:2d:ce:c5:92:a7:d0:b3:3d:d9:26:06:23:54: 77:9a:c7:14:b2:e8:05:22:35:01:f4:2c:db:ee:aa:da: b5:1e:03:8a:88:8a:28:b1:27:6e:a9:ce:34:c3:91:97: 54:d0:47:f8:aa:95:14:7b:5c:03:83:71:03:27:dc:a0: fc:13:f2:5b:74:72:65:b7:26:4f:ab:a4:3b:12:a0:ed Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:95:3c:3d:5f:0d:a5:de:f0:ee:d7:95:ed:d6:c5:ea: c1:b0:72:3f:a9:e2:8a:b5:05:77:7e:fe:0d:06:a8:fb: 53:9f:b8:29:bc:f0:65:c8:83:94:31:9b:ea:10:bb:f4: 46:cb:28:7f:63:8a:05:e2:b0:e6:69:af:98:3a:ec:e2: 8a:1a:fd:30:f5:c8:40:d9:45:20:72:1d:11:51:75:27: 59:2d:5e:4e:66:d0:aa:62:f5:a3:f4:1f:0c:5c:64:91: 31:da:f5:6f:75:54:90:3c:58:47:38:8e:fd:a3:c4:b2: c9:c9:04:8e:8e:48:e3:53:02:90:d1:e3:07:5d:4e:8e Fingerprint (SHA-256): 20:DE:A6:1D:5D:EE:89:60:3C:5D:FA:FE:8A:79:F0:A0:CB:6D:EA:3B:EA:5D:5C:F1:76:D2:3E:21:35:D4:7B:06 Fingerprint (SHA1): 89:ED:33:2C:D5:D3:22:3A:C3:2A:3F:FA:86:07:D1:ED:C0:C6:EA:E5 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #3878: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #3879: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #3880: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #3881: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #3882: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #3883: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021970 (0x1eefa592) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:29:32 2015 Not After : Tue May 19 06:29:32 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:45:27:4d:66:cf:e1:fc:af:86:83:25:32:67:0a:27: 38:5b:b7:1a:34:b4:ae:94:a8:cc:02:a5:41:a6:25:d9: a5:f5:f2:af:ce:40:80:28:ad:5e:8b:6d:e1:90:bd:8b: db:d6:4e:40:81:d2:c4:b9:ae:49:f9:c1:20:ec:89:43: 4f:0a:c8:bf:c6:a3:80:d1:fd:84:ab:03:8d:e6:9a:b4: a2:e8:06:78:68:85:22:13:3d:94:bd:2e:1b:65:66:63: 8c:a5:3e:7d:8f:81:dc:24:a0:06:30:1a:86:c1:55:23: 6b:fa:84:2f:84:6f:1c:68:59:90:d7:76:4e:9b:cb:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c9:bb:3b:38:6e:63:20:9c:be:e6:2c:10:8f:75:bb:39: 0a:11:e6:35:d1:82:87:29:71:d3:31:70:22:e4:d3:01: 54:1a:0e:15:69:3a:8c:5f:af:c9:d2:e4:ec:47:9d:e0: 45:1d:8b:58:86:49:39:09:95:a2:9c:cc:62:d3:95:c2: 56:42:f7:08:e9:62:3e:4d:02:7d:2a:65:c3:55:57:f5: d6:32:39:33:ac:47:5a:11:15:70:1f:27:96:bb:e1:65: b3:77:f5:af:09:40:e6:bd:4f:f4:78:53:14:4f:6a:5d: c3:6a:6f:e0:6e:0f:52:33:9a:3b:1d:2b:d3:b2:b4:df Fingerprint (SHA-256): E4:26:BF:BD:E7:D6:44:68:1D:FF:0D:C5:14:8E:41:DE:24:66:AB:94:50:6C:FC:C5:D6:5E:0A:39:D7:45:CC:65 Fingerprint (SHA1): C1:69:F3:66:02:69:51:8C:AC:7F:79:F6:6B:0D:38:B8:82:FA:B3:F9 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #3884: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #3885: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #3886: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #3887: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #3888: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3889: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3890: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3891: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3892: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3893: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #3894: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3895: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3896: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3897: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3898: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #3899: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3900: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #3901: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3902: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #3903: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3904: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3905: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #3906: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #3907: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 18288 at Tue May 19 02:30:04 EDT 2015 kill -USR1 18288 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 18288 killed at Tue May 19 02:30:05 EDT 2015 httpserv starting at Tue May 19 02:30:05 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:30:05 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:30:10 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #3908: Waiting for Server - FAILED kill -0 1524 >/dev/null 2>/dev/null httpserv with PID 1524 found at Tue May 19 02:30:11 EDT 2015 httpserv with PID 1524 started at Tue May 19 02:30:11 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #3909: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021972 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3910: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #3911: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #3912: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021973 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3913: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #3914: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #3915: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3916: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519021974 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3917: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3918: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519021975 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3919: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3920: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #3921: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #3922: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #3923: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519021976 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3924: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3925: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #3926: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #3927: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #3928: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021973 (0x1eefa595) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:30:15 2015 Not After : Tue May 19 06:30:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:3c:ac:50:f4:6f:53:4e:fb:33:a0:77:f4:e8:2e:25: b6:b6:f1:52:0f:7c:b3:2f:9b:94:af:00:36:48:c1:cc: 34:0d:ed:e7:31:7a:b1:cf:8d:df:cf:0e:ee:53:f9:05: 8e:5a:3a:af:50:09:4a:d5:4e:eb:a6:7a:8e:b7:1c:f1: 59:79:60:0b:65:42:b5:10:f2:3b:3a:a2:29:1f:72:f9: c5:21:fb:f0:4e:45:84:d1:7f:1c:5d:85:53:af:6d:b1: df:80:2a:a8:1a:90:55:ec:ff:81:36:dd:d3:40:7d:59: 90:86:42:05:1c:d9:01:71:c3:07:1d:44:61:d0:86:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 97:7e:7b:e0:98:d1:2c:86:f4:41:20:2c:59:1b:b3:99: 19:8e:38:cc:dd:57:1f:53:59:c9:31:f7:6b:ae:19:69: 86:89:b8:75:46:bc:32:d3:10:35:62:62:6b:7b:62:c7: 8c:37:ec:7c:10:02:37:44:b8:1a:cf:5a:ba:cf:06:2d: b6:dc:80:7e:8f:9a:a7:dd:c0:29:98:c4:f4:b2:8c:02: cc:7f:c5:95:87:ec:7b:db:5c:d4:db:fa:18:cf:8c:f6: 26:a6:53:de:3a:31:eb:ba:46:22:18:9f:3e:57:a0:70: ec:94:4f:7d:23:95:fe:2b:4a:bc:01:c5:7e:3a:85:28 Fingerprint (SHA-256): 69:C7:AD:70:81:D4:C8:25:AF:A6:38:28:A5:0D:BB:6E:46:80:5B:78:46:83:3B:F9:EE:9B:66:FD:FD:32:8F:FB Fingerprint (SHA1): 8A:12:CF:2F:D0:AB:72:1F:ED:F6:5B:29:02:2B:70:4D:4A:6D:5D:E2 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3929: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021972 (0x1eefa594) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:30:13 2015 Not After : Tue May 19 06:30:13 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:56:6d:1a:d6:a5:16:66:de:74:9d:b2:88:de:dd:44: db:59:47:84:a4:b1:0d:56:cf:c5:e6:03:3d:54:55:21: 75:76:91:87:69:75:74:53:5f:99:fa:13:fd:f7:c5:0b: 3d:1a:b0:df:bf:61:a3:c8:a6:2f:b9:e8:6c:fe:74:1e: 18:0a:01:d2:c6:3b:46:28:9f:60:c2:be:f2:d0:39:4a: 85:1e:e0:e0:46:27:2c:7d:89:18:8a:eb:9f:b6:30:fc: c1:09:e3:f0:df:63:51:bc:86:48:9c:69:d0:df:52:99: 1d:b9:c7:27:b6:74:f1:61:68:6f:3b:cc:63:d0:08:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:d5:2f:54:9e:74:c6:9a:6e:4f:fe:f0:92:d4:4a:e0: cc:df:eb:68:d5:c5:5b:9c:6e:3f:1f:aa:4e:c7:ba:26: 39:38:bd:41:e5:f6:7b:24:bb:93:68:7e:6a:37:53:b8: 02:d7:b0:92:1c:61:ea:1c:ca:4f:c7:5f:c3:b4:16:10: db:78:a4:0d:a4:17:45:9c:94:b8:c1:28:b1:15:41:23: 7a:0e:4c:ae:f0:be:9a:30:a7:51:47:6a:8a:e0:f0:2a: 1a:a1:9a:7b:ee:b4:a9:de:80:e4:5e:12:d6:8f:8a:a9: e5:24:f2:84:3e:09:e1:58:3d:eb:34:93:06:71:56:04 Fingerprint (SHA-256): 46:F1:20:22:58:B2:96:8E:FC:A2:B7:22:AC:CC:6D:2C:A5:7F:99:F7:C9:6A:81:42:1E:53:16:06:9F:77:B8:12 Fingerprint (SHA1): 95:9A:22:09:D4:FA:01:95:43:C8:E4:04:D7:01:87:64:8E:10:B5:91 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3930: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3931: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #3932: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #3933: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021972 (0x1eefa594) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:30:13 2015 Not After : Tue May 19 06:30:13 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:56:6d:1a:d6:a5:16:66:de:74:9d:b2:88:de:dd:44: db:59:47:84:a4:b1:0d:56:cf:c5:e6:03:3d:54:55:21: 75:76:91:87:69:75:74:53:5f:99:fa:13:fd:f7:c5:0b: 3d:1a:b0:df:bf:61:a3:c8:a6:2f:b9:e8:6c:fe:74:1e: 18:0a:01:d2:c6:3b:46:28:9f:60:c2:be:f2:d0:39:4a: 85:1e:e0:e0:46:27:2c:7d:89:18:8a:eb:9f:b6:30:fc: c1:09:e3:f0:df:63:51:bc:86:48:9c:69:d0:df:52:99: 1d:b9:c7:27:b6:74:f1:61:68:6f:3b:cc:63:d0:08:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:d5:2f:54:9e:74:c6:9a:6e:4f:fe:f0:92:d4:4a:e0: cc:df:eb:68:d5:c5:5b:9c:6e:3f:1f:aa:4e:c7:ba:26: 39:38:bd:41:e5:f6:7b:24:bb:93:68:7e:6a:37:53:b8: 02:d7:b0:92:1c:61:ea:1c:ca:4f:c7:5f:c3:b4:16:10: db:78:a4:0d:a4:17:45:9c:94:b8:c1:28:b1:15:41:23: 7a:0e:4c:ae:f0:be:9a:30:a7:51:47:6a:8a:e0:f0:2a: 1a:a1:9a:7b:ee:b4:a9:de:80:e4:5e:12:d6:8f:8a:a9: e5:24:f2:84:3e:09:e1:58:3d:eb:34:93:06:71:56:04 Fingerprint (SHA-256): 46:F1:20:22:58:B2:96:8E:FC:A2:B7:22:AC:CC:6D:2C:A5:7F:99:F7:C9:6A:81:42:1E:53:16:06:9F:77:B8:12 Fingerprint (SHA1): 95:9A:22:09:D4:FA:01:95:43:C8:E4:04:D7:01:87:64:8E:10:B5:91 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3934: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021973 (0x1eefa595) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:30:15 2015 Not After : Tue May 19 06:30:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:3c:ac:50:f4:6f:53:4e:fb:33:a0:77:f4:e8:2e:25: b6:b6:f1:52:0f:7c:b3:2f:9b:94:af:00:36:48:c1:cc: 34:0d:ed:e7:31:7a:b1:cf:8d:df:cf:0e:ee:53:f9:05: 8e:5a:3a:af:50:09:4a:d5:4e:eb:a6:7a:8e:b7:1c:f1: 59:79:60:0b:65:42:b5:10:f2:3b:3a:a2:29:1f:72:f9: c5:21:fb:f0:4e:45:84:d1:7f:1c:5d:85:53:af:6d:b1: df:80:2a:a8:1a:90:55:ec:ff:81:36:dd:d3:40:7d:59: 90:86:42:05:1c:d9:01:71:c3:07:1d:44:61:d0:86:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 97:7e:7b:e0:98:d1:2c:86:f4:41:20:2c:59:1b:b3:99: 19:8e:38:cc:dd:57:1f:53:59:c9:31:f7:6b:ae:19:69: 86:89:b8:75:46:bc:32:d3:10:35:62:62:6b:7b:62:c7: 8c:37:ec:7c:10:02:37:44:b8:1a:cf:5a:ba:cf:06:2d: b6:dc:80:7e:8f:9a:a7:dd:c0:29:98:c4:f4:b2:8c:02: cc:7f:c5:95:87:ec:7b:db:5c:d4:db:fa:18:cf:8c:f6: 26:a6:53:de:3a:31:eb:ba:46:22:18:9f:3e:57:a0:70: ec:94:4f:7d:23:95:fe:2b:4a:bc:01:c5:7e:3a:85:28 Fingerprint (SHA-256): 69:C7:AD:70:81:D4:C8:25:AF:A6:38:28:A5:0D:BB:6E:46:80:5B:78:46:83:3B:F9:EE:9B:66:FD:FD:32:8F:FB Fingerprint (SHA1): 8A:12:CF:2F:D0:AB:72:1F:ED:F6:5B:29:02:2B:70:4D:4A:6D:5D:E2 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3935: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #3936: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #3937: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3938: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3939: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #3940: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021973 (0x1eefa595) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:30:15 2015 Not After : Tue May 19 06:30:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:3c:ac:50:f4:6f:53:4e:fb:33:a0:77:f4:e8:2e:25: b6:b6:f1:52:0f:7c:b3:2f:9b:94:af:00:36:48:c1:cc: 34:0d:ed:e7:31:7a:b1:cf:8d:df:cf:0e:ee:53:f9:05: 8e:5a:3a:af:50:09:4a:d5:4e:eb:a6:7a:8e:b7:1c:f1: 59:79:60:0b:65:42:b5:10:f2:3b:3a:a2:29:1f:72:f9: c5:21:fb:f0:4e:45:84:d1:7f:1c:5d:85:53:af:6d:b1: df:80:2a:a8:1a:90:55:ec:ff:81:36:dd:d3:40:7d:59: 90:86:42:05:1c:d9:01:71:c3:07:1d:44:61:d0:86:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 97:7e:7b:e0:98:d1:2c:86:f4:41:20:2c:59:1b:b3:99: 19:8e:38:cc:dd:57:1f:53:59:c9:31:f7:6b:ae:19:69: 86:89:b8:75:46:bc:32:d3:10:35:62:62:6b:7b:62:c7: 8c:37:ec:7c:10:02:37:44:b8:1a:cf:5a:ba:cf:06:2d: b6:dc:80:7e:8f:9a:a7:dd:c0:29:98:c4:f4:b2:8c:02: cc:7f:c5:95:87:ec:7b:db:5c:d4:db:fa:18:cf:8c:f6: 26:a6:53:de:3a:31:eb:ba:46:22:18:9f:3e:57:a0:70: ec:94:4f:7d:23:95:fe:2b:4a:bc:01:c5:7e:3a:85:28 Fingerprint (SHA-256): 69:C7:AD:70:81:D4:C8:25:AF:A6:38:28:A5:0D:BB:6E:46:80:5B:78:46:83:3B:F9:EE:9B:66:FD:FD:32:8F:FB Fingerprint (SHA1): 8A:12:CF:2F:D0:AB:72:1F:ED:F6:5B:29:02:2B:70:4D:4A:6D:5D:E2 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3941: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021973 (0x1eefa595) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:30:15 2015 Not After : Tue May 19 06:30:15 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f0:3c:ac:50:f4:6f:53:4e:fb:33:a0:77:f4:e8:2e:25: b6:b6:f1:52:0f:7c:b3:2f:9b:94:af:00:36:48:c1:cc: 34:0d:ed:e7:31:7a:b1:cf:8d:df:cf:0e:ee:53:f9:05: 8e:5a:3a:af:50:09:4a:d5:4e:eb:a6:7a:8e:b7:1c:f1: 59:79:60:0b:65:42:b5:10:f2:3b:3a:a2:29:1f:72:f9: c5:21:fb:f0:4e:45:84:d1:7f:1c:5d:85:53:af:6d:b1: df:80:2a:a8:1a:90:55:ec:ff:81:36:dd:d3:40:7d:59: 90:86:42:05:1c:d9:01:71:c3:07:1d:44:61:d0:86:0f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 97:7e:7b:e0:98:d1:2c:86:f4:41:20:2c:59:1b:b3:99: 19:8e:38:cc:dd:57:1f:53:59:c9:31:f7:6b:ae:19:69: 86:89:b8:75:46:bc:32:d3:10:35:62:62:6b:7b:62:c7: 8c:37:ec:7c:10:02:37:44:b8:1a:cf:5a:ba:cf:06:2d: b6:dc:80:7e:8f:9a:a7:dd:c0:29:98:c4:f4:b2:8c:02: cc:7f:c5:95:87:ec:7b:db:5c:d4:db:fa:18:cf:8c:f6: 26:a6:53:de:3a:31:eb:ba:46:22:18:9f:3e:57:a0:70: ec:94:4f:7d:23:95:fe:2b:4a:bc:01:c5:7e:3a:85:28 Fingerprint (SHA-256): 69:C7:AD:70:81:D4:C8:25:AF:A6:38:28:A5:0D:BB:6E:46:80:5B:78:46:83:3B:F9:EE:9B:66:FD:FD:32:8F:FB Fingerprint (SHA1): 8A:12:CF:2F:D0:AB:72:1F:ED:F6:5B:29:02:2B:70:4D:4A:6D:5D:E2 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3942: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #3943: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #3944: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #3945: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3946: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #3947: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021972 (0x1eefa594) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:30:13 2015 Not After : Tue May 19 06:30:13 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:56:6d:1a:d6:a5:16:66:de:74:9d:b2:88:de:dd:44: db:59:47:84:a4:b1:0d:56:cf:c5:e6:03:3d:54:55:21: 75:76:91:87:69:75:74:53:5f:99:fa:13:fd:f7:c5:0b: 3d:1a:b0:df:bf:61:a3:c8:a6:2f:b9:e8:6c:fe:74:1e: 18:0a:01:d2:c6:3b:46:28:9f:60:c2:be:f2:d0:39:4a: 85:1e:e0:e0:46:27:2c:7d:89:18:8a:eb:9f:b6:30:fc: c1:09:e3:f0:df:63:51:bc:86:48:9c:69:d0:df:52:99: 1d:b9:c7:27:b6:74:f1:61:68:6f:3b:cc:63:d0:08:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:d5:2f:54:9e:74:c6:9a:6e:4f:fe:f0:92:d4:4a:e0: cc:df:eb:68:d5:c5:5b:9c:6e:3f:1f:aa:4e:c7:ba:26: 39:38:bd:41:e5:f6:7b:24:bb:93:68:7e:6a:37:53:b8: 02:d7:b0:92:1c:61:ea:1c:ca:4f:c7:5f:c3:b4:16:10: db:78:a4:0d:a4:17:45:9c:94:b8:c1:28:b1:15:41:23: 7a:0e:4c:ae:f0:be:9a:30:a7:51:47:6a:8a:e0:f0:2a: 1a:a1:9a:7b:ee:b4:a9:de:80:e4:5e:12:d6:8f:8a:a9: e5:24:f2:84:3e:09:e1:58:3d:eb:34:93:06:71:56:04 Fingerprint (SHA-256): 46:F1:20:22:58:B2:96:8E:FC:A2:B7:22:AC:CC:6D:2C:A5:7F:99:F7:C9:6A:81:42:1E:53:16:06:9F:77:B8:12 Fingerprint (SHA1): 95:9A:22:09:D4:FA:01:95:43:C8:E4:04:D7:01:87:64:8E:10:B5:91 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3948: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021972 (0x1eefa594) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:30:13 2015 Not After : Tue May 19 06:30:13 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:56:6d:1a:d6:a5:16:66:de:74:9d:b2:88:de:dd:44: db:59:47:84:a4:b1:0d:56:cf:c5:e6:03:3d:54:55:21: 75:76:91:87:69:75:74:53:5f:99:fa:13:fd:f7:c5:0b: 3d:1a:b0:df:bf:61:a3:c8:a6:2f:b9:e8:6c:fe:74:1e: 18:0a:01:d2:c6:3b:46:28:9f:60:c2:be:f2:d0:39:4a: 85:1e:e0:e0:46:27:2c:7d:89:18:8a:eb:9f:b6:30:fc: c1:09:e3:f0:df:63:51:bc:86:48:9c:69:d0:df:52:99: 1d:b9:c7:27:b6:74:f1:61:68:6f:3b:cc:63:d0:08:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 10:d5:2f:54:9e:74:c6:9a:6e:4f:fe:f0:92:d4:4a:e0: cc:df:eb:68:d5:c5:5b:9c:6e:3f:1f:aa:4e:c7:ba:26: 39:38:bd:41:e5:f6:7b:24:bb:93:68:7e:6a:37:53:b8: 02:d7:b0:92:1c:61:ea:1c:ca:4f:c7:5f:c3:b4:16:10: db:78:a4:0d:a4:17:45:9c:94:b8:c1:28:b1:15:41:23: 7a:0e:4c:ae:f0:be:9a:30:a7:51:47:6a:8a:e0:f0:2a: 1a:a1:9a:7b:ee:b4:a9:de:80:e4:5e:12:d6:8f:8a:a9: e5:24:f2:84:3e:09:e1:58:3d:eb:34:93:06:71:56:04 Fingerprint (SHA-256): 46:F1:20:22:58:B2:96:8E:FC:A2:B7:22:AC:CC:6D:2C:A5:7F:99:F7:C9:6A:81:42:1E:53:16:06:9F:77:B8:12 Fingerprint (SHA1): 95:9A:22:09:D4:FA:01:95:43:C8:E4:04:D7:01:87:64:8E:10:B5:91 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #3949: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #3950: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021977 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3951: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #3952: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #3953: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021978 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3954: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #3955: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #3956: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021979 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3957: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #3958: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #3959: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021980 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3960: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #3961: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #3962: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021981 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3963: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #3964: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #3965: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021982 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3966: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #3967: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #3968: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021983 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3969: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #3970: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #3971: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021984 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3972: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #3973: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #3974: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519021985 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #3975: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #3976: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #3977: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3978: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519021986 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3979: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3980: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519021987 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3981: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3982: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519021988 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3983: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3984: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #3985: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #3986: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3987: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519021989 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3988: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3989: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519021990 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3990: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3991: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519021991 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3992: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3993: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #3994: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #3995: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #3996: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519021992 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3997: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #3998: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519021993 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #3999: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4000: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519021994 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4001: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4002: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #4003: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #4004: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4005: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519021995 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4006: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4007: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519021996 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4008: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4009: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519021997 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4010: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4011: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #4012: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4013: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4014: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519021998 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4015: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4016: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4017: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4018: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519021999 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4019: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4020: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021977 (0x1eefa599) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 06:30:40 2015 Not After : Tue May 19 06:30:40 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:75:a7:9c:77:80:4e:af:5b:05:ef:fa:41:3e:1d:fe: 54:e5:8d:3b:83:59:5b:bc:32:f4:0f:8d:fb:d7:48:bc: 8c:b8:40:1f:8a:d6:f9:c3:0f:15:5e:d1:73:5b:66:49: 98:9d:10:39:03:cd:d3:a2:5e:85:37:d0:98:7c:c8:8b: 43:80:2d:fa:36:ca:24:df:09:ec:fb:2f:b8:69:87:8f: 45:63:00:3b:a5:da:50:8c:eb:ab:3b:85:0b:61:ea:d9: 19:1b:a1:5b:75:bd:92:e2:25:d8:6a:eb:7e:1d:b9:21: 44:f8:54:43:fb:7e:4f:ea:d2:ec:ea:65:6b:00:1f:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 25:12:d6:57:ab:9c:26:d7:ba:30:30:b5:6e:50:2c:d0: 3e:3d:3d:b9:28:05:73:32:4f:41:6f:1c:30:1b:fa:2c: 74:51:f7:da:2b:fc:d5:ae:48:9a:0d:42:3c:f6:79:54: 6d:ab:1d:8f:40:bd:27:fe:b2:c7:1b:60:14:22:62:42: c9:b5:f5:05:17:34:09:4f:5b:01:e5:db:28:9a:e9:69: 8e:37:3f:84:7d:c1:36:89:4b:cd:bf:a5:13:8f:4e:aa: a2:3c:75:89:49:e5:e5:48:6a:e9:87:c1:5a:8f:76:ea: c0:17:6f:a1:5e:3b:fa:83:61:5c:00:d3:66:03:77:ed Fingerprint (SHA-256): 38:BF:2B:FC:4C:B2:1E:3E:CC:53:56:EB:42:B2:7E:C0:E6:8F:D9:41:75:4E:45:DA:56:7E:83:CD:47:15:BF:9D Fingerprint (SHA1): DC:9C:D2:FB:4B:09:83:A4:CE:79:48:C7:2D:95:92:B7:AA:35:B0:13 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4021: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021978 (0x1eefa59a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 06:30:42 2015 Not After : Tue May 19 06:30:42 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:6d:1e:d8:3f:54:35:ab:af:d5:96:08:4b:40:8a:e6: 98:f1:bd:28:38:3b:2c:c1:b7:c9:f1:e8:09:84:f5:28: c4:0d:97:82:1d:b7:8b:e9:9b:42:2a:0b:af:98:cf:93: 45:8e:b7:2c:ba:7d:23:ef:2e:79:c1:46:44:b6:cf:ba: 93:fe:09:2f:0f:7e:1d:01:44:61:32:76:a4:f6:e3:6d: 84:b7:ad:05:ad:e2:03:dd:3e:6a:37:5f:a3:60:6e:e1: 80:4c:9d:03:29:49:21:38:47:53:af:7a:6d:53:32:65: 8c:e7:3c:0e:37:5e:5e:01:e7:68:1c:50:0b:79:3d:cf Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:c8:59:72:19:60:d6:e0:5b:77:de:58:5a:f8:5a:41: 69:4f:5d:e8:09:9f:6f:09:af:1c:99:f8:56:0b:56:08: 39:ed:f4:b3:54:06:13:0e:c8:ac:12:d0:3e:28:68:c8: 4a:17:80:b0:69:9f:96:ce:5f:b0:f3:a1:2e:8d:a3:7d: 58:d9:d4:4a:54:86:92:77:8e:71:32:80:c4:22:f3:69: d7:ca:da:02:bb:30:fe:02:93:22:1d:ad:a8:84:be:ea: b5:27:fd:fc:e7:8a:31:6a:f7:32:53:34:dc:c7:24:7d: 3c:46:51:f1:05:ab:bc:5b:a4:4b:26:50:87:6d:e8:08 Fingerprint (SHA-256): FE:17:75:4D:75:E5:FD:5E:24:9F:D0:42:79:44:BF:01:E6:8E:0F:CC:CB:48:F8:6B:9B:B4:CE:C4:A5:61:73:17 Fingerprint (SHA1): 44:F8:8C:6C:CB:39:CE:50:69:F3:E9:6C:44:4B:1D:F5:E4:5E:67:40 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4022: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021979 (0x1eefa59b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 06:30:45 2015 Not After : Tue May 19 06:30:45 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:59:4f:5e:73:16:3c:fb:7b:24:66:e8:5c:b3:db:81: 0b:ad:a7:e7:03:c7:04:93:5e:5c:ca:9f:45:1d:00:df: 99:1c:82:89:cb:63:29:b3:01:60:55:b6:e0:4c:6d:a2: dc:fc:6c:be:56:13:26:2f:19:0f:ac:e8:44:65:52:2e: bf:a4:08:e7:9b:14:b9:ee:18:0e:a9:51:69:a0:25:05: c2:2a:fa:26:48:68:ee:2c:ed:57:cc:2e:8d:90:34:55: ae:15:8f:4b:f8:bb:a6:46:a9:c7:2f:27:6a:f9:28:03: 05:ed:61:e5:f9:51:4f:06:a9:96:0d:91:70:2b:45:31 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 17:23:09:1e:bd:6d:21:e5:62:83:c7:fd:1b:40:2d:2b: 69:3d:95:ea:3c:11:af:0f:fe:0f:e8:d2:ca:46:3b:25: 4c:9e:d2:76:10:86:77:b1:43:28:9b:38:e1:a9:76:24: 8b:d3:21:b7:75:83:70:f9:12:eb:98:eb:20:dc:79:90: 92:f5:04:b9:c3:36:12:4f:1d:48:d8:d4:b1:3a:1d:9a: d4:50:25:ea:0a:80:d7:6e:ae:30:dd:e5:5f:43:29:29: 27:c8:51:d8:da:1d:fd:a2:ba:ea:60:73:46:7a:bf:12: 8d:16:8a:5c:eb:48:24:b4:da:f8:15:2a:03:01:8c:eb Fingerprint (SHA-256): 3B:BD:E0:7A:55:72:72:CD:5A:51:D3:76:AA:C3:80:83:D6:6A:69:41:39:EB:B8:E8:2F:BF:D2:2C:D0:0E:BE:97 Fingerprint (SHA1): FA:E0:B0:E7:15:AE:E1:24:1E:FD:41:66:95:D3:9B:BA:C2:E0:09:6C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #4023: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021980 (0x1eefa59c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 06:30:48 2015 Not After : Tue May 19 06:30:48 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: df:af:ef:36:48:01:31:d7:6c:09:ad:1c:6f:b8:4d:a2: aa:d1:2e:07:1e:24:ec:cc:28:0c:98:61:e8:ee:9f:1d: 67:a8:6f:ee:22:47:e5:fa:41:3c:4d:c2:d8:77:ef:25: 8d:dd:80:b2:e2:3e:1f:2c:6f:9c:3a:a9:74:92:db:3d: 48:ba:29:f6:3c:a3:4e:55:20:70:d8:52:ba:c7:5a:2a: 2f:85:77:8f:01:3b:ac:8e:89:38:89:77:f1:fd:69:c7: 39:76:44:ff:18:b4:ed:e2:c5:22:62:20:54:12:81:89: ad:20:6e:07:3d:e4:a9:6d:ca:63:81:d7:a6:28:22:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:e7:cf:f5:5b:e1:54:3a:48:14:88:ba:99:5c:f4:3a: ae:bb:df:e2:c1:8e:66:f9:5a:cf:ca:90:db:80:a9:a3: 01:86:2a:d6:fc:73:a3:ba:34:66:cc:f4:da:75:72:9e: f4:ee:d9:fe:4a:eb:dd:43:82:40:bc:b8:8f:c1:f1:ad: 2a:0e:25:24:ee:dd:69:05:52:8a:4b:73:67:68:f4:7f: 09:04:b0:66:1b:4f:8c:b2:a3:7d:d3:1a:07:db:8f:30: 71:8f:af:b1:93:6d:3d:c7:c2:cd:d7:92:f2:61:9c:61: 18:b6:c5:12:a7:61:38:ac:e8:28:ff:f7:11:c4:f1:03 Fingerprint (SHA-256): D2:D7:AA:42:E6:C8:82:F2:90:86:1D:39:3F:F8:55:E5:B4:77:83:74:94:88:7B:89:78:E3:8F:97:0E:EC:04:65 Fingerprint (SHA1): 2E:B9:C4:86:BC:02:AC:23:4A:1E:7B:75:28:C0:1B:0D:A4:F7:45:6F Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4024: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021981 (0x1eefa59d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 06:30:50 2015 Not After : Tue May 19 06:30:50 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b8:1f:4a:10:05:9b:07:a0:64:c1:bd:3f:2e:b8:dc:85: 7b:87:d6:e4:1c:63:41:16:42:7d:56:22:2e:fc:79:b4: 10:b5:df:e9:8e:93:fb:ec:5d:1d:fb:77:7f:8c:18:62: e1:c1:c4:20:28:54:76:52:8c:d9:27:5e:33:4d:3b:d8: 52:a1:53:4f:c2:51:a5:ca:63:0c:c9:2b:52:b5:38:05: 63:4a:f1:4d:d3:66:21:f2:20:3a:04:6a:71:aa:ee:f7: 88:45:b0:12:82:5a:6d:1a:a3:56:24:53:10:c4:26:0b: c4:7d:39:0d:aa:a3:b4:ab:b1:03:5e:cd:ec:66:11:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 11:67:71:94:d6:f3:6e:61:b8:7a:5b:ff:a5:99:63:5a: 23:e5:f1:63:cf:75:ad:a2:68:60:59:df:26:fb:0a:aa: 59:4e:fb:d4:8c:14:5f:cd:b7:16:f9:dd:14:83:3b:38: 31:35:7f:03:89:0a:ad:1e:be:56:d3:75:1c:50:d6:0b: d3:16:44:c0:b2:eb:91:3e:a0:c7:9a:85:97:19:87:7f: cb:18:9f:3a:e9:3f:98:bc:c5:c4:2f:46:6c:3e:28:11: dd:5c:ea:c3:77:f3:8f:8b:9d:43:26:b0:dd:60:87:6f: 93:41:84:8f:09:ab:be:b1:4e:41:a0:d9:4a:1f:c7:ca Fingerprint (SHA-256): 13:A2:39:5C:4D:1C:84:06:A8:E7:7A:77:99:93:A9:2F:68:29:D7:FE:3B:2A:73:3C:9C:91:D6:92:BB:62:1F:A2 Fingerprint (SHA1): BA:EA:6E:7C:91:F2:4D:A6:D2:EC:63:7F:60:50:EF:18:C5:70:9F:F3 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4025: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021982 (0x1eefa59e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 06:30:52 2015 Not After : Tue May 19 06:30:52 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:ab:0d:6d:c5:b8:8c:ec:80:4a:0f:66:fa:89:6f:cd: b3:0c:fd:1a:74:21:9c:3c:d7:68:7b:2d:fa:51:ca:c5: 79:3a:dd:08:28:6f:7a:5b:d8:3a:93:2b:d1:95:8f:2d: cc:22:80:54:b7:e8:61:17:dd:0e:9c:0b:eb:3d:8d:af: 9f:81:3f:0f:fc:c7:ef:06:3f:ee:41:4e:14:67:12:27: c2:87:6f:55:dc:18:a4:9c:75:a8:07:02:a5:46:16:99: f8:1a:f4:1f:b1:ee:2e:16:94:e5:e0:9a:dd:91:43:48: 56:b3:6a:f8:ad:5e:68:dd:0f:3a:a0:50:cc:db:ed:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:fe:cd:52:b2:28:b8:07:83:2f:c4:ab:19:bc:69:e6: 44:ac:fa:1f:49:09:92:29:53:69:90:66:3d:af:60:e1: 38:4a:a3:1e:ce:cb:96:c7:a3:4d:b1:38:75:d4:c0:7c: 33:8c:78:41:bd:29:05:f0:03:24:73:42:84:6e:e1:40: d1:e7:81:99:ea:46:83:b5:49:ce:22:82:55:4d:0e:4b: 1b:ad:46:7f:33:2f:72:c4:5e:c1:9f:d4:6b:6f:f1:50: ef:b0:01:b9:66:ad:86:84:3e:a9:fd:ba:71:76:07:6b: b6:49:54:2f:b8:84:87:50:63:fc:d0:51:77:b6:c0:70 Fingerprint (SHA-256): DF:5A:A3:1D:A9:3C:35:00:C9:C9:59:E0:E7:0E:1A:41:E9:4D:01:31:C7:4A:F0:59:1C:F7:3C:85:04:05:E5:49 Fingerprint (SHA1): C3:37:08:66:54:D0:DD:4F:6D:FB:7F:3A:20:12:DE:80:90:FF:9A:22 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #4026: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021983 (0x1eefa59f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 06:30:55 2015 Not After : Tue May 19 06:30:55 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b5:7e:62:34:bf:c4:a5:a5:30:66:7e:7e:98:68:04:47: 5e:e4:1d:68:1d:bf:4a:ea:d0:33:b2:6d:67:cd:dd:42: a1:7d:a3:98:9e:f6:4a:d6:f6:e3:e1:fc:e7:a2:de:2c: 48:e5:7d:c6:6f:66:d4:68:ed:25:37:56:8a:81:62:37: 7e:f6:1a:13:9e:34:16:ce:86:ab:ba:f6:42:a4:32:32: 9a:26:e4:20:8e:e9:0a:14:86:9a:8c:b8:14:95:89:73: c2:ce:5b:21:1a:d5:d0:99:b2:0a:01:d7:be:89:94:d8: 06:f8:9e:ec:8b:8b:15:16:48:e0:11:c5:d7:88:46:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:c0:1f:e0:e1:a0:21:80:34:77:e3:39:a4:39:00:24: f6:f0:23:35:e0:ab:46:23:ee:22:f0:5b:87:15:cf:28: f2:ef:2c:6b:ea:17:f1:81:d4:7e:51:8f:43:59:76:4a: 26:46:63:6c:e2:cc:c7:44:96:69:3e:2d:b5:d5:7d:d7: 2f:39:b3:7b:a0:40:5c:1e:79:16:78:2f:42:02:e4:f4: f8:9e:4b:f7:bd:a0:93:af:6d:c9:97:24:03:cd:04:4c: 92:15:2b:d0:5f:5a:47:99:10:0a:03:67:ed:db:17:1a: 4a:c1:a5:a1:15:f8:5b:25:a2:77:e2:ae:ae:d1:3d:16 Fingerprint (SHA-256): 14:6F:DF:AA:45:48:F3:91:B3:6D:E7:BC:58:61:D2:1D:3F:88:88:F1:50:06:B7:77:6E:30:04:51:C6:F8:F0:93 Fingerprint (SHA1): 35:6D:73:B6:DB:38:BF:97:B0:00:FC:25:65:74:73:98:F0:80:F2:21 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4027: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021984 (0x1eefa5a0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 06:30:57 2015 Not After : Tue May 19 06:30:57 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e8:a3:4a:d6:0e:fa:00:c9:9c:b5:0a:ae:a8:cf:f3:11: 7a:7a:41:b4:e1:cf:de:21:ac:50:ec:76:1e:9c:77:c1: cf:da:b3:ab:89:1c:23:e3:1a:13:b4:1f:1a:4b:f1:e2: 68:f5:96:13:d7:8d:12:7a:93:46:32:52:a2:41:55:d8: bd:86:07:8f:e9:83:ff:f8:59:dd:27:e3:4f:82:12:b1: ba:2d:e1:a5:46:f1:0e:97:ee:b2:47:8f:ab:7c:03:5d: 2c:0c:40:36:3f:6a:97:d5:46:ed:83:72:a7:f2:e9:32: 11:86:a9:01:9b:b4:83:a6:09:df:cc:c5:0d:ca:93:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e0:36:0e:24:72:b7:80:48:9d:06:4f:0e:80:0d:7d:fe: 12:1a:1e:3b:54:86:83:66:13:a9:8a:30:d7:b3:9c:54: 89:00:99:24:bf:e1:ed:db:78:36:3b:1f:1c:62:b9:cb: fc:20:d3:e8:58:cb:9f:76:78:03:41:17:cf:a2:6d:e3: 8b:c3:83:a3:4a:3a:b0:c2:e2:85:e0:58:43:c7:ce:96: 42:89:cb:b6:50:00:34:8b:95:11:e5:da:c7:eb:63:8d: 75:ee:18:b0:94:4b:b8:49:96:1c:83:bb:3a:c5:31:8e: 2d:1e:a2:c5:c7:7e:c3:43:9c:99:26:cf:c7:df:20:3c Fingerprint (SHA-256): CC:AF:8F:13:E6:D5:54:A2:B0:A8:CF:13:BE:BC:67:AB:A0:F0:8E:C2:1F:57:BE:AB:27:1D:DB:95:A0:7C:D9:68 Fingerprint (SHA1): 6C:44:7A:40:73:E1:89:AD:11:99:B8:BE:4D:D9:F8:29:56:E3:AA:52 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4028: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519021985 (0x1eefa5a1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 06:31:00 2015 Not After : Tue May 19 06:31:00 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:d8:f7:71:38:e9:9e:6e:a8:7c:b7:10:7f:6d:e5:90: f7:a2:ad:26:63:af:52:e8:ab:40:ee:04:2f:57:1e:d7: 34:bc:60:5e:f7:28:37:6a:6d:1e:b3:1a:1d:10:4b:72: 28:e4:f4:63:bb:ac:1a:99:39:8c:38:1e:36:a6:15:4e: d8:ce:9a:80:41:72:a7:9b:ea:93:39:4b:3d:27:53:64: 66:21:bb:6d:74:72:21:15:4c:2b:80:d5:15:66:54:5c: 17:50:53:26:5a:c5:05:72:fd:fc:03:f2:ab:10:f7:c6: 73:c3:2e:b8:9a:6d:b5:60:7d:62:45:84:02:96:14:45 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:9d:18:3e:2b:3d:fe:46:c6:36:43:47:58:6b:70:c5: d4:48:f9:f9:63:7b:16:75:0b:ba:20:e5:ad:cd:10:dc: 97:58:36:36:ef:fe:b8:19:7d:c8:76:d9:fd:02:89:4c: 88:fb:dd:11:86:f6:3e:93:ca:96:db:48:77:3d:8b:f7: 7f:55:d5:61:86:4d:5f:1a:a8:be:7a:0d:d9:4d:5e:91: 7e:d0:05:5d:a4:4f:42:36:a1:c2:e3:24:08:a4:8a:6b: e2:db:7a:7e:7f:25:c5:32:72:60:aa:7f:7c:ff:92:d3: 20:5a:6d:55:a4:71:94:4b:70:7d:bc:b0:d6:8a:6a:a4 Fingerprint (SHA-256): F7:D6:AD:DD:0E:54:B0:6D:71:F2:A9:79:BE:EE:81:C0:FB:61:A6:BA:15:96:B9:89:D4:F3:22:E0:69:78:B9:AE Fingerprint (SHA1): ED:8E:D3:02:18:A5:30:DC:34:10:DE:CC:F0:3B:9E:E0:DA:3B:11:BF Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #4029: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4030: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022000 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4031: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4032: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4033: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4034: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022001 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4035: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4036: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4037: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4038: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022002 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4039: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4040: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4041: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4042: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519022003 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4043: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4044: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4045: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022000 (0x1eefa5b0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:31:41 2015 Not After : Tue May 19 06:31:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:0c:91:15:7d:76:fc:cb:51:59:46:3c:58:88:e6:1d: 9d:6e:86:25:fb:36:44:d0:a5:48:64:af:7a:7e:06:81: 78:b6:8a:a3:c6:94:52:4a:02:59:24:5e:84:14:db:42: c8:e7:34:c6:92:6f:d2:c1:33:97:97:2c:4d:4f:f8:01: c8:6d:ed:de:4f:a5:33:4f:bd:6c:33:ea:c8:07:00:f6: 35:d5:ce:3e:fe:11:50:ef:1a:50:8c:4e:36:3a:77:79: 76:12:c7:ad:f7:9f:ac:ad:2b:56:4f:7a:f0:ed:38:e3: 38:3d:21:d2:b7:49:3b:84:d2:a3:cf:7f:f3:c9:36:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:5c:9d:4f:2d:14:72:da:2f:56:38:7f:a6:e7:a6:63: d9:ae:77:3f:46:79:95:5d:dc:04:39:b4:c6:33:6d:eb: f1:ea:42:0e:1e:fd:8a:33:59:d8:2c:99:e6:ec:38:3b: 08:af:fc:0b:43:2a:dc:77:6c:55:47:cd:3e:b1:63:35: 7e:5f:9d:0f:86:66:5d:1f:97:44:8a:ac:42:2e:6b:c1: 41:94:03:d3:83:42:39:04:f8:d2:d7:61:00:46:37:33: cf:85:b1:c7:5c:43:94:98:7e:c9:15:7b:01:02:12:a0: 66:9a:36:4f:a6:3f:ce:6c:e0:98:40:d2:70:fc:b1:52 Fingerprint (SHA-256): 27:A5:54:80:61:3C:8B:5F:B9:01:A7:8D:17:03:C0:BE:8A:F3:EA:85:17:05:34:D0:34:A4:B0:EB:D1:F6:5B:40 Fingerprint (SHA1): F7:7D:BB:A5:E7:EB:F4:3D:6D:36:0D:A3:CE:9F:D5:4D:F7:FA:A0:F7 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4046: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4047: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022001 (0x1eefa5b1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:31:43 2015 Not After : Tue May 19 06:31:43 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:54:b3:df:6b:56:04:93:2e:7c:00:2a:bd:10:b3:48: 4e:37:aa:bf:d6:18:88:a5:b5:e0:d7:a7:c1:ec:37:9c: 44:ab:47:cd:19:a7:b0:82:33:1d:9e:26:3a:87:ab:87: 4a:e6:fe:88:97:74:32:6b:39:0a:b3:62:ea:f7:4a:08: 51:0c:fd:15:5a:d8:d4:e0:94:1c:9c:b4:d3:5c:48:85: a0:e3:63:09:cb:df:36:39:b0:79:1a:14:b4:9c:a9:c2: f1:0a:12:14:58:a2:76:e2:f4:0a:fa:6d:07:23:dc:f1: 28:28:a9:e0:3b:26:6b:b7:fb:5b:e6:2c:43:c2:f5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:4f:83:90:15:46:20:69:15:af:f9:2b:b3:a1:b7:1b: 3c:89:ac:ce:9b:d1:5b:9d:cf:18:a2:95:f9:74:89:6c: 80:04:4b:ae:af:b2:22:db:bb:2a:e5:76:31:f9:55:29: d2:d3:d2:bf:21:36:0a:69:5d:c4:40:fd:88:a9:39:bc: 90:a9:fb:d4:38:22:e1:5f:0a:0c:7d:7f:9e:69:16:d3: d5:a4:0d:f2:d3:38:19:d5:10:6b:0b:49:da:31:33:e7: d5:d4:04:99:1b:49:4c:bd:23:f3:2d:4c:ae:62:af:35: 49:28:cb:94:02:5e:c9:40:bf:88:14:4b:99:8f:6c:a6 Fingerprint (SHA-256): 2A:46:97:41:FB:0A:45:15:FA:A9:DE:50:43:77:DF:3E:1D:AB:03:EC:CC:CC:5F:37:23:80:9F:28:F9:D6:7A:41 Fingerprint (SHA1): F7:0E:8C:C9:52:F6:49:23:37:22:2C:61:1E:47:2D:36:C0:06:0F:EC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4048: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4049: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022002 (0x1eefa5b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:31:46 2015 Not After : Tue May 19 06:31:46 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:e1:57:f2:6c:b2:db:a1:91:7e:ab:a4:ff:74:61:66: cb:a4:ff:ac:80:70:c0:cc:1f:0d:fd:7b:ab:d1:96:dc: a0:17:3a:8b:4a:be:67:69:89:8f:df:77:02:dc:09:96: 6b:69:1a:74:b9:3c:3b:93:95:ee:d2:07:be:ab:30:ba: 82:f1:38:3d:b8:c1:95:cd:83:03:25:de:69:7b:e8:ca: 94:6a:73:5a:d7:be:fd:43:ba:81:b9:d0:c2:b1:57:11: 44:47:dd:5c:70:d2:48:54:25:10:10:6e:8b:69:a9:27: fa:28:43:f6:a5:e0:5a:1b:8c:61:ad:f1:3f:d9:d5:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:9d:15:02:6b:5f:5a:5e:b5:1e:52:4b:5d:c7:0d:ee: ba:c2:9d:7e:24:67:fe:49:1e:5f:6c:1d:40:ad:ec:1a: 4c:ae:e5:82:21:a0:fc:27:23:a5:27:e0:25:28:64:42: 20:74:02:97:56:e8:3d:99:ef:75:0f:c6:bb:be:b6:65: c3:1c:fd:31:fa:6f:51:8c:4e:f6:8a:85:e3:63:79:17: d1:5b:e1:8c:ad:22:c3:27:84:8a:25:4d:a6:3e:d6:d1: e1:d1:38:ab:9d:f0:56:90:70:80:2b:b6:16:33:8d:11: 95:c6:6d:aa:af:16:65:e1:82:af:12:a1:6b:af:41:e4 Fingerprint (SHA-256): FE:62:4C:E4:27:6E:E0:84:59:1F:5A:41:32:A7:C2:3C:C2:ED:68:56:27:CF:8D:14:96:DF:0F:37:D0:5E:E2:29 Fingerprint (SHA1): 74:AA:09:14:4B:BE:7A:79:9E:9E:F6:DA:58:D1:30:1D:CD:E7:BA:AF Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4050: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4051: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4052: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4053: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4054: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022000 (0x1eefa5b0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:31:41 2015 Not After : Tue May 19 06:31:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:0c:91:15:7d:76:fc:cb:51:59:46:3c:58:88:e6:1d: 9d:6e:86:25:fb:36:44:d0:a5:48:64:af:7a:7e:06:81: 78:b6:8a:a3:c6:94:52:4a:02:59:24:5e:84:14:db:42: c8:e7:34:c6:92:6f:d2:c1:33:97:97:2c:4d:4f:f8:01: c8:6d:ed:de:4f:a5:33:4f:bd:6c:33:ea:c8:07:00:f6: 35:d5:ce:3e:fe:11:50:ef:1a:50:8c:4e:36:3a:77:79: 76:12:c7:ad:f7:9f:ac:ad:2b:56:4f:7a:f0:ed:38:e3: 38:3d:21:d2:b7:49:3b:84:d2:a3:cf:7f:f3:c9:36:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4f:5c:9d:4f:2d:14:72:da:2f:56:38:7f:a6:e7:a6:63: d9:ae:77:3f:46:79:95:5d:dc:04:39:b4:c6:33:6d:eb: f1:ea:42:0e:1e:fd:8a:33:59:d8:2c:99:e6:ec:38:3b: 08:af:fc:0b:43:2a:dc:77:6c:55:47:cd:3e:b1:63:35: 7e:5f:9d:0f:86:66:5d:1f:97:44:8a:ac:42:2e:6b:c1: 41:94:03:d3:83:42:39:04:f8:d2:d7:61:00:46:37:33: cf:85:b1:c7:5c:43:94:98:7e:c9:15:7b:01:02:12:a0: 66:9a:36:4f:a6:3f:ce:6c:e0:98:40:d2:70:fc:b1:52 Fingerprint (SHA-256): 27:A5:54:80:61:3C:8B:5F:B9:01:A7:8D:17:03:C0:BE:8A:F3:EA:85:17:05:34:D0:34:A4:B0:EB:D1:F6:5B:40 Fingerprint (SHA1): F7:7D:BB:A5:E7:EB:F4:3D:6D:36:0D:A3:CE:9F:D5:4D:F7:FA:A0:F7 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4055: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4056: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022001 (0x1eefa5b1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:31:43 2015 Not After : Tue May 19 06:31:43 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: be:54:b3:df:6b:56:04:93:2e:7c:00:2a:bd:10:b3:48: 4e:37:aa:bf:d6:18:88:a5:b5:e0:d7:a7:c1:ec:37:9c: 44:ab:47:cd:19:a7:b0:82:33:1d:9e:26:3a:87:ab:87: 4a:e6:fe:88:97:74:32:6b:39:0a:b3:62:ea:f7:4a:08: 51:0c:fd:15:5a:d8:d4:e0:94:1c:9c:b4:d3:5c:48:85: a0:e3:63:09:cb:df:36:39:b0:79:1a:14:b4:9c:a9:c2: f1:0a:12:14:58:a2:76:e2:f4:0a:fa:6d:07:23:dc:f1: 28:28:a9:e0:3b:26:6b:b7:fb:5b:e6:2c:43:c2:f5:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 1d:4f:83:90:15:46:20:69:15:af:f9:2b:b3:a1:b7:1b: 3c:89:ac:ce:9b:d1:5b:9d:cf:18:a2:95:f9:74:89:6c: 80:04:4b:ae:af:b2:22:db:bb:2a:e5:76:31:f9:55:29: d2:d3:d2:bf:21:36:0a:69:5d:c4:40:fd:88:a9:39:bc: 90:a9:fb:d4:38:22:e1:5f:0a:0c:7d:7f:9e:69:16:d3: d5:a4:0d:f2:d3:38:19:d5:10:6b:0b:49:da:31:33:e7: d5:d4:04:99:1b:49:4c:bd:23:f3:2d:4c:ae:62:af:35: 49:28:cb:94:02:5e:c9:40:bf:88:14:4b:99:8f:6c:a6 Fingerprint (SHA-256): 2A:46:97:41:FB:0A:45:15:FA:A9:DE:50:43:77:DF:3E:1D:AB:03:EC:CC:CC:5F:37:23:80:9F:28:F9:D6:7A:41 Fingerprint (SHA1): F7:0E:8C:C9:52:F6:49:23:37:22:2C:61:1E:47:2D:36:C0:06:0F:EC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4057: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4058: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022002 (0x1eefa5b2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:31:46 2015 Not After : Tue May 19 06:31:46 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 96:e1:57:f2:6c:b2:db:a1:91:7e:ab:a4:ff:74:61:66: cb:a4:ff:ac:80:70:c0:cc:1f:0d:fd:7b:ab:d1:96:dc: a0:17:3a:8b:4a:be:67:69:89:8f:df:77:02:dc:09:96: 6b:69:1a:74:b9:3c:3b:93:95:ee:d2:07:be:ab:30:ba: 82:f1:38:3d:b8:c1:95:cd:83:03:25:de:69:7b:e8:ca: 94:6a:73:5a:d7:be:fd:43:ba:81:b9:d0:c2:b1:57:11: 44:47:dd:5c:70:d2:48:54:25:10:10:6e:8b:69:a9:27: fa:28:43:f6:a5:e0:5a:1b:8c:61:ad:f1:3f:d9:d5:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:9d:15:02:6b:5f:5a:5e:b5:1e:52:4b:5d:c7:0d:ee: ba:c2:9d:7e:24:67:fe:49:1e:5f:6c:1d:40:ad:ec:1a: 4c:ae:e5:82:21:a0:fc:27:23:a5:27:e0:25:28:64:42: 20:74:02:97:56:e8:3d:99:ef:75:0f:c6:bb:be:b6:65: c3:1c:fd:31:fa:6f:51:8c:4e:f6:8a:85:e3:63:79:17: d1:5b:e1:8c:ad:22:c3:27:84:8a:25:4d:a6:3e:d6:d1: e1:d1:38:ab:9d:f0:56:90:70:80:2b:b6:16:33:8d:11: 95:c6:6d:aa:af:16:65:e1:82:af:12:a1:6b:af:41:e4 Fingerprint (SHA-256): FE:62:4C:E4:27:6E:E0:84:59:1F:5A:41:32:A7:C2:3C:C2:ED:68:56:27:CF:8D:14:96:DF:0F:37:D0:5E:E2:29 Fingerprint (SHA1): 74:AA:09:14:4B:BE:7A:79:9E:9E:F6:DA:58:D1:30:1D:CD:E7:BA:AF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4059: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4060: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4061: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022004 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4062: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4063: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4064: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4065: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022005 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4066: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4067: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4068: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4069: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022006 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4070: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4071: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4072: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4073: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519022007 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4074: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4075: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4076: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4077: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519022008 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4078: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4079: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4080: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022004 (0x1eefa5b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:03 2015 Not After : Tue May 19 06:32:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:ff:ce:ee:f4:22:0b:98:c8:f4:bc:04:1d:57:87:63: 7c:42:8d:be:68:7d:28:22:3e:53:85:a4:db:45:e6:5e: 58:6e:d7:e1:c9:d0:39:85:c5:07:51:5a:dd:17:bc:f6: eb:8a:ae:9f:3e:42:1f:fa:ff:31:4c:f3:7c:90:6f:96: 0f:46:46:88:2a:b7:87:2b:1a:1f:1c:0f:cf:82:66:16: 14:fc:63:08:99:17:39:59:2c:0e:22:d1:b5:02:6c:08: 5f:2d:64:a4:bc:81:d4:ad:23:3e:de:f1:f3:dd:50:da: 12:a4:27:2f:5e:e1:96:46:1f:5d:28:65:d7:c0:22:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:17:dd:a0:a0:ea:03:c4:46:7f:28:82:8f:e1:97:cb: 96:b8:7c:82:a3:cc:23:7e:6c:11:d9:c1:03:8e:e5:84: 38:dc:d1:82:3c:45:cc:9f:bb:47:94:2b:0d:32:eb:fd: a1:ea:b2:c2:fa:c5:e8:38:52:ba:7f:5c:0d:07:7e:73: 63:20:40:9d:95:49:27:41:81:33:c0:5c:bc:e0:01:7f: 3c:cb:d0:f4:1b:41:ce:e6:82:ce:9e:59:07:b1:de:2b: d6:95:a0:1d:a1:cb:cf:b1:ea:7d:3f:59:a0:03:10:cf: 1b:c5:e0:81:13:9a:bf:72:e8:40:b1:15:c3:0a:6a:6d Fingerprint (SHA-256): A7:C0:2D:52:5F:85:9D:D4:D2:FD:9A:CC:AB:86:60:CE:40:46:72:D0:EE:A2:70:A8:CE:C1:D5:5D:C2:73:52:08 Fingerprint (SHA1): 77:E6:70:28:9F:64:7A:61:BE:94:58:FE:B0:4D:4A:95:0A:86:BF:F6 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4081: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4082: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022005 (0x1eefa5b5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:09 2015 Not After : Tue May 19 06:32:09 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:33:d4:da:23:c0:55:3c:0e:fc:74:16:f0:17:b9:90: ca:62:7d:8b:e5:ab:ec:32:1d:12:38:07:7e:ae:db:e3: 1d:b0:00:11:8f:b0:9f:41:79:d9:a3:fc:ab:89:18:91: 36:79:a8:43:67:10:b2:a0:c2:74:fb:b9:f7:2b:94:5c: 40:6b:dd:50:f4:a3:ee:2f:5b:c6:4d:24:5c:19:c8:bd: 97:5e:a0:a1:b3:0c:3c:db:48:20:5b:ac:ec:60:9f:3e: a3:99:f1:da:47:d4:8d:00:73:fd:e7:10:20:23:47:fb: 2f:d5:2c:a9:89:9c:cf:d9:bc:51:b1:69:fb:cd:cc:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:93:42:96:d5:9f:24:10:32:98:80:15:d7:5b:e9:f2: f3:d5:7f:c9:25:49:45:fb:c9:ce:70:f8:2d:54:c2:74: 0f:ac:46:3d:14:56:88:85:17:e6:01:e1:22:a7:2c:35: ca:8e:3a:e0:0d:6b:ad:d6:d7:d1:9d:5e:78:c3:d6:a1: 2b:cd:7a:2b:bf:9c:86:cb:99:65:ec:c5:7b:8c:5d:a2: 04:57:fd:0c:35:64:83:47:8b:b4:43:84:06:36:9d:71: f7:00:a5:2b:5b:3d:4a:8c:c6:a4:ef:18:0f:86:ef:8f: 74:06:fa:3a:af:19:10:84:65:95:99:e1:95:e0:f9:f5 Fingerprint (SHA-256): 58:4C:BF:B0:D2:10:15:CC:98:66:D1:9C:6B:DB:80:D5:C7:8C:A3:C0:97:AF:4F:75:A2:26:18:A6:0E:AE:FD:40 Fingerprint (SHA1): 61:72:7A:20:57:42:43:5D:62:CA:C2:23:EA:70:FC:25:75:00:33:0F Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4083: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4084: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022006 (0x1eefa5b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:32:13 2015 Not After : Tue May 19 06:32:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:d1:0d:2d:2a:9e:c7:52:48:9d:e7:fa:8c:01:bd:3a: 4b:96:5c:08:44:50:36:30:5d:1c:05:6f:a3:f8:ec:37: 3e:8a:83:b3:62:ff:f2:21:da:3e:56:10:f8:59:d1:dc: 19:0f:21:56:e4:94:cb:c6:32:8c:01:76:24:36:96:79: 4e:e8:fa:45:c0:c7:73:59:fb:2d:41:9b:d0:b4:73:5c: fc:a6:46:b3:b5:e3:9a:f0:a8:53:08:e9:19:cf:3e:23: 0c:77:1e:48:2d:4f:b2:10:d0:65:83:4d:77:74:fa:62: 3b:00:9e:52:da:6c:b4:33:31:6a:41:7e:b0:0d:fd:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:dc:bf:08:dd:cf:ae:18:5f:84:47:23:7e:6d:1f:d8: 2c:fb:e8:ea:7e:89:7d:04:8b:e8:d9:b9:10:3b:b4:3c: 8d:50:32:0b:55:55:32:34:11:97:0c:ca:84:63:90:09: 15:47:f5:8f:f0:af:9e:36:7f:49:0e:fb:a1:9a:41:d3: b2:c3:da:bb:7b:28:03:88:63:56:38:12:95:67:84:16: f7:d3:fb:86:c8:1e:0a:9e:7e:7c:cf:d5:83:b1:f4:e5: bb:ab:8f:43:b2:e2:9e:3d:65:2f:28:b1:4b:fc:23:0e: e2:99:2a:ed:9c:5b:8f:10:97:f6:cd:ed:d4:e0:f9:fd Fingerprint (SHA-256): 67:6B:4B:93:70:35:76:E7:63:B7:11:AE:03:43:63:70:AE:32:8B:F7:BE:46:AD:BF:0F:7B:11:80:74:1B:B3:AC Fingerprint (SHA1): 2D:E2:1E:33:20:90:9F:2D:16:EF:2B:90:B5:24:64:8A:B6:83:61:33 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4085: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4086: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4087: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4088: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4089: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022004 (0x1eefa5b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:03 2015 Not After : Tue May 19 06:32:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:ff:ce:ee:f4:22:0b:98:c8:f4:bc:04:1d:57:87:63: 7c:42:8d:be:68:7d:28:22:3e:53:85:a4:db:45:e6:5e: 58:6e:d7:e1:c9:d0:39:85:c5:07:51:5a:dd:17:bc:f6: eb:8a:ae:9f:3e:42:1f:fa:ff:31:4c:f3:7c:90:6f:96: 0f:46:46:88:2a:b7:87:2b:1a:1f:1c:0f:cf:82:66:16: 14:fc:63:08:99:17:39:59:2c:0e:22:d1:b5:02:6c:08: 5f:2d:64:a4:bc:81:d4:ad:23:3e:de:f1:f3:dd:50:da: 12:a4:27:2f:5e:e1:96:46:1f:5d:28:65:d7:c0:22:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:17:dd:a0:a0:ea:03:c4:46:7f:28:82:8f:e1:97:cb: 96:b8:7c:82:a3:cc:23:7e:6c:11:d9:c1:03:8e:e5:84: 38:dc:d1:82:3c:45:cc:9f:bb:47:94:2b:0d:32:eb:fd: a1:ea:b2:c2:fa:c5:e8:38:52:ba:7f:5c:0d:07:7e:73: 63:20:40:9d:95:49:27:41:81:33:c0:5c:bc:e0:01:7f: 3c:cb:d0:f4:1b:41:ce:e6:82:ce:9e:59:07:b1:de:2b: d6:95:a0:1d:a1:cb:cf:b1:ea:7d:3f:59:a0:03:10:cf: 1b:c5:e0:81:13:9a:bf:72:e8:40:b1:15:c3:0a:6a:6d Fingerprint (SHA-256): A7:C0:2D:52:5F:85:9D:D4:D2:FD:9A:CC:AB:86:60:CE:40:46:72:D0:EE:A2:70:A8:CE:C1:D5:5D:C2:73:52:08 Fingerprint (SHA1): 77:E6:70:28:9F:64:7A:61:BE:94:58:FE:B0:4D:4A:95:0A:86:BF:F6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4090: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4091: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022005 (0x1eefa5b5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:09 2015 Not After : Tue May 19 06:32:09 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:33:d4:da:23:c0:55:3c:0e:fc:74:16:f0:17:b9:90: ca:62:7d:8b:e5:ab:ec:32:1d:12:38:07:7e:ae:db:e3: 1d:b0:00:11:8f:b0:9f:41:79:d9:a3:fc:ab:89:18:91: 36:79:a8:43:67:10:b2:a0:c2:74:fb:b9:f7:2b:94:5c: 40:6b:dd:50:f4:a3:ee:2f:5b:c6:4d:24:5c:19:c8:bd: 97:5e:a0:a1:b3:0c:3c:db:48:20:5b:ac:ec:60:9f:3e: a3:99:f1:da:47:d4:8d:00:73:fd:e7:10:20:23:47:fb: 2f:d5:2c:a9:89:9c:cf:d9:bc:51:b1:69:fb:cd:cc:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:93:42:96:d5:9f:24:10:32:98:80:15:d7:5b:e9:f2: f3:d5:7f:c9:25:49:45:fb:c9:ce:70:f8:2d:54:c2:74: 0f:ac:46:3d:14:56:88:85:17:e6:01:e1:22:a7:2c:35: ca:8e:3a:e0:0d:6b:ad:d6:d7:d1:9d:5e:78:c3:d6:a1: 2b:cd:7a:2b:bf:9c:86:cb:99:65:ec:c5:7b:8c:5d:a2: 04:57:fd:0c:35:64:83:47:8b:b4:43:84:06:36:9d:71: f7:00:a5:2b:5b:3d:4a:8c:c6:a4:ef:18:0f:86:ef:8f: 74:06:fa:3a:af:19:10:84:65:95:99:e1:95:e0:f9:f5 Fingerprint (SHA-256): 58:4C:BF:B0:D2:10:15:CC:98:66:D1:9C:6B:DB:80:D5:C7:8C:A3:C0:97:AF:4F:75:A2:26:18:A6:0E:AE:FD:40 Fingerprint (SHA1): 61:72:7A:20:57:42:43:5D:62:CA:C2:23:EA:70:FC:25:75:00:33:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4092: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4093: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022006 (0x1eefa5b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:32:13 2015 Not After : Tue May 19 06:32:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:d1:0d:2d:2a:9e:c7:52:48:9d:e7:fa:8c:01:bd:3a: 4b:96:5c:08:44:50:36:30:5d:1c:05:6f:a3:f8:ec:37: 3e:8a:83:b3:62:ff:f2:21:da:3e:56:10:f8:59:d1:dc: 19:0f:21:56:e4:94:cb:c6:32:8c:01:76:24:36:96:79: 4e:e8:fa:45:c0:c7:73:59:fb:2d:41:9b:d0:b4:73:5c: fc:a6:46:b3:b5:e3:9a:f0:a8:53:08:e9:19:cf:3e:23: 0c:77:1e:48:2d:4f:b2:10:d0:65:83:4d:77:74:fa:62: 3b:00:9e:52:da:6c:b4:33:31:6a:41:7e:b0:0d:fd:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:dc:bf:08:dd:cf:ae:18:5f:84:47:23:7e:6d:1f:d8: 2c:fb:e8:ea:7e:89:7d:04:8b:e8:d9:b9:10:3b:b4:3c: 8d:50:32:0b:55:55:32:34:11:97:0c:ca:84:63:90:09: 15:47:f5:8f:f0:af:9e:36:7f:49:0e:fb:a1:9a:41:d3: b2:c3:da:bb:7b:28:03:88:63:56:38:12:95:67:84:16: f7:d3:fb:86:c8:1e:0a:9e:7e:7c:cf:d5:83:b1:f4:e5: bb:ab:8f:43:b2:e2:9e:3d:65:2f:28:b1:4b:fc:23:0e: e2:99:2a:ed:9c:5b:8f:10:97:f6:cd:ed:d4:e0:f9:fd Fingerprint (SHA-256): 67:6B:4B:93:70:35:76:E7:63:B7:11:AE:03:43:63:70:AE:32:8B:F7:BE:46:AD:BF:0F:7B:11:80:74:1B:B3:AC Fingerprint (SHA1): 2D:E2:1E:33:20:90:9F:2D:16:EF:2B:90:B5:24:64:8A:B6:83:61:33 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #4094: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4095: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022004 (0x1eefa5b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:03 2015 Not After : Tue May 19 06:32:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:ff:ce:ee:f4:22:0b:98:c8:f4:bc:04:1d:57:87:63: 7c:42:8d:be:68:7d:28:22:3e:53:85:a4:db:45:e6:5e: 58:6e:d7:e1:c9:d0:39:85:c5:07:51:5a:dd:17:bc:f6: eb:8a:ae:9f:3e:42:1f:fa:ff:31:4c:f3:7c:90:6f:96: 0f:46:46:88:2a:b7:87:2b:1a:1f:1c:0f:cf:82:66:16: 14:fc:63:08:99:17:39:59:2c:0e:22:d1:b5:02:6c:08: 5f:2d:64:a4:bc:81:d4:ad:23:3e:de:f1:f3:dd:50:da: 12:a4:27:2f:5e:e1:96:46:1f:5d:28:65:d7:c0:22:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:17:dd:a0:a0:ea:03:c4:46:7f:28:82:8f:e1:97:cb: 96:b8:7c:82:a3:cc:23:7e:6c:11:d9:c1:03:8e:e5:84: 38:dc:d1:82:3c:45:cc:9f:bb:47:94:2b:0d:32:eb:fd: a1:ea:b2:c2:fa:c5:e8:38:52:ba:7f:5c:0d:07:7e:73: 63:20:40:9d:95:49:27:41:81:33:c0:5c:bc:e0:01:7f: 3c:cb:d0:f4:1b:41:ce:e6:82:ce:9e:59:07:b1:de:2b: d6:95:a0:1d:a1:cb:cf:b1:ea:7d:3f:59:a0:03:10:cf: 1b:c5:e0:81:13:9a:bf:72:e8:40:b1:15:c3:0a:6a:6d Fingerprint (SHA-256): A7:C0:2D:52:5F:85:9D:D4:D2:FD:9A:CC:AB:86:60:CE:40:46:72:D0:EE:A2:70:A8:CE:C1:D5:5D:C2:73:52:08 Fingerprint (SHA1): 77:E6:70:28:9F:64:7A:61:BE:94:58:FE:B0:4D:4A:95:0A:86:BF:F6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4096: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022004 (0x1eefa5b4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:03 2015 Not After : Tue May 19 06:32:03 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b1:ff:ce:ee:f4:22:0b:98:c8:f4:bc:04:1d:57:87:63: 7c:42:8d:be:68:7d:28:22:3e:53:85:a4:db:45:e6:5e: 58:6e:d7:e1:c9:d0:39:85:c5:07:51:5a:dd:17:bc:f6: eb:8a:ae:9f:3e:42:1f:fa:ff:31:4c:f3:7c:90:6f:96: 0f:46:46:88:2a:b7:87:2b:1a:1f:1c:0f:cf:82:66:16: 14:fc:63:08:99:17:39:59:2c:0e:22:d1:b5:02:6c:08: 5f:2d:64:a4:bc:81:d4:ad:23:3e:de:f1:f3:dd:50:da: 12:a4:27:2f:5e:e1:96:46:1f:5d:28:65:d7:c0:22:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:17:dd:a0:a0:ea:03:c4:46:7f:28:82:8f:e1:97:cb: 96:b8:7c:82:a3:cc:23:7e:6c:11:d9:c1:03:8e:e5:84: 38:dc:d1:82:3c:45:cc:9f:bb:47:94:2b:0d:32:eb:fd: a1:ea:b2:c2:fa:c5:e8:38:52:ba:7f:5c:0d:07:7e:73: 63:20:40:9d:95:49:27:41:81:33:c0:5c:bc:e0:01:7f: 3c:cb:d0:f4:1b:41:ce:e6:82:ce:9e:59:07:b1:de:2b: d6:95:a0:1d:a1:cb:cf:b1:ea:7d:3f:59:a0:03:10:cf: 1b:c5:e0:81:13:9a:bf:72:e8:40:b1:15:c3:0a:6a:6d Fingerprint (SHA-256): A7:C0:2D:52:5F:85:9D:D4:D2:FD:9A:CC:AB:86:60:CE:40:46:72:D0:EE:A2:70:A8:CE:C1:D5:5D:C2:73:52:08 Fingerprint (SHA1): 77:E6:70:28:9F:64:7A:61:BE:94:58:FE:B0:4D:4A:95:0A:86:BF:F6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4097: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022005 (0x1eefa5b5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:09 2015 Not After : Tue May 19 06:32:09 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:33:d4:da:23:c0:55:3c:0e:fc:74:16:f0:17:b9:90: ca:62:7d:8b:e5:ab:ec:32:1d:12:38:07:7e:ae:db:e3: 1d:b0:00:11:8f:b0:9f:41:79:d9:a3:fc:ab:89:18:91: 36:79:a8:43:67:10:b2:a0:c2:74:fb:b9:f7:2b:94:5c: 40:6b:dd:50:f4:a3:ee:2f:5b:c6:4d:24:5c:19:c8:bd: 97:5e:a0:a1:b3:0c:3c:db:48:20:5b:ac:ec:60:9f:3e: a3:99:f1:da:47:d4:8d:00:73:fd:e7:10:20:23:47:fb: 2f:d5:2c:a9:89:9c:cf:d9:bc:51:b1:69:fb:cd:cc:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:93:42:96:d5:9f:24:10:32:98:80:15:d7:5b:e9:f2: f3:d5:7f:c9:25:49:45:fb:c9:ce:70:f8:2d:54:c2:74: 0f:ac:46:3d:14:56:88:85:17:e6:01:e1:22:a7:2c:35: ca:8e:3a:e0:0d:6b:ad:d6:d7:d1:9d:5e:78:c3:d6:a1: 2b:cd:7a:2b:bf:9c:86:cb:99:65:ec:c5:7b:8c:5d:a2: 04:57:fd:0c:35:64:83:47:8b:b4:43:84:06:36:9d:71: f7:00:a5:2b:5b:3d:4a:8c:c6:a4:ef:18:0f:86:ef:8f: 74:06:fa:3a:af:19:10:84:65:95:99:e1:95:e0:f9:f5 Fingerprint (SHA-256): 58:4C:BF:B0:D2:10:15:CC:98:66:D1:9C:6B:DB:80:D5:C7:8C:A3:C0:97:AF:4F:75:A2:26:18:A6:0E:AE:FD:40 Fingerprint (SHA1): 61:72:7A:20:57:42:43:5D:62:CA:C2:23:EA:70:FC:25:75:00:33:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4098: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022005 (0x1eefa5b5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:32:09 2015 Not After : Tue May 19 06:32:09 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:33:d4:da:23:c0:55:3c:0e:fc:74:16:f0:17:b9:90: ca:62:7d:8b:e5:ab:ec:32:1d:12:38:07:7e:ae:db:e3: 1d:b0:00:11:8f:b0:9f:41:79:d9:a3:fc:ab:89:18:91: 36:79:a8:43:67:10:b2:a0:c2:74:fb:b9:f7:2b:94:5c: 40:6b:dd:50:f4:a3:ee:2f:5b:c6:4d:24:5c:19:c8:bd: 97:5e:a0:a1:b3:0c:3c:db:48:20:5b:ac:ec:60:9f:3e: a3:99:f1:da:47:d4:8d:00:73:fd:e7:10:20:23:47:fb: 2f:d5:2c:a9:89:9c:cf:d9:bc:51:b1:69:fb:cd:cc:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:93:42:96:d5:9f:24:10:32:98:80:15:d7:5b:e9:f2: f3:d5:7f:c9:25:49:45:fb:c9:ce:70:f8:2d:54:c2:74: 0f:ac:46:3d:14:56:88:85:17:e6:01:e1:22:a7:2c:35: ca:8e:3a:e0:0d:6b:ad:d6:d7:d1:9d:5e:78:c3:d6:a1: 2b:cd:7a:2b:bf:9c:86:cb:99:65:ec:c5:7b:8c:5d:a2: 04:57:fd:0c:35:64:83:47:8b:b4:43:84:06:36:9d:71: f7:00:a5:2b:5b:3d:4a:8c:c6:a4:ef:18:0f:86:ef:8f: 74:06:fa:3a:af:19:10:84:65:95:99:e1:95:e0:f9:f5 Fingerprint (SHA-256): 58:4C:BF:B0:D2:10:15:CC:98:66:D1:9C:6B:DB:80:D5:C7:8C:A3:C0:97:AF:4F:75:A2:26:18:A6:0E:AE:FD:40 Fingerprint (SHA1): 61:72:7A:20:57:42:43:5D:62:CA:C2:23:EA:70:FC:25:75:00:33:0F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4099: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022006 (0x1eefa5b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:32:13 2015 Not After : Tue May 19 06:32:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:d1:0d:2d:2a:9e:c7:52:48:9d:e7:fa:8c:01:bd:3a: 4b:96:5c:08:44:50:36:30:5d:1c:05:6f:a3:f8:ec:37: 3e:8a:83:b3:62:ff:f2:21:da:3e:56:10:f8:59:d1:dc: 19:0f:21:56:e4:94:cb:c6:32:8c:01:76:24:36:96:79: 4e:e8:fa:45:c0:c7:73:59:fb:2d:41:9b:d0:b4:73:5c: fc:a6:46:b3:b5:e3:9a:f0:a8:53:08:e9:19:cf:3e:23: 0c:77:1e:48:2d:4f:b2:10:d0:65:83:4d:77:74:fa:62: 3b:00:9e:52:da:6c:b4:33:31:6a:41:7e:b0:0d:fd:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:dc:bf:08:dd:cf:ae:18:5f:84:47:23:7e:6d:1f:d8: 2c:fb:e8:ea:7e:89:7d:04:8b:e8:d9:b9:10:3b:b4:3c: 8d:50:32:0b:55:55:32:34:11:97:0c:ca:84:63:90:09: 15:47:f5:8f:f0:af:9e:36:7f:49:0e:fb:a1:9a:41:d3: b2:c3:da:bb:7b:28:03:88:63:56:38:12:95:67:84:16: f7:d3:fb:86:c8:1e:0a:9e:7e:7c:cf:d5:83:b1:f4:e5: bb:ab:8f:43:b2:e2:9e:3d:65:2f:28:b1:4b:fc:23:0e: e2:99:2a:ed:9c:5b:8f:10:97:f6:cd:ed:d4:e0:f9:fd Fingerprint (SHA-256): 67:6B:4B:93:70:35:76:E7:63:B7:11:AE:03:43:63:70:AE:32:8B:F7:BE:46:AD:BF:0F:7B:11:80:74:1B:B3:AC Fingerprint (SHA1): 2D:E2:1E:33:20:90:9F:2D:16:EF:2B:90:B5:24:64:8A:B6:83:61:33 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4100: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022006 (0x1eefa5b6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:32:13 2015 Not After : Tue May 19 06:32:13 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:d1:0d:2d:2a:9e:c7:52:48:9d:e7:fa:8c:01:bd:3a: 4b:96:5c:08:44:50:36:30:5d:1c:05:6f:a3:f8:ec:37: 3e:8a:83:b3:62:ff:f2:21:da:3e:56:10:f8:59:d1:dc: 19:0f:21:56:e4:94:cb:c6:32:8c:01:76:24:36:96:79: 4e:e8:fa:45:c0:c7:73:59:fb:2d:41:9b:d0:b4:73:5c: fc:a6:46:b3:b5:e3:9a:f0:a8:53:08:e9:19:cf:3e:23: 0c:77:1e:48:2d:4f:b2:10:d0:65:83:4d:77:74:fa:62: 3b:00:9e:52:da:6c:b4:33:31:6a:41:7e:b0:0d:fd:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:dc:bf:08:dd:cf:ae:18:5f:84:47:23:7e:6d:1f:d8: 2c:fb:e8:ea:7e:89:7d:04:8b:e8:d9:b9:10:3b:b4:3c: 8d:50:32:0b:55:55:32:34:11:97:0c:ca:84:63:90:09: 15:47:f5:8f:f0:af:9e:36:7f:49:0e:fb:a1:9a:41:d3: b2:c3:da:bb:7b:28:03:88:63:56:38:12:95:67:84:16: f7:d3:fb:86:c8:1e:0a:9e:7e:7c:cf:d5:83:b1:f4:e5: bb:ab:8f:43:b2:e2:9e:3d:65:2f:28:b1:4b:fc:23:0e: e2:99:2a:ed:9c:5b:8f:10:97:f6:cd:ed:d4:e0:f9:fd Fingerprint (SHA-256): 67:6B:4B:93:70:35:76:E7:63:B7:11:AE:03:43:63:70:AE:32:8B:F7:BE:46:AD:BF:0F:7B:11:80:74:1B:B3:AC Fingerprint (SHA1): 2D:E2:1E:33:20:90:9F:2D:16:EF:2B:90:B5:24:64:8A:B6:83:61:33 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #4101: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4102: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022009 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4103: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4104: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4105: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4106: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519022010 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4107: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4108: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4109: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4110: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022011 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4111: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4112: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4113: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4114: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519022012 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4115: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4116: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #4117: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4118: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519022013 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4119: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4120: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #4121: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4122: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519022014 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4123: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4124: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #4125: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4126: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519022015 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4127: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4128: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4129: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #4130: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #4131: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4132: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #4133: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022009 (0x1eefa5b9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:32:37 2015 Not After : Tue May 19 06:32:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:be:72:34:3f:5b:f5:76:61:91:f3:95:b9:6a:40:9a: 71:fb:49:00:16:ea:12:88:a4:af:f4:fe:94:5e:3f:dc: 04:ce:75:db:3b:e2:d8:34:a9:5f:9e:6a:f5:c6:b1:9d: 9f:af:8c:e4:d9:ea:b3:cb:78:e6:aa:aa:a4:bb:a4:b1: c4:46:59:b0:a4:3b:56:0d:53:16:e8:ba:c8:d2:31:d8: 50:98:4c:96:b7:fb:c2:74:d6:22:77:31:bb:f5:f2:72: 99:9d:64:16:eb:b4:6f:db:13:f9:91:59:8e:75:fe:f1: d4:cb:b7:bb:03:6f:65:00:f6:b8:ba:86:a5:70:01:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9f:7a:c3:42:a7:bd:e0:47:17:b4:80:25:4a:da:b4:24: 72:4a:d2:2e:2f:7c:05:a6:28:57:54:6c:7d:f8:6c:b4: f3:f7:16:a2:2c:6a:ab:cd:6a:f8:b8:e3:b1:dd:4a:21: 08:78:5a:4b:e0:59:5a:9c:c8:7e:fa:e0:76:e7:a0:8a: 57:33:2c:08:5e:53:43:06:92:16:d4:fb:41:6b:9e:e6: 2f:f4:fb:d0:26:fd:48:50:61:a3:b4:07:8a:9f:ed:c5: 2e:a3:5f:ea:9e:fc:b0:d2:53:48:58:df:d7:0c:56:88: ba:9a:32:e4:5e:17:f5:de:e2:23:c2:bd:34:b3:5c:a5 Fingerprint (SHA-256): 87:F2:3F:32:97:9C:90:2B:B4:2B:95:F0:81:7F:A1:9F:2E:D3:93:48:E3:C1:AF:EF:CA:AE:62:0B:04:02:7F:0B Fingerprint (SHA1): 8A:2F:4D:C2:93:6F:FC:A4:6E:EE:C5:EF:DC:BD:5F:71:FA:E7:57:70 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4134: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4135: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4136: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4137: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022009 (0x1eefa5b9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:32:37 2015 Not After : Tue May 19 06:32:37 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:be:72:34:3f:5b:f5:76:61:91:f3:95:b9:6a:40:9a: 71:fb:49:00:16:ea:12:88:a4:af:f4:fe:94:5e:3f:dc: 04:ce:75:db:3b:e2:d8:34:a9:5f:9e:6a:f5:c6:b1:9d: 9f:af:8c:e4:d9:ea:b3:cb:78:e6:aa:aa:a4:bb:a4:b1: c4:46:59:b0:a4:3b:56:0d:53:16:e8:ba:c8:d2:31:d8: 50:98:4c:96:b7:fb:c2:74:d6:22:77:31:bb:f5:f2:72: 99:9d:64:16:eb:b4:6f:db:13:f9:91:59:8e:75:fe:f1: d4:cb:b7:bb:03:6f:65:00:f6:b8:ba:86:a5:70:01:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9f:7a:c3:42:a7:bd:e0:47:17:b4:80:25:4a:da:b4:24: 72:4a:d2:2e:2f:7c:05:a6:28:57:54:6c:7d:f8:6c:b4: f3:f7:16:a2:2c:6a:ab:cd:6a:f8:b8:e3:b1:dd:4a:21: 08:78:5a:4b:e0:59:5a:9c:c8:7e:fa:e0:76:e7:a0:8a: 57:33:2c:08:5e:53:43:06:92:16:d4:fb:41:6b:9e:e6: 2f:f4:fb:d0:26:fd:48:50:61:a3:b4:07:8a:9f:ed:c5: 2e:a3:5f:ea:9e:fc:b0:d2:53:48:58:df:d7:0c:56:88: ba:9a:32:e4:5e:17:f5:de:e2:23:c2:bd:34:b3:5c:a5 Fingerprint (SHA-256): 87:F2:3F:32:97:9C:90:2B:B4:2B:95:F0:81:7F:A1:9F:2E:D3:93:48:E3:C1:AF:EF:CA:AE:62:0B:04:02:7F:0B Fingerprint (SHA1): 8A:2F:4D:C2:93:6F:FC:A4:6E:EE:C5:EF:DC:BD:5F:71:FA:E7:57:70 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4138: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4139: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4140: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022016 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4141: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4142: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4143: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4144: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519022017 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4145: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4146: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #4147: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4148: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519022018 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4149: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4150: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #4151: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4152: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519022019 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4153: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4154: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4155: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4156: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519022020 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4157: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4158: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #4159: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4160: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519022021 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4161: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4162: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #4163: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4164: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519022022 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4165: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4166: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4167: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4168: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519022023 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4169: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4170: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #4171: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4172: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519022024 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4173: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4174: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #4175: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4176: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519022025 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4177: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4178: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #4179: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4180: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519022026 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4181: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4182: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #4183: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4184: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519022027 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4185: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4186: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #4187: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4188: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519022028 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4189: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4190: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #4191: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4192: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519022029 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4193: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4194: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #4195: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4196: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519022030 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4197: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4198: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #4199: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4200: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519022031 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4201: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4202: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #4203: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4204: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519022032 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4205: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4206: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #4207: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4208: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519022033 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #4209: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4210: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #4211: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4212: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519022034 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4213: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4214: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #4215: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4216: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519022035 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4217: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4218: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #4219: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4220: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519022036 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4221: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4222: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #4223: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4224: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519022037 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4225: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4226: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #4227: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4228: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519022038 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4229: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4230: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #4231: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4232: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519022039 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4233: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4234: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #4235: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4236: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519022040 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4237: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4238: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #4239: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4240: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519022041 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4241: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4242: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #4243: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4244: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519022042 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4245: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4246: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #4247: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4248: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519022043 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4249: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4250: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #4251: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4252: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519022044 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4253: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4254: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #4255: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4256: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519022045 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4257: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4258: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4259: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4260: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4261: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4262: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4263: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4264: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4265: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4266: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4267: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4268: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4269: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4270: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4271: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4272: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4273: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4274: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4275: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4276: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4277: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4278: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4279: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4280: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4281: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022016 (0x1eefa5c0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:33:06 2015 Not After : Tue May 19 06:33:06 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:64:a5:2d:10:d8:3b:8b:4f:a8:2a:05:5f:6c:5f:a0: 6d:d4:b0:1f:76:4f:a0:85:17:46:d0:86:ba:35:46:76: e9:13:6b:b0:08:80:2b:a8:33:3a:77:77:97:d3:bd:eb: cc:3f:36:1b:61:a3:19:5f:95:9d:66:80:2b:9a:b7:fa: 22:b3:52:cc:e1:e0:40:bf:94:1e:f0:07:d1:59:e3:6c: 75:01:3f:33:c5:1b:55:9a:95:ac:36:1a:b1:a9:2a:a2: c5:57:59:da:6e:49:30:a3:96:98:b3:e7:1a:3d:f4:a0: 91:20:20:b4:20:b3:5a:64:96:cf:71:29:08:cc:4e:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9e:d0:07:64:3b:cc:e0:1f:01:7b:f8:5d:fc:bb:d4:f4: c0:ff:d9:44:9f:25:57:12:8b:18:8d:36:79:e3:a2:b2: a4:0a:ad:66:96:d4:a4:f1:be:2e:5c:f1:ff:b2:6a:71: 2a:1b:5d:a8:64:b3:86:55:c8:7f:63:16:75:cc:23:da: 0e:18:c9:51:f1:1d:3f:bb:d4:90:f2:39:61:18:88:94: 40:ac:5f:d7:b5:22:4f:f9:d6:81:58:ae:8a:79:af:0c: fa:10:16:74:11:a5:9c:ad:1c:49:6f:34:10:ee:85:c1: c1:94:5c:a3:72:90:1d:f7:2e:62:fc:97:58:5c:63:ea Fingerprint (SHA-256): B8:89:AF:AC:F6:BB:F7:DF:7B:6F:24:96:3D:43:82:97:4C:A0:9B:02:58:BE:65:11:6B:1B:71:E2:84:89:76:BF Fingerprint (SHA1): 16:08:79:2D:D1:65:A8:59:37:F2:F0:BF:3B:EA:36:64:36:47:CA:9E Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #4282: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4283: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4284: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022046 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4285: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4286: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #4287: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4288: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519022047 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4289: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4290: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #4291: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4292: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519022048 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4293: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4294: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #4295: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4296: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519022049 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4297: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4298: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #4299: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4300: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519022050 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4301: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4302: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #4303: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4304: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519022051 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4305: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4306: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #4307: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4308: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519022052 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4309: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4310: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4311: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022046 (0x1eefa5de) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:34:59 2015 Not After : Tue May 19 06:34:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:6d:e0:64:fd:81:9c:7c:4b:ab:36:a5:fb:16:b4:fe: e9:71:11:51:f8:34:fb:dd:16:c0:fc:24:26:a8:34:4b: 46:1e:f3:4c:05:68:dc:ea:81:34:0e:c1:8f:e7:7c:33: 2e:f4:03:40:ac:d7:fa:16:8a:f5:d3:63:30:b0:ce:2c: 14:c7:e3:09:e2:20:7d:7f:17:76:aa:f7:f4:a2:29:d0: 8b:ed:56:67:ac:8b:42:3f:57:b1:5a:3a:82:a0:38:a3: 78:71:d0:d7:da:8e:0f:6d:28:93:32:9c:4a:0f:5b:d0: 2c:55:8c:51:5b:43:12:37:0e:e6:6b:a8:f1:b1:59:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 59:c4:15:ae:75:1f:a4:a6:c4:bd:82:39:31:12:23:5c: 0b:13:97:6b:ab:f2:df:f7:75:94:ba:a3:33:44:e0:fa: 2e:56:42:09:65:3d:ed:d5:dd:d8:30:05:39:ce:8f:73: 10:aa:97:90:2e:81:9d:24:72:d2:9d:4f:23:52:4e:9c: 57:be:12:c0:49:96:71:a6:fb:30:8e:48:e2:42:ed:3b: f4:23:37:6a:ef:85:42:8b:09:77:e0:4e:ae:2b:7f:c9: 85:9a:3f:33:8d:d4:1b:cc:5b:cf:8c:f1:0d:d2:99:c9: 14:7c:f4:ba:8a:cb:ea:f6:26:2a:35:dc:bc:00:e3:b6 Fingerprint (SHA-256): 86:B6:32:B3:A2:19:FB:BF:84:A7:05:BE:60:35:20:17:F6:B2:DF:CC:55:DF:05:90:01:74:AD:1E:98:CA:FF:B3 Fingerprint (SHA1): 71:0A:03:10:F4:41:09:4F:FC:5F:21:C3:2B:A4:AD:B7:DE:CD:13:57 Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #4312: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4313: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4314: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4315: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022046 (0x1eefa5de) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:34:59 2015 Not After : Tue May 19 06:34:59 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:6d:e0:64:fd:81:9c:7c:4b:ab:36:a5:fb:16:b4:fe: e9:71:11:51:f8:34:fb:dd:16:c0:fc:24:26:a8:34:4b: 46:1e:f3:4c:05:68:dc:ea:81:34:0e:c1:8f:e7:7c:33: 2e:f4:03:40:ac:d7:fa:16:8a:f5:d3:63:30:b0:ce:2c: 14:c7:e3:09:e2:20:7d:7f:17:76:aa:f7:f4:a2:29:d0: 8b:ed:56:67:ac:8b:42:3f:57:b1:5a:3a:82:a0:38:a3: 78:71:d0:d7:da:8e:0f:6d:28:93:32:9c:4a:0f:5b:d0: 2c:55:8c:51:5b:43:12:37:0e:e6:6b:a8:f1:b1:59:93 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 59:c4:15:ae:75:1f:a4:a6:c4:bd:82:39:31:12:23:5c: 0b:13:97:6b:ab:f2:df:f7:75:94:ba:a3:33:44:e0:fa: 2e:56:42:09:65:3d:ed:d5:dd:d8:30:05:39:ce:8f:73: 10:aa:97:90:2e:81:9d:24:72:d2:9d:4f:23:52:4e:9c: 57:be:12:c0:49:96:71:a6:fb:30:8e:48:e2:42:ed:3b: f4:23:37:6a:ef:85:42:8b:09:77:e0:4e:ae:2b:7f:c9: 85:9a:3f:33:8d:d4:1b:cc:5b:cf:8c:f1:0d:d2:99:c9: 14:7c:f4:ba:8a:cb:ea:f6:26:2a:35:dc:bc:00:e3:b6 Fingerprint (SHA-256): 86:B6:32:B3:A2:19:FB:BF:84:A7:05:BE:60:35:20:17:F6:B2:DF:CC:55:DF:05:90:01:74:AD:1E:98:CA:FF:B3 Fingerprint (SHA1): 71:0A:03:10:F4:41:09:4F:FC:5F:21:C3:2B:A4:AD:B7:DE:CD:13:57 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #4316: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4317: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4318: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4319: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022053 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4320: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4321: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4322: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4323: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022054 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4324: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4325: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4326: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4327: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022055 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4328: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4329: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4330: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4331: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519022056 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4332: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4333: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4334: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4335: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4336: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4337: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022053 (0x1eefa5e5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:35:26 2015 Not After : Tue May 19 06:35:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:06:97:c5:4b:3b:86:19:ff:50:91:d0:fe:21:75:cf: 42:b7:50:f1:41:e4:d5:9f:76:89:43:e3:22:1a:79:ae: bf:77:3b:82:b0:65:ec:7d:b3:09:33:8f:6d:a0:62:3c: 9c:39:70:aa:4b:b9:f6:21:08:ef:41:f1:d7:99:eb:2e: 16:7a:42:5f:b0:87:2b:bf:8c:c3:cd:bc:54:a9:ae:b2: 30:9d:44:58:5a:e0:85:5a:83:8a:34:c9:d1:98:f5:dd: 3b:c4:93:53:3d:84:2f:bf:df:44:6e:75:08:6c:9e:2d: 43:0b:2a:b0:ea:ed:f1:a2:1b:af:9f:07:16:15:26:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2a:83:d1:5d:f8:91:41:03:ae:db:56:1e:ee:2b:25:2c: 12:d2:e3:70:a9:d0:f7:11:17:1e:b9:2d:dd:61:66:f0: 3a:88:80:d2:b8:13:ae:11:db:68:20:d5:43:6c:06:2e: 95:2e:90:47:e8:af:2a:60:b7:9c:00:7b:f3:03:0b:c3: cc:20:0d:e3:3a:4b:60:3c:ec:bb:02:d8:71:34:e8:e5: e6:e0:74:5f:7d:e0:38:19:c1:4f:f4:97:f3:9f:88:58: f5:c4:dd:01:04:33:47:69:76:00:2a:01:c4:69:f5:03: e0:9d:fb:fa:0e:34:43:a9:4a:05:93:a4:6a:99:27:5f Fingerprint (SHA-256): 75:58:3B:D3:71:EE:EF:E0:D1:27:B6:A6:18:29:3F:06:E7:A3:7C:D4:04:D7:C1:11:31:95:0B:8D:01:0F:C4:8D Fingerprint (SHA1): 8F:5E:E9:70:0A:AE:E4:91:88:83:E5:0F:C6:13:81:4A:41:31:E4:96 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4338: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4339: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4340: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022054 (0x1eefa5e6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:35:28 2015 Not After : Tue May 19 06:35:28 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:79:c5:6b:24:67:56:12:f4:88:57:88:01:4f:54:5d: 80:49:aa:8a:a4:09:88:a5:28:b0:27:94:1c:08:9a:a4: 2f:c3:2c:11:a8:95:95:8c:77:a9:ec:45:ae:f3:11:55: de:db:4e:01:b7:5f:f3:66:48:39:56:4e:2c:35:5e:74: fb:a7:10:f6:45:de:23:68:e6:4f:e6:95:6a:64:b4:e9: a1:e9:11:da:a1:be:c7:d5:00:6f:87:4f:f7:e4:dd:54: 4c:fc:8a:62:8a:1b:bf:e1:d3:cd:8d:75:3c:91:e0:ca: 79:8b:bb:5b:bd:fd:3b:ab:b5:d4:50:07:e5:30:62:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 05:b6:e6:dc:71:e5:e1:ad:9a:e3:88:89:c1:69:d8:75: 01:92:c6:47:b6:8a:46:d0:c0:43:d1:b8:36:3a:8d:5e: aa:df:02:41:5c:2b:c9:b5:7a:61:64:b0:fb:6e:da:f3: 5e:aa:e8:3d:88:dc:cb:b9:1c:36:fe:a2:ce:fc:ca:b6: 33:03:6e:89:9b:70:84:a6:38:47:11:e8:d1:69:14:56: bb:5b:3a:c8:35:f0:ea:ad:77:ad:a3:45:fd:2f:73:a3: 06:e7:52:a1:27:1d:f8:d8:b5:bb:9d:01:a3:de:71:c3: fe:3b:a7:94:8d:df:6e:7c:cf:84:60:4f:e9:1a:4c:1f Fingerprint (SHA-256): 16:2A:84:09:D5:76:CF:24:3D:2E:19:B1:89:C8:64:BD:7D:77:CE:59:D7:3C:80:91:0D:36:BD:EB:8C:FC:BE:64 Fingerprint (SHA1): 47:63:0D:6F:80:2E:17:BB:6E:C0:26:41:9E:32:C3:FB:0C:DC:2C:2C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4341: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4342: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022055 (0x1eefa5e7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:35:33 2015 Not After : Tue May 19 06:35:33 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cf:82:bb:25:a0:72:aa:53:71:1b:b7:b2:54:c7:6a:df: e7:cd:54:31:d7:1f:84:49:76:a5:6c:c8:47:2d:9f:72: a7:a2:2f:48:a1:34:63:ee:5a:12:d5:b5:27:eb:68:db: 2a:6d:50:dd:62:3d:62:88:d1:f3:ff:ed:0b:67:a9:1a: 4c:2e:c2:a4:25:3c:e5:65:bf:ba:07:6b:c2:f5:39:a8: 63:20:4d:5a:01:97:e1:08:2f:30:12:80:b2:8e:bc:56: 02:c3:6f:ef:44:35:91:16:54:a7:62:64:ad:6a:c6:27: 74:a0:cc:e2:86:de:01:66:5f:c7:2e:b9:9f:8a:24:57 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 90:68:e9:9b:f6:65:87:cf:ca:53:9b:68:a5:6b:e1:1e: 22:e2:c8:76:4a:2d:ff:b4:6b:e8:b0:ff:eb:7a:ca:c5: a3:e2:57:a6:ad:8e:0b:8b:b7:d9:13:39:68:1e:05:09: 1b:b1:9a:b4:68:54:0f:c6:00:4c:03:25:4a:19:2e:bb: 85:e5:2d:fe:eb:24:ad:a2:ac:5b:2e:a1:18:40:6c:7b: 95:28:70:f7:1c:1d:17:1a:92:25:69:be:4a:69:eb:00: 94:95:11:34:63:40:48:b7:a3:7c:d4:66:28:dd:2e:12: 4e:a8:73:98:26:73:d7:6f:e9:cc:fa:59:45:f1:88:06 Fingerprint (SHA-256): 33:34:17:C7:A7:66:B4:D7:43:2E:3F:D6:95:8E:09:99:6A:D9:79:12:77:1C:1A:95:18:CB:0E:39:A4:93:4D:6D Fingerprint (SHA1): 17:28:D1:C4:82:2C:0E:86:F2:0C:29:82:14:C0:3D:0F:79:C7:84:52 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #4343: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4344: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022057 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4345: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4346: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4347: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4348: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022058 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4349: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4350: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4351: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4352: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022059 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4353: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4354: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4355: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4356: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519022060 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4357: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4358: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4359: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4360: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519022061 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4361: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4362: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4363: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #4364: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #4365: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #4366: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #4367: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022057 (0x1eefa5e9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:35:45 2015 Not After : Tue May 19 06:35:45 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a9:74:c0:bf:ed:2e:73:05:6b:cb:90:a2:f1:d5:5b:28: a1:41:87:76:d8:03:8f:33:8f:77:b1:1d:7d:1e:1f:a0: 8b:4b:b6:22:84:46:f6:93:54:db:6f:bf:26:87:af:9a: 30:aa:f2:93:6d:ad:1f:77:45:dc:54:15:cf:46:b0:90: 27:32:ba:20:fa:bf:33:a3:95:79:25:ca:2c:79:60:7d: 0d:f0:41:fd:48:da:66:25:f4:ef:91:0c:cb:f7:59:f2: c1:1d:f0:68:66:47:9e:98:72:00:7e:ea:36:d7:bf:e3: 90:af:cd:91:4c:6f:ff:c1:8e:ed:84:f2:7d:08:70:99 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 29:f5:f5:86:81:14:73:be:8e:2a:a6:4e:fd:d8:01:b3: c8:9e:d7:bd:70:9c:91:76:96:46:3b:f7:8b:63:e7:13: 07:3e:1c:28:2c:a1:dd:c1:df:2e:43:0c:92:b6:52:a2: f5:1c:92:01:8a:88:f0:99:5a:d9:7c:92:da:80:1c:fd: 67:0a:d5:cc:5f:e3:b2:f8:8b:7f:c5:96:bf:16:53:f7: 73:90:8a:dd:3c:fa:a5:72:ca:de:fe:9b:f6:2c:12:98: 49:a3:a1:8f:8a:22:38:d0:43:f7:52:a5:e2:c4:09:a2: 2e:f0:68:40:50:bb:81:08:2e:c2:bc:18:3c:b8:07:27 Fingerprint (SHA-256): 48:9F:75:DC:4F:5C:9A:7F:7D:00:17:E7:D1:2A:CE:4C:71:D4:2D:49:8D:65:83:E4:87:38:58:3A:87:60:2F:5F Fingerprint (SHA1): C3:38:D9:41:FF:61:D7:8C:E8:AB:C3:36:1D:E3:68:AE:89:B0:71:E9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4368: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4369: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022058 (0x1eefa5ea) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:35:48 2015 Not After : Tue May 19 06:35:48 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:78:3c:5f:da:17:1a:07:67:b5:23:86:6e:1d:07:9d: a3:18:82:4b:98:91:8e:eb:74:d5:74:10:3e:3f:b8:20: 72:c2:2b:bf:52:77:d8:c6:4e:25:a4:72:d0:0b:f6:3d: d1:7a:3e:32:c0:cb:26:c5:0a:74:ec:1b:23:cd:b5:0b: f7:ea:77:e1:d7:e3:30:d2:19:69:18:bb:c3:ce:8f:49: 61:40:e2:cc:c4:b7:fd:8b:e0:31:30:0b:5d:86:62:a4: 26:0a:bc:11:95:54:3e:75:2e:36:3a:4c:b7:cb:7b:b7: b3:2e:42:51:b5:f2:1b:4b:07:03:e8:b2:12:89:ee:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:ec:1b:0a:1f:08:2e:d7:10:c0:d8:d6:42:e2:8e:64: 3a:4f:f9:f5:e6:9b:75:dd:01:18:1c:68:2a:6f:43:c9: e6:cf:28:85:d3:8e:e6:77:01:c3:fe:06:98:a9:44:a7: 34:b8:94:bd:ac:ee:35:02:8d:32:26:0e:e8:a3:89:19: fb:8a:27:1c:30:26:a5:c1:56:e9:63:08:41:ad:5b:fa: e9:ec:fa:dd:be:dd:2e:11:3c:3c:03:6a:c4:f0:75:94: 13:fe:34:17:07:41:90:c5:1b:49:51:ef:03:36:69:4e: 10:0e:08:c3:28:0f:98:fd:7d:fc:23:27:6e:0e:04:8e Fingerprint (SHA-256): A6:BE:B5:C8:FB:C5:C4:64:E7:3A:09:32:96:F2:1F:50:BC:51:56:E7:B9:4A:03:71:3C:07:2D:73:ED:C2:9C:BB Fingerprint (SHA1): 71:70:18:07:87:A0:8E:0E:3B:A6:E3:6F:BA:1A:D7:CB:68:2E:BE:70 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4370: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4371: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4372: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022059 (0x1eefa5eb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:35:51 2015 Not After : Tue May 19 06:35:51 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:c1:ee:87:fe:20:3b:63:c1:39:cb:a2:5e:5a:cf:31: 8f:4b:9b:6a:ea:b8:ad:36:60:e5:6a:a0:96:ab:9b:55: a7:3c:bc:81:44:fc:ca:90:17:0d:cc:7b:69:a3:f7:73: 2d:5e:08:f3:0f:89:a9:d8:d5:6f:46:e0:e0:86:e2:36: bf:18:6a:02:a2:f0:ca:6f:aa:3e:47:e5:cc:dc:97:be: 2a:80:13:3e:0d:d2:c8:5d:21:aa:69:5c:59:a2:9b:c4: 86:74:92:a0:8a:0c:a5:c1:b2:11:82:09:7c:d0:1a:ac: 88:bb:c7:6a:c8:ae:b6:c9:c4:04:59:19:f0:e4:15:15 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 39:12:59:d3:67:ce:62:d1:ee:a5:c9:83:44:8c:e0:6c: 17:1a:2d:d6:db:e8:62:47:0b:f6:ab:4d:08:ad:41:b5: 1e:49:97:fc:7e:03:6d:af:c6:e2:ad:a8:21:09:ed:83: 4b:11:8c:75:9a:b2:f5:70:35:99:4e:97:9c:f9:64:8d: ac:87:38:15:84:53:7a:11:be:68:66:22:8b:2f:c1:eb: 1c:34:a5:28:5e:d8:4c:7c:db:fe:5a:4f:35:d7:25:f0: ac:84:d8:a8:0e:f8:4a:8a:b2:b6:73:8c:53:16:34:25: 8e:c6:db:7d:c7:cd:26:b5:c5:99:f5:7c:50:a1:f2:1a Fingerprint (SHA-256): 9C:DB:E8:C0:79:4E:6D:37:43:4E:B0:7F:10:8D:16:85:F7:35:71:6C:98:A7:1E:FD:54:B9:C6:3A:32:B1:57:6A Fingerprint (SHA1): E6:9C:80:14:62:EF:5F:D5:D1:DB:71:62:CA:04:C5:3A:1A:C3:8A:B9 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #4373: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4374: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022062 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4375: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4376: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4377: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4378: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022063 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4379: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4380: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4381: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4382: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022064 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519021841.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4383: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4384: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #4385: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4386: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519022065 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4387: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4388: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #4389: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022062 (0x1eefa5ee) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:36:07 2015 Not After : Tue May 19 06:36:07 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:c6:63:73:a3:54:74:5a:60:28:eb:e2:af:fe:73:2c: f8:0b:2d:31:21:9c:2c:87:32:cf:02:cc:4d:3f:33:b2: 04:d3:df:3b:cf:5e:ec:2b:72:83:a8:e5:20:fc:36:34: 80:42:93:1a:76:a5:bc:14:f3:ec:35:ba:cd:39:b3:2b: 01:ae:34:ba:95:9d:6c:7c:08:b3:a6:22:2a:d3:f8:f2: bc:c8:04:ac:c1:1e:8f:ae:01:79:ba:dd:d9:6d:73:e4: 98:15:85:f2:ed:40:b6:f8:5b:39:e9:51:4a:35:30:f6: 03:9c:95:ed:90:40:47:c7:9f:1b:09:90:06:ef:f4:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:53:29:66:49:fd:30:85:5c:f2:57:b9:d6:4b:d4:49: be:25:5a:80:a6:ed:10:77:2a:5a:60:63:8f:0f:b3:ca: c1:10:0c:52:2b:29:da:8f:6e:57:37:ac:b6:d3:99:c5: 3a:30:1d:04:67:a9:d0:34:35:47:40:6e:38:86:b1:70: 02:37:27:79:09:69:ba:00:95:0d:77:10:69:12:df:10: e5:8a:a3:d8:42:cf:cf:7c:52:e2:d4:cd:6b:30:2b:26: 4e:be:2a:bf:d8:93:fe:1b:33:11:ee:22:a1:dc:1c:bf: 4d:05:db:1b:ff:0d:f5:ed:13:e0:8b:b4:85:01:18:82 Fingerprint (SHA-256): D0:6C:93:BD:BF:61:90:E0:95:5C:D2:EA:76:B4:43:5D:A3:3C:80:0C:DC:3B:42:4E:E8:EA:05:39:08:21:9B:DF Fingerprint (SHA1): E9:F5:A4:42:36:45:39:66:77:1A:34:44:17:1B:1A:BF:45:70:16:EB Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4390: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4391: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022066 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4392: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4393: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4394: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022067 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4395: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4396: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4397: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4398: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519022068 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4399: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4400: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519022069 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4401: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4402: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #4403: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4404: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4405: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519022070 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519021842.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4406: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4407: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4408: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4409: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519022071 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4410: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4411: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #4412: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #4413: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022067 (0x1eefa5f3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:23 2015 Not After : Tue May 19 06:36:23 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f6:44:92:af:82:f9:8e:99:e4:0c:4a:a8:03:a2:14:87: dc:54:14:6a:94:57:28:48:e5:27:dc:3c:28:b6:f3:64: 2c:af:6a:ed:bf:7e:74:04:a7:5c:ef:cb:4c:a3:0f:d1: 45:94:ae:78:41:4f:91:02:0c:6e:78:7d:92:16:e5:a8: 83:74:5b:cc:83:5f:80:76:29:cc:6f:64:9c:70:da:6d: 9b:2d:5d:85:9e:1d:7d:65:3c:b0:ae:bf:ef:b0:a0:ec: 06:b9:02:c0:0b:66:87:0d:ff:36:08:5a:60:d3:9b:88: 72:72:d0:16:d6:9e:70:ed:4d:02:58:a3:e9:81:f6:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:4d:85:bf:8c:f4:3a:33:55:35:bd:6b:5a:52:8a:ac: c3:8d:44:33:e1:01:3f:9d:28:66:6c:85:cc:47:ee:a3: 23:c5:bd:a7:04:9d:1c:48:71:92:8b:8b:08:02:fd:83: 94:3e:8a:5f:9e:2d:5d:9c:a7:de:37:10:a8:01:e5:74: 38:e1:ca:ed:fb:68:d3:a8:66:de:77:bb:0a:ce:e0:bc: 0c:3f:81:44:2e:24:79:b6:6c:c5:da:89:50:74:f9:b3: 7f:71:83:31:d6:22:ae:ad:0a:01:d1:23:b2:2e:1f:ce: 02:a3:b9:b1:ae:f9:31:9a:ad:10:98:87:54:83:5e:2a Fingerprint (SHA-256): 7F:F1:3D:A4:08:83:C0:26:F2:A9:33:43:E0:98:BD:7C:14:62:29:A0:B0:60:18:B7:C5:2E:26:27:D5:69:6E:D1 Fingerprint (SHA1): 4D:06:8B:5E:20:67:58:DE:C3:6F:64:D5:22:F9:4A:38:6B:C3:D4:A7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4414: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022067 (0x1eefa5f3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:23 2015 Not After : Tue May 19 06:36:23 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f6:44:92:af:82:f9:8e:99:e4:0c:4a:a8:03:a2:14:87: dc:54:14:6a:94:57:28:48:e5:27:dc:3c:28:b6:f3:64: 2c:af:6a:ed:bf:7e:74:04:a7:5c:ef:cb:4c:a3:0f:d1: 45:94:ae:78:41:4f:91:02:0c:6e:78:7d:92:16:e5:a8: 83:74:5b:cc:83:5f:80:76:29:cc:6f:64:9c:70:da:6d: 9b:2d:5d:85:9e:1d:7d:65:3c:b0:ae:bf:ef:b0:a0:ec: 06:b9:02:c0:0b:66:87:0d:ff:36:08:5a:60:d3:9b:88: 72:72:d0:16:d6:9e:70:ed:4d:02:58:a3:e9:81:f6:73 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:4d:85:bf:8c:f4:3a:33:55:35:bd:6b:5a:52:8a:ac: c3:8d:44:33:e1:01:3f:9d:28:66:6c:85:cc:47:ee:a3: 23:c5:bd:a7:04:9d:1c:48:71:92:8b:8b:08:02:fd:83: 94:3e:8a:5f:9e:2d:5d:9c:a7:de:37:10:a8:01:e5:74: 38:e1:ca:ed:fb:68:d3:a8:66:de:77:bb:0a:ce:e0:bc: 0c:3f:81:44:2e:24:79:b6:6c:c5:da:89:50:74:f9:b3: 7f:71:83:31:d6:22:ae:ad:0a:01:d1:23:b2:2e:1f:ce: 02:a3:b9:b1:ae:f9:31:9a:ad:10:98:87:54:83:5e:2a Fingerprint (SHA-256): 7F:F1:3D:A4:08:83:C0:26:F2:A9:33:43:E0:98:BD:7C:14:62:29:A0:B0:60:18:B7:C5:2E:26:27:D5:69:6E:D1 Fingerprint (SHA1): 4D:06:8B:5E:20:67:58:DE:C3:6F:64:D5:22:F9:4A:38:6B:C3:D4:A7 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4415: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4416: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022072 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4417: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4418: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4419: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022073 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4420: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4421: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4422: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4423: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519022074 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4424: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4425: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519022075 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4426: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4427: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #4428: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4429: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4430: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519022076 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519021843.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4431: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4432: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4433: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4434: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519022077 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4435: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4436: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4437: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4438: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519022078 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519021844.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4439: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4440: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4441: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4442: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519022079 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4443: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4444: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #4445: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #4446: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022073 (0x1eefa5f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:41 2015 Not After : Tue May 19 06:36:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:43:df:19:c8:85:26:95:af:66:29:74:4e:32:46:2e: ff:29:24:11:fd:ce:37:9b:86:6f:81:7a:e4:53:e7:4e: 66:42:d3:fc:63:95:f3:84:27:d9:59:32:11:19:5e:1a: 81:16:d4:7a:c3:9e:67:3a:b2:47:85:a6:41:84:96:d1: 40:3c:77:d4:ef:58:34:59:7a:e8:24:33:4f:69:bb:e8: dd:ac:81:b5:82:ba:80:9b:34:1a:42:de:90:46:eb:af: f4:6f:fe:b0:d5:1c:40:3f:9e:9c:f3:74:20:e8:d3:e5: 41:cd:ce:bb:c9:b2:f8:e1:0d:93:91:a2:79:e2:f3:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c7:73:d8:87:31:9b:a1:bb:11:0d:7a:79:27:3d:64:07: 9a:b8:61:66:9c:e3:61:3e:91:e0:aa:1e:67:ed:fe:b6: c9:fe:31:82:40:82:33:16:20:60:77:1a:65:54:9d:77: 50:d4:ed:23:32:76:8f:34:d5:33:2c:1e:3e:2c:b8:b0: f3:0e:4a:ae:f1:ef:a4:09:38:65:be:94:b6:29:70:16: af:86:4d:91:77:0a:0d:0d:b8:ce:de:fa:cc:11:83:ea: f4:46:b3:b8:43:28:6f:fc:c2:86:18:b8:d9:ea:fe:1e: e2:80:60:04:25:48:91:16:95:16:88:e3:93:b9:7e:1b Fingerprint (SHA-256): 8C:91:3E:78:23:01:E0:AD:C1:C8:27:DB:6E:89:94:B9:D8:24:52:BC:40:77:23:49:9C:B6:2C:A0:CA:84:0F:50 Fingerprint (SHA1): 8A:30:B8:F7:35:85:CA:9A:62:28:00:AC:58:24:C9:19:90:C3:38:71 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4447: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022073 (0x1eefa5f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:41 2015 Not After : Tue May 19 06:36:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:43:df:19:c8:85:26:95:af:66:29:74:4e:32:46:2e: ff:29:24:11:fd:ce:37:9b:86:6f:81:7a:e4:53:e7:4e: 66:42:d3:fc:63:95:f3:84:27:d9:59:32:11:19:5e:1a: 81:16:d4:7a:c3:9e:67:3a:b2:47:85:a6:41:84:96:d1: 40:3c:77:d4:ef:58:34:59:7a:e8:24:33:4f:69:bb:e8: dd:ac:81:b5:82:ba:80:9b:34:1a:42:de:90:46:eb:af: f4:6f:fe:b0:d5:1c:40:3f:9e:9c:f3:74:20:e8:d3:e5: 41:cd:ce:bb:c9:b2:f8:e1:0d:93:91:a2:79:e2:f3:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c7:73:d8:87:31:9b:a1:bb:11:0d:7a:79:27:3d:64:07: 9a:b8:61:66:9c:e3:61:3e:91:e0:aa:1e:67:ed:fe:b6: c9:fe:31:82:40:82:33:16:20:60:77:1a:65:54:9d:77: 50:d4:ed:23:32:76:8f:34:d5:33:2c:1e:3e:2c:b8:b0: f3:0e:4a:ae:f1:ef:a4:09:38:65:be:94:b6:29:70:16: af:86:4d:91:77:0a:0d:0d:b8:ce:de:fa:cc:11:83:ea: f4:46:b3:b8:43:28:6f:fc:c2:86:18:b8:d9:ea:fe:1e: e2:80:60:04:25:48:91:16:95:16:88:e3:93:b9:7e:1b Fingerprint (SHA-256): 8C:91:3E:78:23:01:E0:AD:C1:C8:27:DB:6E:89:94:B9:D8:24:52:BC:40:77:23:49:9C:B6:2C:A0:CA:84:0F:50 Fingerprint (SHA1): 8A:30:B8:F7:35:85:CA:9A:62:28:00:AC:58:24:C9:19:90:C3:38:71 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4448: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #4449: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022072 (0x1eefa5f8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:36:39 2015 Not After : Tue May 19 06:36:39 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cb:e6:db:67:1b:72:71:3f:b4:9b:3d:a6:54:88:63:32: c8:94:dd:ca:33:43:51:59:21:27:52:23:5c:8e:7a:7e: 35:1b:34:0a:fa:6e:50:9a:58:6e:b9:c1:5c:1b:d8:86: ba:80:fe:d6:b0:b7:1f:c8:fb:d4:fa:b9:9e:11:9d:64: 14:2a:1c:e1:f3:2d:55:9e:95:cd:16:14:4f:26:6e:70: ba:27:85:b2:20:ce:3e:7a:b5:70:19:16:c8:01:26:4c: ce:20:bd:6a:50:2c:a8:d5:d5:37:b9:73:25:e0:06:d2: 2e:7d:ea:32:81:fd:eb:13:a5:84:7c:18:9d:18:2f:45 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4b:bd:c2:c8:55:48:31:2f:a6:1a:cb:12:01:60:18:ab: 4b:0c:98:cf:c9:33:d6:aa:e4:d2:7d:a7:5f:5b:58:4e: 93:6f:2b:46:8d:9c:07:54:1c:85:1b:52:e1:e6:ed:5f: 30:cb:07:76:fd:46:7f:6f:75:79:13:a1:28:73:f5:ef: 78:00:c2:8f:33:a2:8e:a6:3e:ca:52:0e:0b:81:9c:c4: c5:e3:d2:da:fe:e7:cc:32:41:80:76:d8:c1:95:f1:3d: 0e:98:84:0b:e3:74:15:dc:fa:8d:28:d6:bc:c5:3f:12: d6:82:33:33:a4:4c:b4:14:17:16:4a:77:80:25:1a:0d Fingerprint (SHA-256): 0B:1F:BE:70:44:29:DC:FF:90:AC:99:BC:B1:0A:50:45:4F:EB:65:F2:B4:B7:06:7D:B7:3C:A7:FF:91:75:FC:F8 Fingerprint (SHA1): 9B:04:ED:B3:B2:EE:17:5A:0B:71:6D:64:65:B9:F0:F0:FC:2C:0A:84 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4450: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022073 (0x1eefa5f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:41 2015 Not After : Tue May 19 06:36:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:43:df:19:c8:85:26:95:af:66:29:74:4e:32:46:2e: ff:29:24:11:fd:ce:37:9b:86:6f:81:7a:e4:53:e7:4e: 66:42:d3:fc:63:95:f3:84:27:d9:59:32:11:19:5e:1a: 81:16:d4:7a:c3:9e:67:3a:b2:47:85:a6:41:84:96:d1: 40:3c:77:d4:ef:58:34:59:7a:e8:24:33:4f:69:bb:e8: dd:ac:81:b5:82:ba:80:9b:34:1a:42:de:90:46:eb:af: f4:6f:fe:b0:d5:1c:40:3f:9e:9c:f3:74:20:e8:d3:e5: 41:cd:ce:bb:c9:b2:f8:e1:0d:93:91:a2:79:e2:f3:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c7:73:d8:87:31:9b:a1:bb:11:0d:7a:79:27:3d:64:07: 9a:b8:61:66:9c:e3:61:3e:91:e0:aa:1e:67:ed:fe:b6: c9:fe:31:82:40:82:33:16:20:60:77:1a:65:54:9d:77: 50:d4:ed:23:32:76:8f:34:d5:33:2c:1e:3e:2c:b8:b0: f3:0e:4a:ae:f1:ef:a4:09:38:65:be:94:b6:29:70:16: af:86:4d:91:77:0a:0d:0d:b8:ce:de:fa:cc:11:83:ea: f4:46:b3:b8:43:28:6f:fc:c2:86:18:b8:d9:ea:fe:1e: e2:80:60:04:25:48:91:16:95:16:88:e3:93:b9:7e:1b Fingerprint (SHA-256): 8C:91:3E:78:23:01:E0:AD:C1:C8:27:DB:6E:89:94:B9:D8:24:52:BC:40:77:23:49:9C:B6:2C:A0:CA:84:0F:50 Fingerprint (SHA1): 8A:30:B8:F7:35:85:CA:9A:62:28:00:AC:58:24:C9:19:90:C3:38:71 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4451: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022073 (0x1eefa5f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:36:41 2015 Not After : Tue May 19 06:36:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:43:df:19:c8:85:26:95:af:66:29:74:4e:32:46:2e: ff:29:24:11:fd:ce:37:9b:86:6f:81:7a:e4:53:e7:4e: 66:42:d3:fc:63:95:f3:84:27:d9:59:32:11:19:5e:1a: 81:16:d4:7a:c3:9e:67:3a:b2:47:85:a6:41:84:96:d1: 40:3c:77:d4:ef:58:34:59:7a:e8:24:33:4f:69:bb:e8: dd:ac:81:b5:82:ba:80:9b:34:1a:42:de:90:46:eb:af: f4:6f:fe:b0:d5:1c:40:3f:9e:9c:f3:74:20:e8:d3:e5: 41:cd:ce:bb:c9:b2:f8:e1:0d:93:91:a2:79:e2:f3:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c7:73:d8:87:31:9b:a1:bb:11:0d:7a:79:27:3d:64:07: 9a:b8:61:66:9c:e3:61:3e:91:e0:aa:1e:67:ed:fe:b6: c9:fe:31:82:40:82:33:16:20:60:77:1a:65:54:9d:77: 50:d4:ed:23:32:76:8f:34:d5:33:2c:1e:3e:2c:b8:b0: f3:0e:4a:ae:f1:ef:a4:09:38:65:be:94:b6:29:70:16: af:86:4d:91:77:0a:0d:0d:b8:ce:de:fa:cc:11:83:ea: f4:46:b3:b8:43:28:6f:fc:c2:86:18:b8:d9:ea:fe:1e: e2:80:60:04:25:48:91:16:95:16:88:e3:93:b9:7e:1b Fingerprint (SHA-256): 8C:91:3E:78:23:01:E0:AD:C1:C8:27:DB:6E:89:94:B9:D8:24:52:BC:40:77:23:49:9C:B6:2C:A0:CA:84:0F:50 Fingerprint (SHA1): 8A:30:B8:F7:35:85:CA:9A:62:28:00:AC:58:24:C9:19:90:C3:38:71 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #4452: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #4453: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022080 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4454: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #4455: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #4456: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022081 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4457: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #4458: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #4459: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4460: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519022082 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4461: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4462: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #4463: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4464: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519022083 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4465: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4466: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #4467: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4468: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519022084 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4469: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4470: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519022085 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #4471: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4472: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #4473: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4474: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4475: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519022086 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4476: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4477: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4478: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4479: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519022087 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4480: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4481: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4482: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4483: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519022088 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4484: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4485: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4486: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4487: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519022089 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #4488: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4489: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4490: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022080 (0x1eefa600) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:37:06 2015 Not After : Tue May 19 06:37:06 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:73:03:82:87:0c:15:8d:c5:fd:82:53:fd:64:b5:90: eb:d6:0a:77:3b:2f:63:2e:cb:92:08:6c:8b:2d:b2:60: 5b:7c:8d:80:1b:ad:e3:5b:c2:df:d1:b0:54:68:f8:dc: 28:9e:87:3a:11:b9:aa:73:74:38:5b:85:ce:d4:c0:08: eb:09:3a:d0:da:1a:a8:4b:a6:23:8c:e3:e8:c4:92:33: 25:f1:a3:48:e8:24:65:27:1a:74:02:20:ec:b5:56:c6: fa:6c:39:f7:40:28:66:17:b3:b2:d9:b3:53:46:a4:31: 99:ef:57:47:63:dc:35:fc:c9:74:a2:30:cb:06:44:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:a1:7a:1d:b6:fe:65:6c:82:a4:a4:d7:e3:b1:3e:14: 6a:40:ba:8a:e4:e1:26:c1:5d:8e:76:b0:c1:34:8a:34: d3:0c:4c:51:b5:ed:2d:b3:89:6f:b3:31:27:4a:69:6b: 06:38:57:a6:13:c4:62:53:c6:6e:75:4d:64:24:b3:0c: d9:a8:ce:c3:77:60:4e:77:ef:28:70:aa:ef:75:e3:a4: 2f:32:dd:54:c4:26:2f:df:20:e6:0d:f9:ec:b3:0d:1f: 04:33:6f:42:31:1e:77:67:67:28:2d:b9:26:5c:29:f6: 2f:17:bd:3b:21:2c:d7:8c:00:51:f2:b5:7f:42:10:c2 Fingerprint (SHA-256): 1F:91:EB:5D:F1:3B:A6:DB:E8:71:73:60:2A:56:15:86:34:51:35:25:1D:69:29:8F:36:5B:4C:63:44:70:51:C1 Fingerprint (SHA1): 5B:61:9E:80:32:A1:34:09:8C:AD:65:A6:0D:F3:1C:C7:A7:72:C9:2D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #4491: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4492: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4493: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4494: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4495: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4496: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4497: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4498: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4499: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022081 (0x1eefa601) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:37:09 2015 Not After : Tue May 19 06:37:09 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:e8:a1:b5:0c:01:1e:97:70:71:31:7e:40:02:2c:b9: f2:bf:fc:54:8b:c3:6b:fd:44:2b:02:59:6d:86:fa:8c: f1:fb:d7:f8:5f:6d:8e:46:f0:c2:ad:38:52:14:71:2c: 13:97:a2:c7:33:60:a0:26:0f:fa:9e:48:f8:85:8d:9f: 28:2f:ff:49:11:e1:1c:04:ad:d5:31:f2:d8:16:8e:06: be:90:30:24:d4:fc:c3:4e:0e:b6:6d:5c:21:fd:07:22: 52:07:90:93:bb:be:19:1d:44:7b:e2:13:89:60:14:e8: 9e:97:d0:a7:84:b6:53:12:e2:60:ce:4a:56:a5:3e:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 61:e9:ab:c5:64:f6:71:99:02:b2:1e:ea:fd:3f:15:bf: 28:2b:ce:71:2e:40:e6:f0:ed:e5:9a:43:cd:73:a0:9c: 82:19:ba:a9:de:d4:e8:58:28:19:06:5b:0c:89:19:eb: 8a:76:a1:78:5c:87:d4:75:96:c8:5f:61:69:83:20:05: 70:9e:11:76:ce:73:d1:0a:95:98:e2:87:ea:03:37:f8: 0b:82:6a:a1:4b:74:74:96:a7:a0:6c:37:2b:4b:2b:55: 28:5b:7d:ef:b7:69:1b:1e:fc:46:29:bb:33:0a:fb:f2: 08:c7:fa:89:1e:18:06:40:9f:47:88:33:1b:b8:4c:c7 Fingerprint (SHA-256): 49:06:73:0A:A1:14:F1:BA:C0:9A:19:76:8E:AF:26:D2:82:22:44:93:9B:79:D2:31:58:20:56:EC:6C:EA:3E:5E Fingerprint (SHA1): 9A:93:DE:8B:FB:72:CF:FE:91:22:DC:83:27:85:FD:D9:A2:84:06:EB Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #4500: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4501: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4502: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4503: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4504: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #4505: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4506: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #4507: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #4508: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #4509: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #4510: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #4511: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #4512: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #4513: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #4514: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #4515: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #4516: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #4517: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4518: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022090 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4519: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4520: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4521: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4522: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519022091 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4523: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4524: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4525: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4526: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519022092 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4527: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4528: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4529: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4530: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519022093 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4531: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4532: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4533: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4534: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519022094 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4535: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4536: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #4537: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4538: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519022095 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4539: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4540: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #4541: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4542: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519022096 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4543: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4544: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #4545: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4546: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519022097 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4547: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4548: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #4549: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4550: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519022098 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4551: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4552: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4553: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022090 (0x1eefa60a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:37:52 2015 Not After : Tue May 19 06:37:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 13:3a:6a:09:5b:71:7f:96:2c:24:7d:21:87:b2:0d:dc: a3:73:50:5c:16:92:2b:af:15:bb:2d:16:e8:05:38:e0: ee:a9:e6:6a:8d:cd:aa:0a:4d:65:8c:a5:fa:57:b0:7c: c9:19:59:c0:ec:b7:13:67:1d:78:da:00:75:31:9d:dc: 8d:46:24:f0:74:23:07:68:b4:00:dd:e1:64:7a:c2:c6: 8b:02:56:3c:9e:d5:ea:45:77:03:d0:87:5f:38:2d:05: f1:b0:e3:92:c4:9a:55:b9:7b:6d:ef:f8:17:b0:78:f8: 12:98:05:04:ac:2a:0b:e9:a2:82:80:a9:49:ef:b8:1f Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:5a:d2:8e:7e:eb:d2:95:5b:05:30:f2:93: 56:13:8b:7f:d7:2c:e9:1f:02:14:5f:bb:77:2e:ad:81: ee:26:6f:0c:80:54:5d:c8:ab:2b:c8:05:b0:64 Fingerprint (SHA-256): 1E:97:3E:3E:FB:A1:0C:F3:AF:99:66:82:6F:35:A8:7E:59:A3:EC:98:D7:C8:5F:F4:30:20:74:D1:D5:E7:BD:6D Fingerprint (SHA1): 52:CE:39:2A:F7:F2:06:3A:6E:F0:C9:A5:CC:67:F8:BB:95:25:C8:4B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4554: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022090 (0x1eefa60a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:37:52 2015 Not After : Tue May 19 06:37:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 13:3a:6a:09:5b:71:7f:96:2c:24:7d:21:87:b2:0d:dc: a3:73:50:5c:16:92:2b:af:15:bb:2d:16:e8:05:38:e0: ee:a9:e6:6a:8d:cd:aa:0a:4d:65:8c:a5:fa:57:b0:7c: c9:19:59:c0:ec:b7:13:67:1d:78:da:00:75:31:9d:dc: 8d:46:24:f0:74:23:07:68:b4:00:dd:e1:64:7a:c2:c6: 8b:02:56:3c:9e:d5:ea:45:77:03:d0:87:5f:38:2d:05: f1:b0:e3:92:c4:9a:55:b9:7b:6d:ef:f8:17:b0:78:f8: 12:98:05:04:ac:2a:0b:e9:a2:82:80:a9:49:ef:b8:1f Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:5a:d2:8e:7e:eb:d2:95:5b:05:30:f2:93: 56:13:8b:7f:d7:2c:e9:1f:02:14:5f:bb:77:2e:ad:81: ee:26:6f:0c:80:54:5d:c8:ab:2b:c8:05:b0:64 Fingerprint (SHA-256): 1E:97:3E:3E:FB:A1:0C:F3:AF:99:66:82:6F:35:A8:7E:59:A3:EC:98:D7:C8:5F:F4:30:20:74:D1:D5:E7:BD:6D Fingerprint (SHA1): 52:CE:39:2A:F7:F2:06:3A:6E:F0:C9:A5:CC:67:F8:BB:95:25:C8:4B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #4555: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022090 (0x1eefa60a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:37:52 2015 Not After : Tue May 19 06:37:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 13:3a:6a:09:5b:71:7f:96:2c:24:7d:21:87:b2:0d:dc: a3:73:50:5c:16:92:2b:af:15:bb:2d:16:e8:05:38:e0: ee:a9:e6:6a:8d:cd:aa:0a:4d:65:8c:a5:fa:57:b0:7c: c9:19:59:c0:ec:b7:13:67:1d:78:da:00:75:31:9d:dc: 8d:46:24:f0:74:23:07:68:b4:00:dd:e1:64:7a:c2:c6: 8b:02:56:3c:9e:d5:ea:45:77:03:d0:87:5f:38:2d:05: f1:b0:e3:92:c4:9a:55:b9:7b:6d:ef:f8:17:b0:78:f8: 12:98:05:04:ac:2a:0b:e9:a2:82:80:a9:49:ef:b8:1f Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:5a:d2:8e:7e:eb:d2:95:5b:05:30:f2:93: 56:13:8b:7f:d7:2c:e9:1f:02:14:5f:bb:77:2e:ad:81: ee:26:6f:0c:80:54:5d:c8:ab:2b:c8:05:b0:64 Fingerprint (SHA-256): 1E:97:3E:3E:FB:A1:0C:F3:AF:99:66:82:6F:35:A8:7E:59:A3:EC:98:D7:C8:5F:F4:30:20:74:D1:D5:E7:BD:6D Fingerprint (SHA1): 52:CE:39:2A:F7:F2:06:3A:6E:F0:C9:A5:CC:67:F8:BB:95:25:C8:4B Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #4556: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022090 (0x1eefa60a) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:37:52 2015 Not After : Tue May 19 06:37:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 13:3a:6a:09:5b:71:7f:96:2c:24:7d:21:87:b2:0d:dc: a3:73:50:5c:16:92:2b:af:15:bb:2d:16:e8:05:38:e0: ee:a9:e6:6a:8d:cd:aa:0a:4d:65:8c:a5:fa:57:b0:7c: c9:19:59:c0:ec:b7:13:67:1d:78:da:00:75:31:9d:dc: 8d:46:24:f0:74:23:07:68:b4:00:dd:e1:64:7a:c2:c6: 8b:02:56:3c:9e:d5:ea:45:77:03:d0:87:5f:38:2d:05: f1:b0:e3:92:c4:9a:55:b9:7b:6d:ef:f8:17:b0:78:f8: 12:98:05:04:ac:2a:0b:e9:a2:82:80:a9:49:ef:b8:1f Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:5a:d2:8e:7e:eb:d2:95:5b:05:30:f2:93: 56:13:8b:7f:d7:2c:e9:1f:02:14:5f:bb:77:2e:ad:81: ee:26:6f:0c:80:54:5d:c8:ab:2b:c8:05:b0:64 Fingerprint (SHA-256): 1E:97:3E:3E:FB:A1:0C:F3:AF:99:66:82:6F:35:A8:7E:59:A3:EC:98:D7:C8:5F:F4:30:20:74:D1:D5:E7:BD:6D Fingerprint (SHA1): 52:CE:39:2A:F7:F2:06:3A:6E:F0:C9:A5:CC:67:F8:BB:95:25:C8:4B Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #4557: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4558: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4559: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4560: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #4561: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4562: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4563: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4564: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4565: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4566: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4567: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4568: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #4569: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4570: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4571: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4572: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #4573: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4574: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4575: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4576: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4577: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4578: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4579: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4580: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #4581: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4582: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4583: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4584: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519063840Z nextupdate=20160519063840Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:38:40 2015 Next Update: Thu May 19 06:38:40 2016 CRL Extensions: chains.sh: #4585: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519063840Z nextupdate=20160519063840Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:38:40 2015 Next Update: Thu May 19 06:38:40 2016 CRL Extensions: chains.sh: #4586: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519063841Z nextupdate=20160519063841Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:38:41 2015 Next Update: Thu May 19 06:38:41 2016 CRL Extensions: chains.sh: #4587: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519063842Z nextupdate=20160519063842Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:38:42 2015 Next Update: Thu May 19 06:38:42 2016 CRL Extensions: chains.sh: #4588: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519063843Z addcert 14 20150519063843Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:38:43 2015 Next Update: Thu May 19 06:38:41 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 06:38:43 2015 CRL Extensions: chains.sh: #4589: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519063844Z addcert 15 20150519063844Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:38:44 2015 Next Update: Thu May 19 06:38:40 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 06:38:44 2015 CRL Extensions: chains.sh: #4590: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4591: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4592: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #4593: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #4594: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #4595: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #4596: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #4597: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #4598: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #4599: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:38:19 2015 Not After : Tue May 19 06:38:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:b4:13:66:6f:30:10:fe:ff:b5:19:b2:b9:d9:53:c7: 72:68:c6:ef:45:db:df:90:5a:21:c0:aa:38:71:ed:e3: b9:94:2b:88:66:c8:e5:96:3d:14:ad:34:39:50:55:48: 3a:39:30:89:20:65:95:d4:84:8b:97:3d:26:22:ad:00: 80:2a:cb:8a:43:26:bd:fb:a4:c6:19:5a:74:ae:e6:57: 6a:2d:45:17:c9:8b:4b:f9:ad:3d:0d:ff:5c:b9:b4:71: 54:c3:dc:06:7f:78:2c:c5:ac:c9:ab:ed:4e:35:c1:60: bf:33:6c:e6:9b:0d:5b:2d:e2:cf:a8:2f:a7:f4:f5:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:bc:f3:9b:1f:a3:83:2c:25:8d:d4:0a:31:4c:10:cb: e1:5f:61:1f:80:bd:b4:f5:a0:f7:35:d8:9e:b4:97:a3: 73:67:2e:3f:11:b7:d2:2f:a0:22:93:51:b4:1a:2a:2e: 43:c6:24:58:10:7b:43:5d:82:ad:82:e4:a5:ca:33:99: ca:2c:09:eb:c8:ea:fe:c0:1c:ef:60:f7:32:d7:bc:3f: c6:05:37:82:08:02:f0:2b:e9:22:98:58:9a:03:e1:24: e8:6b:30:85:7f:8e:86:c6:f6:9d:8d:cc:62:06:02:bf: c4:a5:6e:dc:6f:1f:74:42:aa:00:8f:65:cb:2a:6c:cd Fingerprint (SHA-256): 7D:F3:A6:22:FD:3B:EC:AE:18:58:BE:5A:FA:84:9E:D2:98:76:18:AC:D0:9E:AA:62:BF:EB:C6:4F:56:89:05:52 Fingerprint (SHA1): 31:98:16:49:04:24:77:36:92:0A:13:76:07:99:5C:36:D5:45:76:14 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4600: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4601: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:38:19 2015 Not After : Tue May 19 06:38:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:b4:13:66:6f:30:10:fe:ff:b5:19:b2:b9:d9:53:c7: 72:68:c6:ef:45:db:df:90:5a:21:c0:aa:38:71:ed:e3: b9:94:2b:88:66:c8:e5:96:3d:14:ad:34:39:50:55:48: 3a:39:30:89:20:65:95:d4:84:8b:97:3d:26:22:ad:00: 80:2a:cb:8a:43:26:bd:fb:a4:c6:19:5a:74:ae:e6:57: 6a:2d:45:17:c9:8b:4b:f9:ad:3d:0d:ff:5c:b9:b4:71: 54:c3:dc:06:7f:78:2c:c5:ac:c9:ab:ed:4e:35:c1:60: bf:33:6c:e6:9b:0d:5b:2d:e2:cf:a8:2f:a7:f4:f5:91 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:bc:f3:9b:1f:a3:83:2c:25:8d:d4:0a:31:4c:10:cb: e1:5f:61:1f:80:bd:b4:f5:a0:f7:35:d8:9e:b4:97:a3: 73:67:2e:3f:11:b7:d2:2f:a0:22:93:51:b4:1a:2a:2e: 43:c6:24:58:10:7b:43:5d:82:ad:82:e4:a5:ca:33:99: ca:2c:09:eb:c8:ea:fe:c0:1c:ef:60:f7:32:d7:bc:3f: c6:05:37:82:08:02:f0:2b:e9:22:98:58:9a:03:e1:24: e8:6b:30:85:7f:8e:86:c6:f6:9d:8d:cc:62:06:02:bf: c4:a5:6e:dc:6f:1f:74:42:aa:00:8f:65:cb:2a:6c:cd Fingerprint (SHA-256): 7D:F3:A6:22:FD:3B:EC:AE:18:58:BE:5A:FA:84:9E:D2:98:76:18:AC:D0:9E:AA:62:BF:EB:C6:4F:56:89:05:52 Fingerprint (SHA1): 31:98:16:49:04:24:77:36:92:0A:13:76:07:99:5C:36:D5:45:76:14 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4602: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4603: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #4604: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022099 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4605: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #4606: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #4607: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4608: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519022100 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4609: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4610: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4611: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021871.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4612: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021845.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4613: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4614: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #4615: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021871.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4616: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519022101 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4617: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4618: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4619: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021871.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4620: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021846.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4621: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4622: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #4623: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4624: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519022102 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4625: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4626: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4627: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021871.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4628: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021847.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4629: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4630: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4631: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519021871.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #4632: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519021848.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #4633: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4634: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519063919Z nextupdate=20160519063919Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 06:39:19 2015 Next Update: Thu May 19 06:39:19 2016 CRL Extensions: chains.sh: #4635: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519063920Z nextupdate=20160519063920Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:39:20 2015 Next Update: Thu May 19 06:39:20 2016 CRL Extensions: chains.sh: #4636: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519063920Z nextupdate=20160519063920Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 06:39:20 2015 Next Update: Thu May 19 06:39:20 2016 CRL Extensions: chains.sh: #4637: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519063921Z nextupdate=20160519063921Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 06:39:21 2015 Next Update: Thu May 19 06:39:21 2016 CRL Extensions: chains.sh: #4638: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519063922Z addcert 20 20150519063922Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:39:22 2015 Next Update: Thu May 19 06:39:20 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:39:22 2015 CRL Extensions: chains.sh: #4639: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519063923Z addcert 40 20150519063923Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 06:39:23 2015 Next Update: Thu May 19 06:39:20 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 06:39:22 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 06:39:23 2015 CRL Extensions: chains.sh: #4640: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #4641: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4642: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #4643: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022099 (0x1eefa613) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:38:54 2015 Not After : Tue May 19 06:38:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:d9:94:43:a9:8b:8b:97:86:41:ed:b9:25:ed:28:67: 2e:8d:9a:c2:6f:c5:df:93:74:25:47:c0:ed:61:ae:de: d0:95:95:c0:91:06:86:42:ba:2e:04:ad:f6:25:d9:47: 17:4f:56:27:25:cb:61:b9:4d:e5:3e:76:17:5a:33:cd: 19:1b:5a:40:0b:a6:f0:29:1b:ba:40:34:5a:3b:06:85: dc:73:b3:0f:0d:8e:40:5e:09:f3:af:fd:62:6a:6f:a2: 57:6e:26:47:e3:83:2f:95:f6:93:b0:8c:ef:ad:77:c3: 88:86:84:c0:1c:01:df:44:43:c4:08:50:09:a1:9b:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:19:ce:76:29:3a:9d:9d:2f:bd:cb:bb:76:4d:ab:01: 68:5f:ed:a8:4c:e1:56:6c:02:73:21:89:41:18:5a:89: ca:21:d1:b7:85:ac:c8:72:01:fb:1d:26:1c:9a:d6:74: b0:c0:ed:0d:1c:a1:c8:19:42:68:04:72:4a:3a:a1:ee: ca:d0:d2:7e:04:54:37:29:55:1b:72:7d:b2:a6:26:31: 44:b1:90:7b:d9:53:26:65:83:d4:a2:17:5b:da:08:c1: 9e:34:6d:4f:93:2d:c3:94:6c:34:13:22:ca:1d:09:bc: 09:22:2d:b0:4c:08:fc:3f:1b:39:76:87:b1:e2:67:ef Fingerprint (SHA-256): EC:07:87:E4:53:D2:98:80:56:A4:01:22:A0:AF:71:EA:2F:B2:94:A2:5C:48:C0:9A:85:6A:A2:EF:FA:C5:D6:2D Fingerprint (SHA1): 4B:63:C9:2A:6A:F5:33:30:B8:70:E9:67:47:60:E8:20:D9:37:21:D6 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4644: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4645: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022099 (0x1eefa613) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:38:54 2015 Not After : Tue May 19 06:38:54 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d3:d9:94:43:a9:8b:8b:97:86:41:ed:b9:25:ed:28:67: 2e:8d:9a:c2:6f:c5:df:93:74:25:47:c0:ed:61:ae:de: d0:95:95:c0:91:06:86:42:ba:2e:04:ad:f6:25:d9:47: 17:4f:56:27:25:cb:61:b9:4d:e5:3e:76:17:5a:33:cd: 19:1b:5a:40:0b:a6:f0:29:1b:ba:40:34:5a:3b:06:85: dc:73:b3:0f:0d:8e:40:5e:09:f3:af:fd:62:6a:6f:a2: 57:6e:26:47:e3:83:2f:95:f6:93:b0:8c:ef:ad:77:c3: 88:86:84:c0:1c:01:df:44:43:c4:08:50:09:a1:9b:9d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:19:ce:76:29:3a:9d:9d:2f:bd:cb:bb:76:4d:ab:01: 68:5f:ed:a8:4c:e1:56:6c:02:73:21:89:41:18:5a:89: ca:21:d1:b7:85:ac:c8:72:01:fb:1d:26:1c:9a:d6:74: b0:c0:ed:0d:1c:a1:c8:19:42:68:04:72:4a:3a:a1:ee: ca:d0:d2:7e:04:54:37:29:55:1b:72:7d:b2:a6:26:31: 44:b1:90:7b:d9:53:26:65:83:d4:a2:17:5b:da:08:c1: 9e:34:6d:4f:93:2d:c3:94:6c:34:13:22:ca:1d:09:bc: 09:22:2d:b0:4c:08:fc:3f:1b:39:76:87:b1:e2:67:ef Fingerprint (SHA-256): EC:07:87:E4:53:D2:98:80:56:A4:01:22:A0:AF:71:EA:2F:B2:94:A2:5C:48:C0:9A:85:6A:A2:EF:FA:C5:D6:2D Fingerprint (SHA1): 4B:63:C9:2A:6A:F5:33:30:B8:70:E9:67:47:60:E8:20:D9:37:21:D6 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #4646: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #4647: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #4648: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022103 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4649: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #4650: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #4651: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4652: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519022104 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4653: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4654: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #4655: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4656: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519022105 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4657: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4658: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #4659: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4660: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519022106 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4661: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4662: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #4663: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -m 519022107 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #4664: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #4665: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #4666: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #4667: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519022108 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4668: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4669: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #4670: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #4671: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519022109 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/pkix/cu_data === Certutil input data === === chains.sh: #4672: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #4673: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #4674: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #4675: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #4676: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022103 (0x1eefa617) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:39:30 2015 Not After : Tue May 19 06:39:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:e7:bb:6d:52:7c:c6:b2:c6:0b:c6:fa:53:45:dc:14: a3:75:8e:76:b7:ea:41:70:70:c1:9b:8b:ec:d4:61:c8: 93:4c:a3:e2:df:87:39:f6:ef:10:39:aa:2a:20:2a:27: f6:26:71:08:1b:a6:59:48:f8:c2:a5:c1:d3:3e:14:c6: da:5e:f0:e4:01:ef:7b:49:2d:0a:b7:6d:69:1f:6e:40: 45:4f:68:73:40:73:d6:47:31:4a:1f:b2:e1:e5:ce:a9: 22:ce:ea:ab:3b:df:fc:65:49:8b:46:94:c2:60:79:25: 02:5b:a6:74:e8:c6:07:7e:8b:9b:5e:89:07:d0:b1:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:51:a5:91:0d:5d:c8:87:b4:03:8c:36:97:85:e4:cb: 7f:1e:0b:88:55:e8:96:e3:90:33:9f:a0:ed:20:41:e7: 73:bf:1b:ea:fd:16:a9:fb:ad:b8:19:a3:19:01:66:72: 87:12:f8:3a:d9:8c:bc:18:af:d2:af:42:c4:1b:10:43: 18:3b:0d:11:c8:9e:03:72:dd:74:b5:9b:8b:dc:a1:2c: d3:c7:36:5d:8f:fc:1c:9b:7a:3c:8d:19:3b:5e:f7:da: be:db:bf:30:20:b9:8f:d4:c4:6b:d9:b2:ce:18:3e:d1: cb:20:09:60:31:0f:79:25:0b:6e:4a:d5:6c:75:08:14 Fingerprint (SHA-256): FD:08:30:CA:43:05:BF:A1:E6:2C:E1:58:37:61:AF:36:E8:A5:2A:8D:FB:26:D8:72:EC:FD:28:FD:ED:B8:7F:73 Fingerprint (SHA1): 3C:A1:6E:1A:1C:86:A3:28:00:8E:4A:64:8D:36:DD:CD:46:B5:C5:CE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4677: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022105 (0x1eefa619) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:39:36 2015 Not After : Tue May 19 06:39:36 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:5d:f4:e0:b1:35:ab:31:20:2d:32:a0:cc:c8:1d:80: ae:45:da:14:2e:21:4f:71:35:b3:70:6f:ae:e4:ec:a3: a3:e8:ed:e4:70:3d:02:b5:50:1d:c3:32:f2:e7:55:4e: ef:ff:ba:82:2f:0f:58:b8:13:a8:ff:ae:20:f2:01:e3: 32:6c:43:c2:8f:07:bf:38:14:2b:ff:6c:1c:c8:1a:7e: 4c:76:2e:c0:d2:83:72:76:03:df:5d:12:85:4c:d2:a5: 4b:ff:b9:82:95:da:54:3e:02:42:31:a3:97:50:cc:44: 6f:54:4f:d7:fb:93:fd:3d:36:7f:97:b6:5c:c6:dd:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:59:d2:3a:e3:17:a1:7e:11:52:b0:8f:ca:57:12:e2: ef:f7:84:f8:f0:7e:35:78:3d:65:8f:2e:c6:d4:47:92: 22:5d:47:39:ea:3f:82:8c:92:eb:bf:80:eb:58:cb:c9: 7a:b7:78:0a:63:26:d5:3f:06:56:fc:e4:f0:25:ea:f6: 13:0a:57:fd:25:31:95:d8:1c:f7:f7:ac:1b:cc:82:fe: a2:b3:1e:86:d7:a2:79:3f:8b:fe:57:76:24:55:f3:ac: cc:d2:a7:8b:0c:47:53:2d:79:bf:d4:1a:47:8d:34:e8: 43:e5:56:f5:84:7c:3e:a5:8f:d5:57:a6:a7:a0:9e:b6 Fingerprint (SHA-256): 73:7B:DB:1E:05:1D:64:88:60:89:F7:0F:90:B3:D9:BB:52:3C:B6:7E:35:A1:28:F6:A4:DE:12:12:DC:43:61:FB Fingerprint (SHA1): D8:F2:AE:54:7C:32:D7:D5:26:6C:80:9A:F2:6B:24:A9:CE:09:AE:EE Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #4678: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022103 (0x1eefa617) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:39:30 2015 Not After : Tue May 19 06:39:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:e7:bb:6d:52:7c:c6:b2:c6:0b:c6:fa:53:45:dc:14: a3:75:8e:76:b7:ea:41:70:70:c1:9b:8b:ec:d4:61:c8: 93:4c:a3:e2:df:87:39:f6:ef:10:39:aa:2a:20:2a:27: f6:26:71:08:1b:a6:59:48:f8:c2:a5:c1:d3:3e:14:c6: da:5e:f0:e4:01:ef:7b:49:2d:0a:b7:6d:69:1f:6e:40: 45:4f:68:73:40:73:d6:47:31:4a:1f:b2:e1:e5:ce:a9: 22:ce:ea:ab:3b:df:fc:65:49:8b:46:94:c2:60:79:25: 02:5b:a6:74:e8:c6:07:7e:8b:9b:5e:89:07:d0:b1:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:51:a5:91:0d:5d:c8:87:b4:03:8c:36:97:85:e4:cb: 7f:1e:0b:88:55:e8:96:e3:90:33:9f:a0:ed:20:41:e7: 73:bf:1b:ea:fd:16:a9:fb:ad:b8:19:a3:19:01:66:72: 87:12:f8:3a:d9:8c:bc:18:af:d2:af:42:c4:1b:10:43: 18:3b:0d:11:c8:9e:03:72:dd:74:b5:9b:8b:dc:a1:2c: d3:c7:36:5d:8f:fc:1c:9b:7a:3c:8d:19:3b:5e:f7:da: be:db:bf:30:20:b9:8f:d4:c4:6b:d9:b2:ce:18:3e:d1: cb:20:09:60:31:0f:79:25:0b:6e:4a:d5:6c:75:08:14 Fingerprint (SHA-256): FD:08:30:CA:43:05:BF:A1:E6:2C:E1:58:37:61:AF:36:E8:A5:2A:8D:FB:26:D8:72:EC:FD:28:FD:ED:B8:7F:73 Fingerprint (SHA1): 3C:A1:6E:1A:1C:86:A3:28:00:8E:4A:64:8D:36:DD:CD:46:B5:C5:CE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4679: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #4680: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022103 (0x1eefa617) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:39:30 2015 Not After : Tue May 19 06:39:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:e7:bb:6d:52:7c:c6:b2:c6:0b:c6:fa:53:45:dc:14: a3:75:8e:76:b7:ea:41:70:70:c1:9b:8b:ec:d4:61:c8: 93:4c:a3:e2:df:87:39:f6:ef:10:39:aa:2a:20:2a:27: f6:26:71:08:1b:a6:59:48:f8:c2:a5:c1:d3:3e:14:c6: da:5e:f0:e4:01:ef:7b:49:2d:0a:b7:6d:69:1f:6e:40: 45:4f:68:73:40:73:d6:47:31:4a:1f:b2:e1:e5:ce:a9: 22:ce:ea:ab:3b:df:fc:65:49:8b:46:94:c2:60:79:25: 02:5b:a6:74:e8:c6:07:7e:8b:9b:5e:89:07:d0:b1:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:51:a5:91:0d:5d:c8:87:b4:03:8c:36:97:85:e4:cb: 7f:1e:0b:88:55:e8:96:e3:90:33:9f:a0:ed:20:41:e7: 73:bf:1b:ea:fd:16:a9:fb:ad:b8:19:a3:19:01:66:72: 87:12:f8:3a:d9:8c:bc:18:af:d2:af:42:c4:1b:10:43: 18:3b:0d:11:c8:9e:03:72:dd:74:b5:9b:8b:dc:a1:2c: d3:c7:36:5d:8f:fc:1c:9b:7a:3c:8d:19:3b:5e:f7:da: be:db:bf:30:20:b9:8f:d4:c4:6b:d9:b2:ce:18:3e:d1: cb:20:09:60:31:0f:79:25:0b:6e:4a:d5:6c:75:08:14 Fingerprint (SHA-256): FD:08:30:CA:43:05:BF:A1:E6:2C:E1:58:37:61:AF:36:E8:A5:2A:8D:FB:26:D8:72:EC:FD:28:FD:ED:B8:7F:73 Fingerprint (SHA1): 3C:A1:6E:1A:1C:86:A3:28:00:8E:4A:64:8D:36:DD:CD:46:B5:C5:CE Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4681: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022105 (0x1eefa619) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:39:36 2015 Not After : Tue May 19 06:39:36 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:5d:f4:e0:b1:35:ab:31:20:2d:32:a0:cc:c8:1d:80: ae:45:da:14:2e:21:4f:71:35:b3:70:6f:ae:e4:ec:a3: a3:e8:ed:e4:70:3d:02:b5:50:1d:c3:32:f2:e7:55:4e: ef:ff:ba:82:2f:0f:58:b8:13:a8:ff:ae:20:f2:01:e3: 32:6c:43:c2:8f:07:bf:38:14:2b:ff:6c:1c:c8:1a:7e: 4c:76:2e:c0:d2:83:72:76:03:df:5d:12:85:4c:d2:a5: 4b:ff:b9:82:95:da:54:3e:02:42:31:a3:97:50:cc:44: 6f:54:4f:d7:fb:93:fd:3d:36:7f:97:b6:5c:c6:dd:e1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ab:59:d2:3a:e3:17:a1:7e:11:52:b0:8f:ca:57:12:e2: ef:f7:84:f8:f0:7e:35:78:3d:65:8f:2e:c6:d4:47:92: 22:5d:47:39:ea:3f:82:8c:92:eb:bf:80:eb:58:cb:c9: 7a:b7:78:0a:63:26:d5:3f:06:56:fc:e4:f0:25:ea:f6: 13:0a:57:fd:25:31:95:d8:1c:f7:f7:ac:1b:cc:82:fe: a2:b3:1e:86:d7:a2:79:3f:8b:fe:57:76:24:55:f3:ac: cc:d2:a7:8b:0c:47:53:2d:79:bf:d4:1a:47:8d:34:e8: 43:e5:56:f5:84:7c:3e:a5:8f:d5:57:a6:a7:a0:9e:b6 Fingerprint (SHA-256): 73:7B:DB:1E:05:1D:64:88:60:89:F7:0F:90:B3:D9:BB:52:3C:B6:7E:35:A1:28:F6:A4:DE:12:12:DC:43:61:FB Fingerprint (SHA1): D8:F2:AE:54:7C:32:D7:D5:26:6C:80:9A:F2:6B:24:A9:CE:09:AE:EE Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #4682: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #4683: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #4684: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #4685: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022103 (0x1eefa617) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:39:30 2015 Not After : Tue May 19 06:39:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:e7:bb:6d:52:7c:c6:b2:c6:0b:c6:fa:53:45:dc:14: a3:75:8e:76:b7:ea:41:70:70:c1:9b:8b:ec:d4:61:c8: 93:4c:a3:e2:df:87:39:f6:ef:10:39:aa:2a:20:2a:27: f6:26:71:08:1b:a6:59:48:f8:c2:a5:c1:d3:3e:14:c6: da:5e:f0:e4:01:ef:7b:49:2d:0a:b7:6d:69:1f:6e:40: 45:4f:68:73:40:73:d6:47:31:4a:1f:b2:e1:e5:ce:a9: 22:ce:ea:ab:3b:df:fc:65:49:8b:46:94:c2:60:79:25: 02:5b:a6:74:e8:c6:07:7e:8b:9b:5e:89:07:d0:b1:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:51:a5:91:0d:5d:c8:87:b4:03:8c:36:97:85:e4:cb: 7f:1e:0b:88:55:e8:96:e3:90:33:9f:a0:ed:20:41:e7: 73:bf:1b:ea:fd:16:a9:fb:ad:b8:19:a3:19:01:66:72: 87:12:f8:3a:d9:8c:bc:18:af:d2:af:42:c4:1b:10:43: 18:3b:0d:11:c8:9e:03:72:dd:74:b5:9b:8b:dc:a1:2c: d3:c7:36:5d:8f:fc:1c:9b:7a:3c:8d:19:3b:5e:f7:da: be:db:bf:30:20:b9:8f:d4:c4:6b:d9:b2:ce:18:3e:d1: cb:20:09:60:31:0f:79:25:0b:6e:4a:d5:6c:75:08:14 Fingerprint (SHA-256): FD:08:30:CA:43:05:BF:A1:E6:2C:E1:58:37:61:AF:36:E8:A5:2A:8D:FB:26:D8:72:EC:FD:28:FD:ED:B8:7F:73 Fingerprint (SHA1): 3C:A1:6E:1A:1C:86:A3:28:00:8E:4A:64:8D:36:DD:CD:46:B5:C5:CE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4686: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022107 (0x1eefa61b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:39:43 2015 Not After : Tue May 19 06:39:43 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: f8:f8:38:3f:0d:23:5e:09:3c:6d:e5:2d:02:1e:93:3c: 3c:1b:1b:ae:01:79:e7:98:7e:c4:19:cb:2a:23:5a:d3: ab:56:28:f3:0c:29:42:bb:16:de:92:63:ee:40:d2:51: 2c:59:7e:ff:76:90:ff:3a:c8:62:ab:12:b8:d9:ed:e8: 4f:80:2b:9c:26:2f:54:a3:9e:78:35:92:3a:03:9e:79: 4b:2a:65:53:e6:51:76:08:e3:55:f9:4a:1d:86:76:5f: 8d:d7:57:13:b7:1d:7a:b4:1a:2f:10:05:5e:cd:d5:e9: ba:f2:ce:c6:f1:45:eb:31:6c:60:b5:97:c6:fa:a1:ef Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:a7:eb:20:99:75:07:6d:d2:eb:b1:02:c0:b9:67:56: 23:cf:7e:1f:b2:26:60:c9:7e:db:ef:ee:69:e4:2b:03: 08:ba:5c:ec:aa:9b:30:1b:2e:b7:a2:7c:d5:da:ae:5b: 15:e3:90:96:89:b7:3b:71:a3:36:a2:83:cf:b0:01:34: d3:02:c3:c5:e4:a4:7d:90:d1:42:50:e1:83:8a:e1:91: 76:0b:02:df:b0:79:d3:9a:a7:de:aa:95:9e:e5:57:08: f9:53:b4:ac:73:89:b9:33:d0:c7:df:02:78:9d:5d:94: 38:51:8e:15:ff:17:46:37:fc:c9:9b:a2:ff:95:50:10 Fingerprint (SHA-256): D5:01:0F:44:68:F2:01:0D:35:11:3C:14:50:71:52:6E:DF:0D:53:8A:13:76:AE:8A:B6:A6:21:2B:E8:F9:4A:2F Fingerprint (SHA1): BC:96:73:98:AF:39:F7:37:AE:9D:7E:DE:88:EA:1E:13:EE:31:89:6F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #4687: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022103 (0x1eefa617) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:39:30 2015 Not After : Tue May 19 06:39:30 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 97:e7:bb:6d:52:7c:c6:b2:c6:0b:c6:fa:53:45:dc:14: a3:75:8e:76:b7:ea:41:70:70:c1:9b:8b:ec:d4:61:c8: 93:4c:a3:e2:df:87:39:f6:ef:10:39:aa:2a:20:2a:27: f6:26:71:08:1b:a6:59:48:f8:c2:a5:c1:d3:3e:14:c6: da:5e:f0:e4:01:ef:7b:49:2d:0a:b7:6d:69:1f:6e:40: 45:4f:68:73:40:73:d6:47:31:4a:1f:b2:e1:e5:ce:a9: 22:ce:ea:ab:3b:df:fc:65:49:8b:46:94:c2:60:79:25: 02:5b:a6:74:e8:c6:07:7e:8b:9b:5e:89:07:d0:b1:75 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5a:51:a5:91:0d:5d:c8:87:b4:03:8c:36:97:85:e4:cb: 7f:1e:0b:88:55:e8:96:e3:90:33:9f:a0:ed:20:41:e7: 73:bf:1b:ea:fd:16:a9:fb:ad:b8:19:a3:19:01:66:72: 87:12:f8:3a:d9:8c:bc:18:af:d2:af:42:c4:1b:10:43: 18:3b:0d:11:c8:9e:03:72:dd:74:b5:9b:8b:dc:a1:2c: d3:c7:36:5d:8f:fc:1c:9b:7a:3c:8d:19:3b:5e:f7:da: be:db:bf:30:20:b9:8f:d4:c4:6b:d9:b2:ce:18:3e:d1: cb:20:09:60:31:0f:79:25:0b:6e:4a:d5:6c:75:08:14 Fingerprint (SHA-256): FD:08:30:CA:43:05:BF:A1:E6:2C:E1:58:37:61:AF:36:E8:A5:2A:8D:FB:26:D8:72:EC:FD:28:FD:ED:B8:7F:73 Fingerprint (SHA1): 3C:A1:6E:1A:1C:86:A3:28:00:8E:4A:64:8D:36:DD:CD:46:B5:C5:CE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #4688: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #4689: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #4690: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #4691: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #4692: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #4693: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519022108 (0x1eefa61c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 06:39:46 2015 Not After : Tue May 19 06:39:46 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:09:9b:29:52:b1:83:ec:6d:b7:30:04:49:ae:e2:0b: 64:fd:ea:23:b0:47:2c:a1:a7:1b:5c:e3:f3:02:cc:ab: ca:a9:f7:4a:ab:77:3e:e4:4f:c5:40:4e:86:d3:85:74: ac:3a:e7:d8:a2:6c:e5:9a:ef:be:c8:f4:34:1f:92:b3: aa:92:b0:2f:5c:dc:d7:03:be:f5:a1:2f:1f:74:ea:6c: bd:8e:04:da:65:de:f2:22:86:b0:e8:f5:bd:e1:7a:af: d1:8a:04:ff:c3:da:f6:8b:bf:00:72:00:e1:09:02:b5: b1:ba:15:5e:29:69:a5:55:6c:35:e9:3f:4f:77:d7:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: e0:54:2e:56:1e:42:d3:69:36:88:dd:ee:05:b7:f4:95: 7c:f2:36:fa:ed:32:65:1d:92:10:da:2e:87:12:65:aa: c7:8f:50:8a:98:6d:97:78:f5:77:aa:d4:66:85:e8:d6: b9:2d:5b:9f:1c:fc:ca:2e:e5:a3:9e:ed:d6:db:b8:6b: ec:8f:5d:a7:2e:e3:70:b7:4e:ed:81:3b:d8:2a:bc:63: 2a:b3:df:70:8a:0f:27:4e:55:55:4b:fc:fa:49:48:df: ca:3b:02:96:1c:b1:1f:63:8a:75:87:33:64:d7:69:0d: 82:71:4a:e0:01:ad:54:db:22:55:9d:b1:b4:e5:65:a6 Fingerprint (SHA-256): E8:6E:E8:DD:CE:91:9C:97:0E:81:0D:B6:5B:0D:81:77:E4:67:DD:93:C0:83:B3:BC:EF:F2:81:94:81:BA:18:21 Fingerprint (SHA1): 51:70:B1:E3:E8:C3:76:DF:67:4A:F3:C9:43:DB:EE:9C:63:66:F3:D6 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #4694: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #4695: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #4696: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #4697: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #4698: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4699: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4700: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #4701: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4702: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4703: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #4704: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4705: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4706: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4707: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4708: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #4709: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4710: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8174: security library: bad database. Returned value is 1, expected result is fail chains.sh: #4711: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4712: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #4713: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4714: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #4715: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #4716: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #4717: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 1524 at Tue May 19 02:40:17 EDT 2015 kill -USR1 1524 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 1524 killed at Tue May 19 02:40:18 EDT 2015 TIMESTAMP chains END: Tue May 19 02:40:18 EDT 2015 chains.sh: Testing with upgraded library =============================== cp: cannot stat '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/cert.done': No such file or directory Running tests for dbupgrade TIMESTAMP dbupgrade BEGIN: Tue May 19 02:40:18 EDT 2015 dbupgrade.sh: DB upgrade tests =============================== Reset databases to their initial values: certutil: could not find certificate named "objsigner": SEC_ERROR_BAD_DATABASE: security library: bad database. Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu dbupgrade.sh: Legacy to shared Library update =============================== alicedir upgrading db alicedir Generating key. This may take a few moments... dbupgrade.sh: #4718: Upgrading alicedir - PASSED bobdir upgrading db bobdir Generating key. This may take a few moments... dbupgrade.sh: #4719: Upgrading bobdir - PASSED CA upgrading db CA Generating key. This may take a few moments... dbupgrade.sh: #4720: Upgrading CA - PASSED cert_extensions upgrading db cert_extensions Generating key. This may take a few moments... dbupgrade.sh: #4721: Upgrading cert_extensions - PASSED client upgrading db client Generating key. This may take a few moments... dbupgrade.sh: #4722: Upgrading client - PASSED clientCA upgrading db clientCA Generating key. This may take a few moments... dbupgrade.sh: #4723: Upgrading clientCA - PASSED dave upgrading db dave Generating key. This may take a few moments... dbupgrade.sh: #4724: Upgrading dave - PASSED eccurves upgrading db eccurves Generating key. This may take a few moments... dbupgrade.sh: #4725: Upgrading eccurves - PASSED eve upgrading db eve Generating key. This may take a few moments... dbupgrade.sh: #4726: Upgrading eve - PASSED ext_client upgrading db ext_client Generating key. This may take a few moments... dbupgrade.sh: #4727: Upgrading ext_client - PASSED ext_server upgrading db ext_server Generating key. This may take a few moments... dbupgrade.sh: #4728: Upgrading ext_server - PASSED SDR upgrading db SDR Generating key. This may take a few moments... dbupgrade.sh: #4729: Upgrading SDR - PASSED server upgrading db server Generating key. This may take a few moments... dbupgrade.sh: #4730: Upgrading server - PASSED serverCA upgrading db serverCA Generating key. This may take a few moments... dbupgrade.sh: #4731: Upgrading serverCA - PASSED stapling upgrading db stapling Generating key. This may take a few moments... dbupgrade.sh: #4732: Upgrading stapling - PASSED tools/copydir skipping db tools/copydir dbupgrade.sh: #4733: No directory tools/copydir - PASSED upgrading db fips Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. dbupgrade.sh: #4734: Upgrading fips - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu TIMESTAMP dbupgrade END: Tue May 19 02:40:55 EDT 2015 Running tests for lowhash TIMESTAMP lowhash BEGIN: Tue May 19 02:40:55 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Tue May 19 02:40:55 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Tue May 19 02:40:55 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4735: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 03:da:87:0a:2b:92:ea:3a:de:55:55:85:ac:fa:57:e4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4736: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4737: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4738: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4739: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b6:98:9e:56:61:11:96:a4:73:df:7e:2c:5c:a2:76:e9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 05:40:56 2015 Not After : Tue May 19 05:40:56 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:00:2a:a6:c9:06:1b:2b:ad:70:fe:19:e3:67:8c:0d: bf:37:ae:cd:8e:1f:9f:f5:cd:d1:fb:ae:aa:57:67:c6: c7:2f:ea:4d:1b:6c:0e:6a:88:cb:8a:02:eb:2a:91:17: ac:9f:72:53:06:2a:57:e2:e8:42:19:01:b2:4d:c4:3a: ee:81:fd:00:35:f2:69:83:a5:b1:eb:df:ef:0f:49:77: ba:69:4b:48:2b:cc:f1:3c:ef:a3:3f:5d:f7:bd:11:2c: e6:37:b0:cb:11:49:05:ef:82:a9:36:5a:b8:35:07:eb: bb:26:d6:bb:34:55:b5:1f:a6:d2:58:a0:33:fa:68:a1: 03:e5:d7:e5:6d Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:af:11:66:9f:9e:21:bc:34:c2:35: f3:2e:f6:d9:9b:96:8e:90:0d:cb:d5:94:9a:f2:68:57: 7f:40:26:0d:f6:08:66:17:0b:6d:b6:91:b7:ad:ea:20: b6:94:d6:56:d5:a7:e9:52:d1:14:12:e9:49:63:f1:56: 26:1c:02:f4:97:4c:fb:02:42:00:81:fb:54:91:0a:e1: a5:14:cd:63:ec:3b:e6:5b:8d:ff:42:5e:04:11:58:25: aa:7b:99:95:76:72:71:53:e8:15:a6:4f:94:ac:49:6e: 00:f0:f4:6a:35:4f:c4:72:6e:e5:eb:de:25:6c:89:20: d5:8f:11:27:d9:de:f3:37:92:83:24 Fingerprint (SHA-256): B9:32:39:02:93:AC:EE:52:FD:C5:62:D8:8E:B3:8A:60:99:06:7E:3A:D9:FC:63:EB:A6:E7:63:6E:93:5A:5F:F1 Fingerprint (SHA1): 74:8E:5D:16:41:E9:C2:F7:F9:5B:E6:C9:25:0D:8E:15:D7:54:2B:7A Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 05:41:57 2015 Not After : Tue May 19 05:41:57 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:9d:72:fb:97:c6:80:db:87:cd:60:bf:5d:41:d9:da: 40:dd:53:3e:c2:98:a4:3e:80:e4:d6:38:b1:2e:f6:b9: 0f:18:9a:70:29:28:4f:26:a0:85:68:54:8b:f6:fd:f0: ea:f0:02:a1:b1:46:de:e7:ad:3a:1c:e0:95:99:b1:e5: 45:60:7d:6f:eb:7e:05:f8:16:f2:b5:73:28:d2:b4:c9: e0:97:55:ee:f7:88:b4:ca:6e:65:6a:b1:e0:ff:d4:a3: 03 Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:88:02:42:01:49:40:82:08:9a:91:d1:19:2e:8a: 58:98:c3:b6:56:e2:76:73:4a:71:7b:64:3e:a9:1b:85: 1f:9c:94:f5:6a:a3:85:f1:af:20:7b:e6:7a:49:24:b8: d7:14:9a:83:33:9c:2c:e6:65:83:ab:15:2d:25:23:8b: 4f:a9:b0:ff:65:84:30:02:42:01:f2:c7:c1:a3:14:ec: 66:03:c6:f3:0f:6b:21:4d:cd:f6:2d:0e:d8:ea:3a:ad: 70:35:50:53:73:f2:50:a1:d3:16:47:89:af:67:17:81: 45:eb:d3:1e:68:1d:79:6c:54:79:07:b7:36:53:77:92: 16:e4:51:f0:31:b4:70:7c:b5:7e:4d Fingerprint (SHA-256): 9D:DD:79:E2:38:7E:1C:55:C1:13:29:39:38:3E:ED:2C:5D:93:94:4D:40:1F:72:F4:57:8F:4F:B0:D1:70:B2:79 Fingerprint (SHA1): 0C:8B:1B:9C:DB:F9:55:B4:CD:A4:28:3D:F3:8B:93:18:06:20:56:DB Friendly Name: Alice-ec tools.sh: #4740: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4741: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 0a:10:54:c9:a6:01:06:cd:f9:c6:24:70:5f:fb:8f:71 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4742: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4743: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4744: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: d8:44:c7:b7:86:1a:0d:f9:a1:b6:57:92:f5:e7:f0:ad Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4745: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4746: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4747: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: d1:9e:76:c0:1a:d0:21:32:a3:35:ec:70:cd:c6:ed:3e Iteration Count: 2000 (0x7d0) tools.sh: #4748: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4749: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4750: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ca:88:61:ae:f9:41:c2:3e:9e:19:d1:71:6f:7b:d0:9a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4751: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4752: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4753: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 1c:48:41:7a:8e:48:e6:22:0a:41:23:67:53:07:60:c3 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4754: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4755: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4756: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 72:51:6b:0e:fd:1f:58:10:91:25:e7:11:2d:c6:80:24 Iteration Count: 2000 (0x7d0) tools.sh: #4757: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4758: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4759: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ff:59:21:e1:00:e9:89:cb:b3:da:8d:d8:b1:83:40:b9 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:0c:ef:3f:04:da:90:e8:1d:3a:d3:fd:48:9f:fd: 19:9a Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4760: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4761: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4762: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 8b:9a:12:31:c4:05:93:5b:62:1f:69:87:c4:b4:e9:14 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:4b:87:9b:23:c8:73:f9:54:f8:8e:f0:82:61:4d: 27:13 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4763: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4764: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4765: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 2c:83:8b:36:99:bd:09:b7:61:b0:78:b7:3b:4d:2c:aa Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:99:e4:b2:25:53:86:68:7b:a1:47:7d:4a:ce:67: 6c:6d tools.sh: #4766: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4767: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4768: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 12:e6:95:58:ba:63:ee:ce:cd:5b:af:76:13:4a:f9:9c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:4a:9c:3c:cc:04:c3:51:8a:88:44:e7:eb:2d:68: dc:24 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4769: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4770: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4771: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5c:2f:d1:a1:18:9d:91:e9:fa:17:04:99:06:9b:e1:f3 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:51:55:56:8a:8f:e5:32:9e:4c:1f:d3:26:57:4e: 70:ad Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4772: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4773: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4774: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 13:f8:1d:d8:2f:9c:ea:01:e7:8d:95:89:7e:fb:f1:a5 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:2f:a6:0d:bc:cc:c7:d5:d1:0b:36:aa:c0:f1:db: b7:0e tools.sh: #4775: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4776: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4777: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 67:8b:9e:ef:72:31:7a:6b:78:20:dd:04:41:3a:cb:0f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:e1:7d:3d:45:8a:70:01:04:e1:c9:34:d9:e0:88: a4:23 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4778: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4779: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4780: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 42:7d:7a:33:d6:f5:d3:45:bb:18:ae:01:73:6a:c7:ee Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:45:bb:8f:07:0b:7e:a3:0e:b4:5f:56:dd:38:5c: e8:ab Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4781: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4782: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4783: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 62:0c:68:b4:3b:77:86:30:c4:1a:c9:bc:97:4e:80:2e Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:0f:1c:f1:0a:8b:fa:48:31:d3:b5:e6:4d:8f:59: 4b:94 tools.sh: #4784: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4785: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4786: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 54:e6:96:37:d3:af:fc:c5:fd:2a:62:43:33:6b:13:2c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:81:c5:f8:07:9a:ce:f6:79:b7:2d:24:67:88:db: 10:a1 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4787: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4788: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4789: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3c:98:3d:5c:cc:6f:ee:e9:73:8b:a9:85:56:f4:92:42 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:fd:68:87:1d:d5:af:fb:5d:2c:a7:f5:2d:42:c7: bb:8d Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4790: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4791: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4792: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 46:72:31:e1:46:7b:55:7b:56:21:e4:f2:0f:ce:93:d5 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:a7:70:8f:2b:fe:d1:ca:e7:17:56:63:87:4c:82: 82:a2 tools.sh: #4793: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4794: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4795: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: c6:cd:a0:3c:4d:b8:14:54:b0:d6:cc:a6:bb:4a:08:e4 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:01:bb:4f:fa:55:7a:75:c8:9e:e0:ff:ac:2a:f0: 18:43 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4796: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4797: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4798: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 65:12:7d:ab:09:cb:60:c4:28:f7:ee:ef:6d:25:37:31 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:70:2f:55:37:68:60:3f:c4:70:99:62:56:d8:31: b6:c8 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4799: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4800: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4801: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 13:45:36:fe:35:41:8f:4f:66:9b:75:d7:db:1a:78:83 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:c9:d8:a3:cb:ce:d1:a8:e3:a5:92:e8:75:2a:92: 3e:e0 tools.sh: #4802: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4803: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4804: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 35:72:f9:a4:8d:7f:05:1a:64:f1:a0:bf:21:42:08:3a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:5b:95:99:f9:be:7b:36:46:43:dc:75:40:e8:ea: ff:34 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4805: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4806: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4807: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: e1:66:13:15:a9:51:b1:c9:33:27:5d:d8:4b:48:e0:7f Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:1a:aa:f1:ea:8e:f3:e8:66:c7:2e:11:36:89:0b: e1:8f Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4808: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4809: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4810: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 5e:4c:f7:4f:de:b9:2d:c9:13:b1:1a:47:44:47:3a:af Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:ef:fd:5e:30:57:d5:5a:32:af:4a:62:a1:7f:6e: 18:4c tools.sh: #4811: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4812: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4813: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 99:0d:25:7d:f4:4e:82:7f:a4:d9:cc:84:2a:74:f5:76 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4814: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4815: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4816: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 4a:0c:bf:e6:32:ce:52:b2:43:4b:27:60:cf:be:89:f0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4817: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4818: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4819: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: b7:99:ec:ac:4e:b3:13:31:82:74:b9:10:3c:a1:35:ea Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4820: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4821: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4822: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: da:63:d7:73:7c:37:31:78:8f:64:19:1c:28:03:72:7b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4823: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4824: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4825: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 0c:4f:8f:7c:67:7f:6a:0f:54:85:a2:7d:c2:b4:3b:08 Iteration Count: 2000 (0x7d0) tools.sh: #4826: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4827: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4828: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 14:bf:5e:ec:1d:f3:53:77:c9:64:ca:5b:00:9e:5c:16 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4829: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4830: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4831: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: b2:c2:05:57:fe:cc:dd:11:80:41:d3:f2:8d:1a:07:5e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4832: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4833: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4834: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: b5:a4:50:26:f4:5e:38:a1:53:bd:12:5f:af:71:d1:9b Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4835: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4836: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4837: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: ae:71:1c:94:43:86:a5:33:85:71:30:1e:d1:c7:2c:b9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4838: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4839: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4840: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: a4:19:77:b6:56:f9:91:ee:22:ad:1b:e5:b5:69:24:b2 Iteration Count: 2000 (0x7d0) tools.sh: #4841: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4842: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4843: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 48:26:b2:3d:82:c0:34:c3:69:94:63:f1:d5:93:d0:52 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4844: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4845: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4846: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: d3:4f:63:43:1f:fb:7b:43:52:9f:59:1f:12:2d:0b:dc Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4847: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4848: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4849: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 6b:5c:48:6f:91:92:97:76:a0:94:5c:aa:e4:ea:00:95 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4850: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4851: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4852: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 60:06:0f:aa:d1:4d:d1:f5:3a:cc:b1:d8:1c:f5:d1:75 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4853: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4854: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4855: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: d0:7a:e0:c1:43:6b:e6:93:33:c0:61:88:bf:5e:89:30 Iteration Count: 2000 (0x7d0) tools.sh: #4856: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4857: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4858: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: e2:d5:66:de:ec:9c:2e:6f:2c:49:06:3f:33:01:36:74 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4859: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4860: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4861: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c6:2a:d4:04:0b:14:d2:85:32:cf:d3:22:13:55:5c:82 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4862: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4863: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4864: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 15:e1:5e:7b:22:c2:52:86:e6:99:e1:58:bf:8f:14:13 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4865: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4866: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4867: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 73:5d:f3:33:15:ce:8b:f7:b2:fb:c4:72:48:24:ac:39 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4868: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4869: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4870: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: da:6b:80:6c:7a:25:2f:3c:13:dd:da:35:5a:00:16:6e Iteration Count: 2000 (0x7d0) tools.sh: #4871: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4872: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4873: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6a:b4:7a:41:d9:17:e0:08:09:40:b8:3a:aa:9b:b9:d8 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4874: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4875: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4876: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 31:66:ba:32:e7:42:fc:1e:d2:3c:b3:2b:7a:60:25:a7 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4877: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4878: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4879: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b6:87:99:39:3f:30:ec:7f:56:33:a1:10:3b:bd:cc:0c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4880: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4881: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4882: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: b0:01:65:be:44:09:32:9b:27:89:1f:e9:61:ed:b0:e0 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4883: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4884: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4885: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 96:38:a9:dc:02:17:4f:7c:9b:8e:d8:32:f4:76:6c:f4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4886: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4887: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4888: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f7:84:88:0a:68:32:90:a5:51:c1:2a:ac:e2:04:a7:0e Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4889: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4890: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4891: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 1f:25:5e:48:dd:9c:b3:82:12:70:b1:b7:eb:f5:9c:90 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4892: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4893: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4894: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f7:55:bb:23:86:6a:4a:11:06:8d:f5:86:f1:8b:a1:74 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4895: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4896: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4897: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: a0:dc:4b:36:39:af:fc:bf:51:b2:36:b4:52:ee:1d:6c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4898: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4899: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4900: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ab:62:e9:e4:e2:01:26:f3:6a:2a:c1:05:0d:04:d3:8a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:40:41 2015 Not After : Tue May 19 05:40:41 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a3:7e:61:31:63:33:a3:ac:a0:93:a0:58:49:1a:17:5f: 14:da:5b:be:6d:e8:7f:32:20:2b:07:57:19:e9:68:6c: 9e:36:7e:3d:61:3a:88:a8:dc:36:08:de:29:35:8f:e7: 68:d2:a1:76:c1:8b:96:93:ee:fd:9d:d6:1b:b0:4f:39: a0:78:2f:20:6e:aa:4a:0a:ae:62:3c:a0:3a:72:30:61: 7c:8f:c6:1a:67:7b:12:85:45:52:5a:99:f3:c8:b1:be: ab:34:81:e7:5a:c5:b4:be:f3:1d:db:d6:b2:05:65:a8: 1a:eb:a7:8d:93:be:9a:62:09:09:68:6e:59:57:b5:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:af:e4:35:35:19:ab:0e:b5:dc:31:04:64:23:f4:93: bf:7a:3c:fe:18:49:c5:f9:97:18:0c:de:64:71:00:2c: 0b:59:98:8f:fc:44:00:c3:cc:74:5e:ba:12:88:6a:6d: da:0a:f5:7e:56:03:a3:12:d1:43:15:a0:dd:f1:e1:1c: 0e:4d:d6:54:49:77:dd:54:e2:42:1d:95:e2:c5:cf:49: 71:b3:15:55:de:7f:8a:17:d7:1a:c3:30:92:d2:66:e0: f7:fb:d2:36:0e:1a:ea:49:f7:2a:3a:cb:63:b8:63:3f: 99:70:62:05:aa:82:34:ad:30:68:2f:07:65:36:99:ef Fingerprint (SHA-256): 30:AB:25:AC:36:E2:4C:0D:85:FA:50:67:3A:02:BC:34:98:10:50:C0:EE:65:62:B1:AC:B9:54:3D:B3:DB:75:15 Fingerprint (SHA1): D1:27:BD:6C:F4:CD:61:42:F2:59:8A:67:8C:62:A8:23:4D:CA:DD:02 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:41:55 2015 Not After : Tue May 19 05:41:55 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:4b:2f:04:48:cf:e3:67:e2:9d:07:2c:d2:59:4c:57: 18:77:d0:8a:0b:fa:be:2c:ea:8b:68:0d:38:e5:b7:27: 33:20:55:74:e7:c6:a6:e3:39:d9:56:7e:fe:5f:a4:be: 02:f7:1f:a2:6c:cb:79:00:34:41:15:63:84:ee:e9:89: 38:e9:64:a7:e6:b0:f8:76:5a:e7:ee:9e:d7:b6:41:30: 33:34:87:13:fe:31:7d:71:51:e2:dc:f3:d9:de:33:ca: 1e:83:1c:3c:c8:16:8f:bd:1b:cb:0d:a8:5a:09:50:31: 08:99:d7:e1:58:61:f8:58:07:8d:96:16:d2:32:4c:b7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:48:ad:0e:9d:c2:9f:43:bc:ba:4b:83:d2:ff:09:12: 8c:fd:24:dc:0e:8b:61:1f:95:0c:78:d0:66:e0:d4:21: 5f:48:5a:81:2b:e7:69:99:5a:33:0b:26:38:74:3f:0b: 40:b1:91:fc:42:07:c3:fe:10:4e:55:18:09:da:bb:39: 14:a3:65:7a:6c:d9:ed:6e:32:d7:d5:bf:59:d7:87:2b: e4:2c:a7:6c:f0:c4:31:67:93:f0:8e:4b:96:24:4e:54: 52:bb:c9:c4:a0:6e:f9:41:7c:4c:8a:31:31:30:56:37: 27:d4:c2:78:07:18:54:c9:b9:a4:9c:66:b9:ca:99:55 Fingerprint (SHA-256): 5B:84:0B:84:68:1A:3D:21:D9:D6:BA:34:4C:4D:F0:51:3E:47:5E:05:64:FF:75:37:8A:7A:74:F9:F0:40:F9:A4 Fingerprint (SHA1): 31:5D:AF:33:93:BB:5E:89:D2:AC:85:5C:D6:77:82:47:0E:64:8B:A2 Friendly Name: Alice tools.sh: #4901: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #4902: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #4903: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #4904: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #4905: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #4906: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #4907: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #4908: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #4909: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #4910: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #4911: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Tue May 19 02:42:57 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Tue May 19 02:42:57 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #4912: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #4913: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 FIPS_PUB_140_Test_Certificate fips.sh: #4914: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #4915: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #4916: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #4917: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #4918: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #4919: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #4920: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #4921: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #4922: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #4923: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #4924: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 FIPS_PUB_140_Test_Certificate fips.sh: #4925: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #4926: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #4927: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #4928: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #4929: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa f838ba3ce44a00ce03461031e88994fcbe7fa574 FIPS_PUB_140_Test_Certificate fips.sh: #4930: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #4931: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #4932: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle mkdir: cannot create directory '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle': File exists cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so -o -8 -b 5 Changing byte 0x00032e40 (208448): from 21 (33) to 01 (1) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/fips/mangle dbtest -r -d ../fips fips.sh: #4933: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Tue May 19 02:44:05 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Tue May 19 02:44:05 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #4934: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #4935: CMMF test . - PASSED TIMESTAMP crmf END: Tue May 19 02:44:07 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Tue May 19 02:44:07 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #4936: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4937: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #4938: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #4939: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #4940: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #4941: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4942: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #4943: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #4944: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #4945: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #4946: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4947: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #4948: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #4949: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #4950: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #4951: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4952: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #4953: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #4954: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #4955: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #4956: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4957: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #4958: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #4959: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #4960: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #4961: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4962: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #4963: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #4964: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #4965: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #4966: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4967: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #4968: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #4969: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #4970: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #4971: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #4972: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #4973: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #4974: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #4975: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #4976: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #4977: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #4978: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #4979: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #4980: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #4981: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #4982: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #4983: Decrypt with a Multiple Email cert . - PASSED smime.sh: #4984: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #4985: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #4986: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #4987: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #4988: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #4989: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #4990: Decode Encrypted-Data . - PASSED smime.sh: #4991: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #4992: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #4993: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #4994: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #4995: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #4996: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Tue May 19 02:44:39 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Tue May 19 02:44:39 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Tue May 19 02:44:39 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Tue May 19 02:44:39 EDT 2015 merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #4997: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id dave --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #4998: Merging Dave - PASSED merge.sh: Merging in new user certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id server --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #4999: Merging server - PASSED merge.sh: Merging in new chain certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id ext_client --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5000: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict1 --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5001: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict2 --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5002: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:44:30 2015 Not After : Tue May 19 05:44:30 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ca:04:61:bc:97:4d:e6:b6:bc:c7:e3:9d:27:02:d5:dd: 1f:0e:35:fd:1b:67:78:29:30:a0:4c:99:22:4b:68:57: 02:f9:8a:ea:ab:c6:bb:66:d7:96:7b:68:55:f3:15:56: ef:0d:be:81:0c:54:7d:b8:65:94:54:48:06:d1:30:a3: 95:c9:59:2a:83:01:ab:79:89:53:ca:5c:4c:07:d6:14: 15:16:f8:0f:7f:fe:5d:c6:9a:e4:91:33:d4:90:70:10: 66:26:52:c3:46:7b:45:67:af:70:c0:4a:96:1c:f4:15: c0:e1:2a:ac:63:1f:05:cd:bc:8a:63:c4:a8:e3:01:dd Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 28:fa:cc:0e:9f:af:ab:47:d7:69:d8:78:ab:fd:41:ad: 49:a1:c7:df:a4:cb:fc:20:6c:3b:de:4e:b1:a1:d8:47: 9b:5c:35:52:85:e8:62:bd:f4:76:d4:7e:4c:00:86:65: 1e:76:74:ea:a0:7f:21:4e:25:fe:cf:80:27:93:10:6e: b7:1e:2d:a2:53:ba:d4:92:39:ff:4a:b3:d2:7a:91:39: 7b:98:74:ed:e1:23:c6:c9:8f:38:65:01:d1:7f:bc:97: fe:63:f6:42:8a:be:be:32:1e:27:ea:bf:b4:68:e1:4a: d6:59:c9:0d:34:09:d3:67:26:fc:a1:4c:80:f0:87:d5 Fingerprint (SHA-256): 41:3D:4D:9F:A7:77:CA:0D:B8:EF:4E:14:A6:C9:2D:F6:2C:40:04:D5:CD:E5:2D:1A:94:EE:8D:31:37:90:69:6E Fingerprint (SHA1): E1:E0:EC:D4:B2:7F:4D:26:A5:7F:69:F8:6F:76:A9:75:2C:F6:25:17 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5003: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 05:44:36 2015 Not After : Tue May 19 05:44:36 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9e:d1:0b:48:da:c1:f4:4f:46:f6:52:ae:59:8f:f7:50: 48:a1:ed:c8:dc:14:a9:d4:e1:8a:2e:ad:b0:79:a4:dd: ba:4d:af:11:ed:ae:3a:1f:de:82:91:11:1f:e8:a3:fb: 10:a3:56:3b:db:10:e2:68:1f:21:60:38:b6:71:17:2a: 5e:73:bb:dd:09:bf:76:04:82:64:83:1e:5e:2e:db:40: ef:da:04:52:04:37:98:7c:ba:9c:b3:37:4f:c7:d5:1f: 4d:fb:c1:13:fa:31:6f:13:d2:4c:1b:1e:6e:b4:bd:ab: c5:94:f3:7a:cb:ef:59:f6:0d:1d:d5:86:1e:55:38:7b Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 39:bd:fc:52:68:d1:c3:ef:92:e2:f0:3d:55:4d:e7:3b: 91:f0:b3:26:3c:78:08:5a:7d:32:1a:24:2b:1a:db:4b: ab:41:dd:86:b7:1b:2e:db:b0:10:c6:7e:f7:af:3e:44: c4:bd:cd:a8:59:09:37:42:c1:be:92:f0:67:c0:66:2e: bf:90:b8:20:4b:57:b8:44:32:e3:a1:af:60:0e:32:65: d3:61:52:43:f6:f0:69:34:92:3c:c5:7d:e7:36:6b:93: 2e:bb:15:0d:28:2f:41:8c:04:ac:19:b3:ff:e5:1b:ca: 90:2e:a1:87:53:15:2b:a9:8e:b3:44:8f:25:0a:77:92 Fingerprint (SHA-256): 66:8D:05:05:79:D1:29:3D:F3:B8:11:15:D0:00:95:4B:95:12:A2:86:3A:18:3A:E2:24:97:A6:CF:E9:5C:54:2A Fingerprint (SHA1): 8B:FF:47:9F:D8:A4:AE:B4:7A:9D:89:05:F5:9C:72:4C:08:59:03:A0 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5004: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id sdr --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw upgrade complete! merge.sh: #5005: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Alice u,u,u Alice-ec u,u,u bob@bogus.com ,, Dave u,u,u eve@bogus.com ,, bob-ec@bogus.com ,, Dave-ec u,u,u TestCA CT,C,C TestCA-ec CT,C,C Alice-ecmixed u,u,u Dave-ecmixed u,u,u localhost.localdomain u,u,u localhost.localdomain-ec u,u,u localhost-sni.localdomain-ecmixed u,u,u localhost.localdomain-ecmixed u,u,u localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec u,u,u ExtendedSSLUser-ecmixed u,u,u clientCA T,C,C chain-2-clientCA-ec ,, chain-2-clientCA ,, clientCA-ec T,C,C ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec u,u,u serverCA-ec C,C,C chain-1-clientCA ,, chain-1-clientCA-ec ,, Alice #1 ,, Alice #2 ,, Alice #99 ,, Alice #3 ,, Alice #100 ,, Alice #4 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #5006: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/upgradedb/tests.v1.900 -t Test1 -f ../tests.pw merge.sh: #5007: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #5008: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #5009: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #5010: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Tue May 19 05:45:24 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Tue May 19 05:40:39 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Tue May 19 05:45:21 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #5011: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Tue May 19 02:44:56 EDT 2015 merge.sh: Testing with shared library =============================== Running tests for lowhash TIMESTAMP lowhash BEGIN: Tue May 19 02:44:56 EDT 2015 lowhash.sh: Lowhash Tests =============================== freebl lowhash not supported in this plaform. lowhash.sh done TIMESTAMP lowhash END: Tue May 19 02:44:56 EDT 2015 Running tests for cert TIMESTAMP cert BEGIN: Tue May 19 02:44:56 EDT 2015 cert.sh: Certutil and Crlutil Tests with ECC =============================== cert.sh: #5012: Looking for root certs module. - PASSED cert.sh: Creating a CA Certificate TestCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -f ../tests.pw cert.sh: #5013: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5014: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert TestCA -------------------------- certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5015: Creating CA Cert TestCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -o root.cert cert.sh: #5016: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -f ../tests.pw cert.sh: #5017: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5018: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert serverCA -------------------------- certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5019: Creating CA Cert serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5020: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert chain-1-serverCA -------------------------- certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5021: Creating CA Cert chain-1-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5022: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-serverCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating CA Cert chain-2-serverCA -------------------------- certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5023: Creating CA Cert chain-2-serverCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -o root.cert cert.sh: #5024: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -f ../tests.pw cert.sh: #5025: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5026: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert clientCA -------------------------- certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5027: Creating CA Cert clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5028: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-1-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert chain-1-clientCA -------------------------- certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5029: Creating CA Cert chain-1-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5030: Exporting Root Cert - PASSED cert.sh: Creating a CA Certificate chain-2-clientCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating CA Cert chain-2-clientCA -------------------------- certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5031: Creating CA Cert chain-2-clientCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -o root.cert cert.sh: #5032: Exporting Root Cert - PASSED cert.sh: Creating an EC CA Certificate TestCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating EC CA Cert TestCA-ec -------------------------- certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5033: Creating EC CA Cert TestCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n TestCA-ec -r -d . -o ecroot.cert cert.sh: #5034: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert serverCA-ec -------------------------- certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5035: Creating EC CA Cert serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n serverCA-ec -r -d . -o ecroot.cert cert.sh: #5036: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert chain-1-serverCA-ec -------------------------- certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5037: Creating EC CA Cert chain-1-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert cert.sh: #5038: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA cert.sh: Creating EC CA Cert chain-2-serverCA-ec -------------------------- certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5039: Creating EC CA Cert chain-2-serverCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert cert.sh: #5040: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert clientCA-ec -------------------------- certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5041: Creating EC CA Cert clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n clientCA-ec -r -d . -o ecroot.cert cert.sh: #5042: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert chain-1-clientCA-ec -------------------------- certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5043: Creating EC CA Cert chain-1-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert cert.sh: #5044: Exporting EC Root Cert - PASSED cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA cert.sh: Creating EC CA Cert chain-2-clientCA-ec -------------------------- certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5045: Creating EC CA Cert chain-2-clientCA-ec - PASSED cert.sh: Exporting EC Root Cert -------------------------- certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert cert.sh: #5046: Exporting EC Root Cert - PASSED cert.sh: Creating Certificates, issued by the last =============== of a chain of CA's which are not in the same database============ Server Cert cert.sh: Initializing localhost.localdomain's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw cert.sh: #5047: Initializing localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5048: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5049: Generate Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #5050: Sign localhost.localdomain's Request (ext) - PASSED cert.sh: Import localhost.localdomain's Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5051: Import localhost.localdomain's Cert -t u,u,u (ext) - PASSED cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert cert.sh: #5052: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5053: Generate EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #5054: Sign localhost.localdomain's EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5055: Import localhost.localdomain's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) -------------------------- certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert cert.sh: #5056: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5057: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED cert.sh: Sign localhost.localdomain's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5058: Sign localhost.localdomain's mixed EC Request (ext) - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5059: Import localhost.localdomain's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the server's own CA chain into the servers DB cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert cert.sh: #5060: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5061: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert cert.sh: #5062: Import serverCA CA -t C,C,C for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5063: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5064: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.) - PASSED cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) -------------------------- certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5065: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.) - PASSED Client Cert cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw cert.sh: #5066: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5067: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED cert.sh: Generate Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5068: Generate Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw cert.sh: #5069: Sign ExtendedSSLUser's Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5070: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert cert.sh: #5071: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5072: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw cert.sh: #5073: Sign ExtendedSSLUser's EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5074: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert cert.sh: #5075: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) -------------------------- certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5076: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) -------------------------- certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw cert.sh: #5077: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) -------------------------- certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5078: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED Importing all the client's own CA chain into the servers DB cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert cert.sh: #5079: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5080: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5081: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5082: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) -------------------------- certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA-ec.ca.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5083: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) -------------------------- certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert cert.sh: #5084: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED cert.sh SUCCESS: EXT passed cert.sh: Creating Client CA Issued Certificates =============== cert.sh: Initializing TestUser's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw cert.sh: #5085: Initializing TestUser's Cert DB - PASSED cert.sh: Loading root cert module to TestUser's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5086: Loading root cert module to TestUser's Cert DB - PASSED cert.sh: Import Root CA for TestUser -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA.ca.cert cert.sh: #5087: Import Root CA for TestUser - PASSED cert.sh: Import EC Root CA for TestUser -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA-ec.ca.cert cert.sh: #5088: Import EC Root CA for TestUser - PASSED cert.sh: Generate Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5089: Generate Cert Request for TestUser - PASSED cert.sh: Sign TestUser's Request -------------------------- certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw cert.sh: #5090: Sign TestUser's Request - PASSED cert.sh: Import TestUser's Cert -------------------------- certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5091: Import TestUser's Cert - PASSED cert.sh SUCCESS: TestUser's Cert Created cert.sh: Generate EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5092: Generate EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request -------------------------- certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw cert.sh: #5093: Sign TestUser's EC Request - PASSED cert.sh: Import TestUser's EC Cert -------------------------- certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5094: Import TestUser's EC Cert - PASSED cert.sh SUCCESS: TestUser's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser -------------------------- certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5095: Generate mixed EC Cert Request for TestUser - PASSED cert.sh: Sign TestUser's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw cert.sh: #5096: Sign TestUser's EC Request with RSA - PASSED cert.sh: Import TestUser's mixed EC Cert -------------------------- certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5097: Import TestUser's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain ------------------------------------ cert.sh: Initializing localhost.localdomain's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5098: Initializing localhost.localdomain's Cert DB - PASSED cert.sh: Loading root cert module to localhost.localdomain's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5099: Loading root cert module to localhost.localdomain's Cert DB - PASSED cert.sh: Import Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA.ca.cert cert.sh: #5100: Import Root CA for localhost.localdomain - PASSED cert.sh: Import EC Root CA for localhost.localdomain -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA-ec.ca.cert cert.sh: #5101: Import EC Root CA for localhost.localdomain - PASSED cert.sh: Generate Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5102: Generate Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's Request -------------------------- certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw cert.sh: #5103: Sign localhost.localdomain's Request - PASSED cert.sh: Import localhost.localdomain's Cert -------------------------- certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5104: Import localhost.localdomain's Cert - PASSED cert.sh SUCCESS: localhost.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5105: Generate EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw cert.sh: #5106: Sign localhost.localdomain's EC Request - PASSED cert.sh: Import localhost.localdomain's EC Cert -------------------------- certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5107: Import localhost.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost.localdomain -------------------------- certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5108: Generate mixed EC Cert Request for localhost.localdomain - PASSED cert.sh: Sign localhost.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5109: Sign localhost.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5110: Import localhost.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created cert.sh: Creating Server CA Issued Certificate for \ localhost.localdomain-sni -------------------------------- cert.sh: Generate Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5111: Generate Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's Request -------------------------- certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw cert.sh: #5112: Sign localhost-sni.localdomain's Request - PASSED cert.sh: Import localhost-sni.localdomain's Cert -------------------------- certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5113: Import localhost-sni.localdomain's Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's Cert Created cert.sh: Generate EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5114: Generate EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request -------------------------- certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw cert.sh: #5115: Sign localhost-sni.localdomain's EC Request - PASSED cert.sh: Import localhost-sni.localdomain's EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5116: Import localhost-sni.localdomain's EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain -------------------------- certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5117: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED cert.sh: Sign localhost-sni.localdomain's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw cert.sh: #5118: Sign localhost-sni.localdomain's EC Request with RSA - PASSED cert.sh: Import localhost-sni.localdomain's mixed EC Cert -------------------------- certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5119: Import localhost-sni.localdomain's mixed EC Cert - PASSED cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created cert.sh: Modify trust attributes of Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5120: Modify trust attributes of Root CA -t TC,TC,TC - PASSED cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server -f ../tests.pw cert.sh: #5121: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED cert.sh SUCCESS: SSL passed cert.sh: Creating database for OCSP stapling tests =============== cp -r /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/server /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/stapling Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA pk12util: PKCS12 EXPORT SUCCESSFUL Modify trust attributes of EC Root CA -t TC,TC,TC -------------------------- pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling pk12util: PKCS12 IMPORT SUCCESSFUL cert.sh: Creating Client CA Issued Certificates ============== cert.sh: Initializing Alice's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw cert.sh: #5122: Initializing Alice's Cert DB - PASSED cert.sh: Loading root cert module to Alice's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5123: Loading root cert module to Alice's Cert DB - PASSED cert.sh: Import Root CA for Alice -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA.ca.cert cert.sh: #5124: Import Root CA for Alice - PASSED cert.sh: Import EC Root CA for Alice -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA-ec.ca.cert cert.sh: #5125: Import EC Root CA for Alice - PASSED cert.sh: Generate Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5126: Generate Cert Request for Alice - PASSED cert.sh: Sign Alice's Request -------------------------- certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw cert.sh: #5127: Sign Alice's Request - PASSED cert.sh: Import Alice's Cert -------------------------- certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5128: Import Alice's Cert - PASSED cert.sh SUCCESS: Alice's Cert Created cert.sh: Generate EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5129: Generate EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request -------------------------- certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw cert.sh: #5130: Sign Alice's EC Request - PASSED cert.sh: Import Alice's EC Cert -------------------------- certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5131: Import Alice's EC Cert - PASSED cert.sh SUCCESS: Alice's EC Cert Created cert.sh: Generate mixed EC Cert Request for Alice -------------------------- certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5132: Generate mixed EC Cert Request for Alice - PASSED cert.sh: Sign Alice's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw cert.sh: #5133: Sign Alice's EC Request with RSA - PASSED cert.sh: Import Alice's mixed EC Cert -------------------------- certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5134: Import Alice's mixed EC Cert - PASSED cert.sh SUCCESS: Alice's mixed EC Cert Created cert.sh: Initializing Bob's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw cert.sh: #5135: Initializing Bob's Cert DB - PASSED cert.sh: Loading root cert module to Bob's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5136: Loading root cert module to Bob's Cert DB - PASSED cert.sh: Import Root CA for Bob -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA.ca.cert cert.sh: #5137: Import Root CA for Bob - PASSED cert.sh: Import EC Root CA for Bob -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA-ec.ca.cert cert.sh: #5138: Import EC Root CA for Bob - PASSED cert.sh: Generate Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5139: Generate Cert Request for Bob - PASSED cert.sh: Sign Bob's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw cert.sh: #5140: Sign Bob's Request - PASSED cert.sh: Import Bob's Cert -------------------------- certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5141: Import Bob's Cert - PASSED cert.sh SUCCESS: Bob's Cert Created cert.sh: Generate EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5142: Generate EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw cert.sh: #5143: Sign Bob's EC Request - PASSED cert.sh: Import Bob's EC Cert -------------------------- certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5144: Import Bob's EC Cert - PASSED cert.sh SUCCESS: Bob's EC Cert Created cert.sh: Generate mixed EC Cert Request for Bob -------------------------- certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5145: Generate mixed EC Cert Request for Bob - PASSED cert.sh: Sign Bob's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw cert.sh: #5146: Sign Bob's EC Request with RSA - PASSED cert.sh: Import Bob's mixed EC Cert -------------------------- certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5147: Import Bob's mixed EC Cert - PASSED cert.sh SUCCESS: Bob's mixed EC Cert Created cert.sh: Creating Dave's Certificate ------------------------- cert.sh: Initializing Dave's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw cert.sh: #5148: Initializing Dave's Cert DB - PASSED cert.sh: Loading root cert module to Dave's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5149: Loading root cert module to Dave's Cert DB - PASSED cert.sh: Import Root CA for Dave -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA.ca.cert cert.sh: #5150: Import Root CA for Dave - PASSED cert.sh: Import EC Root CA for Dave -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA-ec.ca.cert cert.sh: #5151: Import EC Root CA for Dave - PASSED cert.sh: Generate Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5152: Generate Cert Request for Dave - PASSED cert.sh: Sign Dave's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw cert.sh: #5153: Sign Dave's Request - PASSED cert.sh: Import Dave's Cert -------------------------- certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5154: Import Dave's Cert - PASSED cert.sh SUCCESS: Dave's Cert Created cert.sh: Generate EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5155: Generate EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw cert.sh: #5156: Sign Dave's EC Request - PASSED cert.sh: Import Dave's EC Cert -------------------------- certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5157: Import Dave's EC Cert - PASSED cert.sh SUCCESS: Dave's EC Cert Created cert.sh: Generate mixed EC Cert Request for Dave -------------------------- certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5158: Generate mixed EC Cert Request for Dave - PASSED cert.sh: Sign Dave's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw cert.sh: #5159: Sign Dave's EC Request with RSA - PASSED cert.sh: Import Dave's mixed EC Cert -------------------------- certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5160: Import Dave's mixed EC Cert - PASSED cert.sh SUCCESS: Dave's mixed EC Cert Created cert.sh: Creating multiEmail's Certificate -------------------- cert.sh: Initializing Eve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw cert.sh: #5161: Initializing Eve's Cert DB - PASSED cert.sh: Loading root cert module to Eve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5162: Loading root cert module to Eve's Cert DB - PASSED cert.sh: Import Root CA for Eve -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA.ca.cert cert.sh: #5163: Import Root CA for Eve - PASSED cert.sh: Import EC Root CA for Eve -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA-ec.ca.cert cert.sh: #5164: Import EC Root CA for Eve - PASSED cert.sh: Generate Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5165: Generate Cert Request for Eve - PASSED cert.sh: Sign Eve's Request -------------------------- certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5166: Sign Eve's Request - PASSED cert.sh: Import Eve's Cert -------------------------- certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5167: Import Eve's Cert - PASSED cert.sh SUCCESS: Eve's Cert Created cert.sh: Generate EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5168: Generate EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request -------------------------- certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5169: Sign Eve's EC Request - PASSED cert.sh: Import Eve's EC Cert -------------------------- certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5170: Import Eve's EC Cert - PASSED cert.sh SUCCESS: Eve's EC Cert Created cert.sh: Generate mixed EC Cert Request for Eve -------------------------- certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5171: Generate mixed EC Cert Request for Eve - PASSED cert.sh: Sign Eve's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com cert.sh: #5172: Sign Eve's EC Request with RSA - PASSED cert.sh: Import Eve's mixed EC Cert -------------------------- certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5173: Import Eve's mixed EC Cert - PASSED cert.sh SUCCESS: Eve's mixed EC Cert Created cert.sh: Importing Certificates ============================== cert.sh: Import Bob's cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert cert.sh: #5174: Import Bob's cert into Alice's db - PASSED cert.sh: Import Dave's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #5175: Import Dave's cert into Alice's DB - PASSED cert.sh: Import Dave's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert cert.sh: #5176: Import Dave's cert into Bob's DB - PASSED cert.sh: Import Eve's cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #5177: Import Eve's cert into Alice's DB - PASSED cert.sh: Import Eve's cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert cert.sh: #5178: Import Eve's cert into Bob's DB - PASSED cert.sh: Importing EC Certificates ============================== cert.sh: Import Bob's EC cert into Alice's db -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert cert.sh: #5179: Import Bob's EC cert into Alice's db - PASSED cert.sh: Import Dave's EC cert into Alice's DB -------------------------- certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #5180: Import Dave's EC cert into Alice's DB - PASSED cert.sh: Import Dave's EC cert into Bob's DB -------------------------- certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert cert.sh: #5181: Import Dave's EC cert into Bob's DB - PASSED cert.sh SUCCESS: SMIME passed cert.sh: Creating FIPS 140 DSA Certificates ============== cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw cert.sh: #5182: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5183: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED cert.sh: Enable FIPS mode on database ----------------------- modutil -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -fips true WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: FIPS mode enabled. cert.sh: #5184: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5185: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED cert.sh SUCCESS: FIPS passed cert.sh: Creating Server CA Issued Certificate for EC Curves Test Certificates ------------------------------------ cert.sh: Initializing EC Curve's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw cert.sh: #5186: Initializing EC Curve's Cert DB - PASSED cert.sh: Loading root cert module to EC Curve's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5187: Loading root cert module to EC Curve's Cert DB - PASSED cert.sh: Import EC Root CA for EC Curves Test Certificates -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -i ../CA/TestCA-ec.ca.cert cert.sh: #5188: Import EC Root CA for EC Curves Test Certificates - PASSED cert.sh: Generate EC Cert Request for Curve-nistp256 -------------------------- certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5189: Generate EC Cert Request for Curve-nistp256 - PASSED cert.sh: Sign Curve-nistp256's EC Request -------------------------- certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw cert.sh: #5190: Sign Curve-nistp256's EC Request - PASSED cert.sh: Import Curve-nistp256's EC Cert -------------------------- certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5191: Import Curve-nistp256's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp384 -------------------------- certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5192: Generate EC Cert Request for Curve-nistp384 - PASSED cert.sh: Sign Curve-nistp384's EC Request -------------------------- certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw cert.sh: #5193: Sign Curve-nistp384's EC Request - PASSED cert.sh: Import Curve-nistp384's EC Cert -------------------------- certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5194: Import Curve-nistp384's EC Cert - PASSED cert.sh: Generate EC Cert Request for Curve-nistp521 -------------------------- certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5195: Generate EC Cert Request for Curve-nistp521 - PASSED cert.sh: Sign Curve-nistp521's EC Request -------------------------- certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw cert.sh: #5196: Sign Curve-nistp521's EC Request - PASSED cert.sh: Import Curve-nistp521's EC Cert -------------------------- certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5197: Import Curve-nistp521's EC Cert - PASSED cert.sh: Initializing TestExt's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw cert.sh: #5198: Initializing TestExt's Cert DB - PASSED cert.sh: Loading root cert module to TestExt's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5199: Loading root cert module to TestExt's Cert DB - PASSED cert.sh: Import Root CA for TestExt -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA.ca.cert cert.sh: #5200: Import Root CA for TestExt - PASSED cert.sh: Import EC Root CA for TestExt -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA-ec.ca.cert cert.sh: #5201: Import EC Root CA for TestExt - PASSED cert.sh: Generate Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5202: Generate Cert Request for TestExt - PASSED cert.sh: Sign TestExt's Request -------------------------- certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw cert.sh: #5203: Sign TestExt's Request - PASSED cert.sh: Import TestExt's Cert -------------------------- certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5204: Import TestExt's Cert - PASSED cert.sh SUCCESS: TestExt's Cert Created cert.sh: Generate EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5205: Generate EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request -------------------------- certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw cert.sh: #5206: Sign TestExt's EC Request - PASSED cert.sh: Import TestExt's EC Cert -------------------------- certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5207: Import TestExt's EC Cert - PASSED cert.sh SUCCESS: TestExt's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestExt -------------------------- certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5208: Generate mixed EC Cert Request for TestExt - PASSED cert.sh: Sign TestExt's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw cert.sh: #5209: Sign TestExt's EC Request with RSA - PASSED cert.sh: Import TestExt's mixed EC Cert -------------------------- certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5210: Import TestExt's mixed EC Cert - PASSED cert.sh SUCCESS: TestExt's mixed EC Cert Created certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt1 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:01 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:47:49 2015 Not After : Wed Aug 19 06:47:49 2015 Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ec:7b:81:19:e1:5b:68:b2:f1:5d:c9:7f:02:a2:d5:6f: 9e:30:86:3e:82:94:fc:5b:ce:98:f8:1e:ae:d5:0c:c1: eb:49:60:9a:47:70:b9:93:b0:e9:cd:6c:db:94:75:7b: ee:f4:fc:43:95:c9:c0:e6:10:e4:77:70:cb:38:4c:07: a5:6a:48:4c:09:fd:3a:ea:0f:03:7b:1e:fc:0f:08:53: 5f:fb:8b:ba:a8:c3:83:59:34:19:fa:18:7b:4a:35:24: 1d:b2:1a:da:0d:50:ba:98:03:68:af:20:ca:ea:df:f4: 1a:c9:ea:c5:7c:7b:fa:33:97:e5:03:47:68:5e:ed:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: df:74:dd:d7:18:68:ba:c2:e5:80:59:8c:a0:5e:f1:91: 96:67:3c:80:a6:5b:63:9b:49:e8:71:e7:4b:74:14:81: 7e:95:82:79:5c:44:6b:72:65:b6:f3:80:4c:05:6f:7b: 1f:4a:70:23:5f:9b:2b:7a:70:3f:ff:28:0b:00:1c:28: 38:5b:e1:90:71:de:4b:ba:d8:dc:e0:c6:79:57:c2:3b: 67:25:82:b3:7b:2a:d3:ba:ea:e4:a1:56:6c:c6:14:26: ed:36:eb:fb:cb:73:74:d6:a2:a0:cf:24:0a:92:4f:d9: a1:97:8a:b5:a6:22:5e:bf:56:67:80:55:b3:70:8c:28 Fingerprint (SHA-256): 31:79:0F:78:E3:1F:B4:52:FD:67:B9:33:30:EE:75:64:9B:67:13:5C:EE:50:4E:D6:71:66:0F:D5:79:D1:FB:88 Fingerprint (SHA1): E7:F7:71:66:17:EE:BF:D9:8D:AD:71:D0:54:EA:FC:ED:88:57:18:D1 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5211: Certificate Key Usage Extension (1) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt2 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:0d Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:47:52 2015 Not After : Wed Aug 19 06:47:52 2015 Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:fb:e3:0a:f5:29:26:b6:76:13:64:9c:17:ef:2e:b4: 57:a5:b6:e6:47:c6:fb:da:15:46:c0:31:ad:b1:b6:1d: b7:b7:2d:49:08:c4:91:9c:a0:01:1e:11:b2:29:66:95: 72:77:26:78:5a:36:39:da:3b:5d:1e:50:48:d6:20:12: 56:45:60:8a:0e:6e:ce:cd:ee:31:ed:82:75:10:cf:82: 1c:59:bb:07:80:c8:72:33:b9:07:7e:45:58:48:24:2d: 3b:e9:2f:c4:12:9d:50:d9:53:3f:23:14:66:f7:9e:83: df:e1:d5:f2:4f:11:8c:e9:99:fe:68:35:52:22:16:f9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:6b:75:14:e3:e9:c3:0c:1b:f4:a4:a6:de:96:40:32: 19:bf:b6:44:88:a3:9b:17:f3:af:e1:4e:2f:37:50:c9: 1c:00:3e:a0:40:9a:c9:8f:c1:9b:af:66:42:60:f6:da: d1:db:36:63:74:2b:b2:96:b1:59:b8:d8:47:07:63:ad: 75:f0:c7:89:39:75:1e:54:15:30:d3:5b:ba:6c:13:7e: af:85:7e:b2:00:c8:61:38:41:84:71:d1:10:d8:62:20: 50:a3:3e:0e:4c:4a:04:4d:27:49:d7:33:58:04:ff:9d: 89:9a:90:88:eb:90:f8:20:ea:7f:bc:3c:65:13:7f:f1 Fingerprint (SHA-256): 4F:81:69:12:DD:5F:E2:11:B7:71:53:8D:53:01:C4:24:76:D4:98:A1:1F:92:92:3B:E6:F7:E7:70:77:FE:2B:34 Fingerprint (SHA1): CD:61:DC:04:6C:E3:07:86:24:B4:78:06:16:1C:D5:F1:A9:0E:47:11 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5212: Certificate Key Usage Extension (2) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y -1 n Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt3 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:13 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:47:55 2015 Not After : Wed Aug 19 06:47:55 2015 Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:6f:38:b7:06:f0:e0:cd:34:12:be:73:de:18:0b:a9: 90:1c:8b:d3:61:d5:bc:1a:9e:f1:63:a4:5f:0e:81:d7: 36:f6:2c:45:a8:55:7b:ba:94:c0:ea:a6:17:3b:17:8b: e2:8d:08:30:db:af:ac:9f:b2:ef:de:aa:50:67:da:e6: a2:93:97:56:bd:b8:c3:b8:67:1e:1c:61:00:29:c4:7a: 37:83:8f:0c:f7:c8:0d:c5:0a:8b:fa:07:18:55:06:dc: 9d:52:a0:3c:c6:dd:91:69:91:e4:dc:d4:52:cb:ed:ce: 60:3c:80:e7:13:ce:34:9f:15:83:41:3f:5e:42:18:39 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 89:1b:8c:17:fd:76:09:46:36:20:d9:0b:ef:59:67:7e: e5:e9:6a:97:94:77:94:83:17:01:b1:0d:8c:18:07:5d: aa:43:e7:b9:fb:77:4d:4f:52:7d:f7:b1:9d:25:25:13: 79:85:18:d1:6f:e9:17:30:8e:dd:be:df:28:58:38:82: 9f:73:9c:d8:ab:25:11:76:11:16:e2:51:28:c1:af:50: be:18:f5:76:1a:94:bf:fe:93:1e:81:34:b8:40:8d:d7: 30:b2:a5:9c:0a:e0:06:cb:d1:35:b9:97:fd:1f:d0:60: 4a:cd:63:fe:1f:a1:c1:25:e6:61:22:ee:0e:10:3a:2a Fingerprint (SHA-256): 21:AE:C1:99:E7:FE:2D:A5:36:E2:14:BF:C4:D4:E1:8C:31:BA:EE:B7:51:4A:EE:0A:9E:C0:A9:A2:6A:39:3E:DD Fingerprint (SHA1): 78:C0:F2:62:8C:29:96:45:DD:E0:A9:18:81:84:DF:75:31:50:FD:A6 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5213: Certificate Basic Constraints Extension (3) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: n -1 y Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt4 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:19 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:47:58 2015 Not After : Wed Aug 19 06:47:58 2015 Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b2:bb:e0:14:2b:ff:3c:5f:0f:f6:90:13:87:38:39:86: 7f:3a:75:05:2d:18:7f:3f:17:ee:21:06:71:11:c5:34: 25:af:85:93:99:3c:64:fa:82:cb:47:d1:3c:6b:34:37: 60:b0:d7:84:52:a3:be:5e:3f:4d:59:dd:c1:f0:90:dc: fd:ac:16:d7:ac:6b:3f:54:a9:89:b4:41:84:bc:7a:1d: 7e:fb:38:1e:36:5a:ec:ee:f8:a5:7e:42:47:35:31:a3: 3c:2f:b9:78:e1:00:c4:93:6e:fd:da:44:78:b9:33:e0: f9:ec:87:b7:66:13:53:7c:18:56:25:81:de:09:f4:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 42:cb:eb:ef:34:7b:96:ba:15:3e:3a:c7:2f:2b:c7:d3: dd:e7:d0:91:4d:99:44:66:e9:13:da:89:67:55:df:d6: d2:5a:da:ff:4c:c0:bf:0c:f2:1d:6c:b9:c0:1e:52:e0: 05:e3:4c:af:5b:c9:06:38:17:83:e4:28:e2:bc:a9:ba: 0f:7e:24:61:f9:8c:89:01:fc:27:a0:f9:6a:06:71:5b: bf:3b:0c:d9:32:fd:2a:c2:ae:a2:b9:ef:bf:b2:e6:29: d4:18:61:fa:f9:73:e4:4c:27:c2:63:f4:d7:e9:0a:be: 36:10:72:fd:44:17:73:7d:c5:b8:7b:ad:57:07:e4:c3 Fingerprint (SHA-256): C2:6C:DE:2B:33:0D:4F:C1:FA:A9:FE:38:34:B8:5A:27:22:E7:19:94:70:C4:BD:21:F8:D6:38:9F:63:81:79:52 Fingerprint (SHA1): 64:41:D7:3C:CC:BC:1D:7D:25:97:C8:81:C7:B9:B5:01:CD:CF:FC:A0 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5214: Certificate Basic Constraints Extension (4) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y 12341235123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt5 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:1f Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:01 2015 Not After : Wed Aug 19 06:48:01 2015 Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:f1:da:54:53:dc:4b:2d:54:b0:26:15:23:31:cb:75: 9c:34:9a:7d:7b:40:19:49:41:d1:2a:4a:8a:af:9b:b2: ea:4e:22:e3:80:47:5f:f3:39:b7:94:8f:fc:b4:6e:58: 07:b0:c4:49:2e:5e:40:5a:0e:a6:22:7d:82:1a:7e:c4: 44:00:9b:fc:7e:34:96:db:0e:67:5a:61:fe:75:0d:d4: 9d:83:5a:05:1a:15:21:fb:a6:5d:68:37:8c:ac:03:dd: 8f:9d:31:8b:fd:40:33:4f:fb:bc:2e:08:aa:06:5e:3d: 16:e2:11:4c:93:f6:c8:80:61:f9:61:4b:db:8e:70:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Key ID: 12341235123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ae:de:e2:78:60:98:6f:82:ae:2b:59:3a:c1:59:80:c6: 88:8a:e6:95:b2:65:b9:bd:79:62:ce:61:b3:a5:d0:f3: 92:69:ca:a2:3f:c6:f2:a4:0c:7a:42:d1:db:b9:0d:53: 07:2b:51:7a:a8:6b:2f:22:39:cd:d3:ce:61:fc:d5:17: 53:f8:70:f2:bb:29:5f:53:2b:31:9d:84:b0:49:c2:ec: f3:d3:ec:64:fc:28:47:a2:a1:7e:43:c4:39:fb:f1:e2: f0:65:9f:0b:69:32:1b:cf:05:a9:9f:c8:49:aa:5c:9f: cc:08:04:2a:6f:4b:bb:3e:fc:dd:cf:ba:ab:c5:99:c0 Fingerprint (SHA-256): 43:07:B8:B9:BC:68:AD:AC:A6:08:E9:79:8D:53:1B:25:AC:3F:3D:C6:88:C8:29:90:D6:67:E1:A7:DF:F0:AA:CB Fingerprint (SHA1): 9A:1A:83:E8:EB:D8:51:39:62:71:E9:82:D1:8F:1B:2C:B4:C3:1A:45 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5215: Certificate Authority Key Identifier Extension (5) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: y 3 test.com 214123 y Generating key. This may take a few moments... Enter value for the authKeyID extension [y/N]? Enter value for the key identifier fields,enter to omit: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter value for the authCertSerial field, enter to omit: Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt6 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:24 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:04 2015 Not After : Wed Aug 19 06:48:04 2015 Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:36:ae:f8:0c:c7:c2:99:5e:70:4e:86:f9:aa:5c:02: d8:7d:0d:4e:28:0c:d4:16:05:41:68:10:c3:21:81:3b: c1:7c:7d:97:28:cc:a8:d0:e6:73:37:48:5f:15:22:d5: cb:b9:ed:5c:59:e1:37:a8:4e:e7:82:7b:a1:8b:6e:d4: 01:7d:b1:08:c9:ee:2c:a7:8f:62:73:c6:02:1d:0e:12: b9:4b:31:b6:fd:92:2b:d7:f5:8c:50:6f:93:b2:23:63: 65:f6:cd:6d:05:c0:a3:5a:5d:36:64:8c:2a:f7:77:9a: 71:e6:2d:9e:67:79:5c:f2:e4:9f:ba:cc:80:26:c0:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Critical: True Issuer: DNS name: "test.com" Serial Number: 214123 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:fb:32:b6:b3:01:3e:0e:31:52:1f:81:71:34:5f:76: 45:c2:10:56:0f:ba:6e:20:e4:53:91:ea:33:dc:f4:0b: ba:1a:00:93:20:32:50:43:68:ed:57:42:46:cf:86:6e: fc:f8:33:1a:f7:5f:6b:6a:50:8e:eb:81:a9:cc:be:a6: bb:d0:4f:5f:32:1b:3a:c4:e4:06:04:df:c3:2d:ab:98: 9f:e4:9d:d1:25:76:08:0f:02:4f:06:ab:44:6e:14:96: ef:31:93:27:b7:6b:0e:9d:0c:92:d7:d4:50:a2:c1:29: ce:92:71:e0:80:5d:b5:4b:a9:c8:01:65:8e:b0:58:d2 Fingerprint (SHA-256): 53:61:51:63:4F:A9:59:1A:67:D0:6F:E1:95:F7:68:16:03:3A:F2:90:D4:90:52:6F:24:CF:B4:4F:50:55:75:35 Fingerprint (SHA1): 72:89:A6:97:35:51:55:5E:BC:5B:86:FD:2B:6B:CD:15:A5:93:3E:56 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5216: Certificate Authority Key Identifier Extension (6) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 1 2 rfc822@name.tld 3 test.com 8 1.2.3.4 9 OID.0.2.213 10 0 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt7 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:2a Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:08 2015 Not After : Wed Aug 19 06:48:08 2015 Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a4:38:9d:e9:75:cc:87:fd:ff:97:27:c4:f2:9e:4b:de: fb:c5:72:b7:b4:d3:6e:a0:ac:d5:4c:f8:1d:92:f4:d9: b7:f9:2c:d5:76:59:65:1a:9c:f5:42:d1:be:79:03:6e: 99:86:6a:cb:f2:8f:b6:86:b7:3b:64:3d:48:c0:4a:8f: 42:c2:32:72:f9:9d:fd:4c:db:89:54:20:c1:cf:7f:1f: 39:1d:ae:0e:6b:87:e2:f0:3d:00:8f:de:38:26:93:f3: 19:d5:bc:d4:01:5b:91:19:d8:30:67:7a:71:ac:8a:e4: 9b:3f:33:ca:de:55:28:6e:81:b0:3a:07:b7:29:da:21 Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RFC822 Name: "rfc822@name.tld" DNS name: "test.com" IP Address: 87:07:31:2e:32:2e:33:2e:34 Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51 Reasons: 80 (7 least significant bits unused) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 66:bb:b9:4f:92:45:4f:c6:73:9c:b7:11:0e:b6:61:d2: 1c:79:b0:b1:60:d5:c0:ac:6c:9e:8b:31:bd:39:fb:80: a3:95:98:77:5e:29:82:af:99:1c:eb:9b:4b:78:06:99: 52:83:e1:e2:c0:b8:dd:9e:43:68:4a:5f:6b:fb:a3:46: cd:79:f9:b0:7d:b4:0c:18:86:8f:04:17:d2:d1:05:91: 40:c5:05:ad:93:bd:6d:a2:88:4e:6c:ee:76:46:9d:78: 06:4e:58:c3:8a:6a:3b:12:06:97:02:52:f2:f9:b1:dd: 58:92:c3:e3:f6:f7:83:16:0b:f8:93:e7:86:00:c8:35 Fingerprint (SHA-256): 8D:A9:33:E4:34:88:E4:C8:D9:A2:E0:E5:44:36:29:2F:64:E0:7B:AB:14:EE:96:56:F6:A2:DA:31:F4:82:71:93 Fingerprint (SHA1): E4:84:B8:CA:B4:BA:E8:2D:9B:2B:58:42:55:0D:02:21:61:F4:16:A3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5217: CRL Distribution Points Extension (7) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 2 SN=asdfsdf 4 3 test.com 10 n n Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Enter the relative name: Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Notice: Trust flag u is set automatically if the private key is present. Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt8 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:31 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:11 2015 Not After : Wed Aug 19 06:48:11 2015 Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c5:d7:fb:55:53:18:e2:2a:7b:b0:45:12:6e:7c:b8:f0: 61:6e:51:c9:db:d0:f8:f7:b4:d4:f0:8e:2d:06:be:91: 97:b3:b3:98:1e:cd:e1:bb:60:15:da:43:90:39:18:82: e5:cb:43:3b:2c:e8:14:20:fb:f3:3e:dc:0c:c6:f0:19: 3a:61:32:50:bd:51:30:60:4e:5c:ca:43:cc:df:4a:aa: ec:ca:e5:49:2e:7e:15:23:17:d0:8b:bb:b6:1a:cc:77: ea:26:b0:ba:5a:45:58:c5:07:96:9b:8c:3e:20:56:39: 1e:3b:60:f5:a7:ea:b6:e3:39:0e:de:97:6a:65:f9:2d Exponent: 65537 (0x10001) Signed Extensions: Name: CRL Distribution Points Distribution point: RDN: "SN=asdfsdf" Reasons: 08 (7 least significant bits unused) CRL issuer: DNS name: "test.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:14:ca:1a:b8:d3:d9:c5:b7:7a:9d:1a:eb:99:37:55: 97:30:e0:3b:e7:d8:25:60:2d:19:c4:b4:df:af:6e:af: 27:f0:1b:0a:f2:19:93:09:e3:6d:ff:70:a1:e9:8f:d4: 81:9e:8f:e3:f2:ab:fc:e1:9f:2e:fc:a1:a0:d8:7b:38: b1:67:36:7d:e4:1b:c3:f1:88:6f:e4:3d:2c:e7:15:cc: a1:bc:5e:41:fa:cf:a8:e8:32:83:a2:60:a3:c4:99:a1: ff:f3:bb:8a:44:a5:84:26:83:e0:ba:c7:74:8f:87:a9: 43:1d:e3:ac:9f:58:dd:c4:b2:fb:d4:87:02:9a:ce:ed Fingerprint (SHA-256): 9A:7D:0C:B4:B3:CA:93:5D:F5:4B:94:CC:61:21:4F:27:1B:87:41:76:AE:B2:2B:0A:11:21:38:10:80:2D:9A:38 Fingerprint (SHA1): 54:B6:9B:4D:DF:B4:67:2D:97:31:A1:BC:22:D9:2A:3E:32:92:9D:38 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5218: CRL Distribution Points Extension (8) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 10 n Generating key. This may take a few moments... 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt9 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:37 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View ,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:13 2015 Not After : Wed Aug 19 06:48:13 2015 Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie w,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:e4:fa:b1:dc:0a:fb:e3:ea:0e:32:05:5d:ca:42:92: 87:18:98:56:2e:d7:de:37:2d:89:5f:ef:9c:ca:9c:66: dc:af:c9:b2:c4:f5:59:49:e1:43:e0:18:6e:65:e5:d1: 3a:e6:98:58:0a:37:fd:62:4e:ea:e1:23:c1:b1:33:c3: f5:b2:e0:9b:ba:71:b9:59:ab:42:28:a8:a7:6a:c6:9b: d0:92:ea:c7:e9:c2:1b:aa:39:d8:7c:5a:cb:60:1b:0c: 05:24:01:38:c6:a6:12:97:90:2d:06:55:b2:34:22:85: 03:6b:29:f0:ad:c1:63:0f:7a:d9:6f:10:1d:44:9e:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bf:3d:db:70:4d:54:0f:ab:e8:b8:f6:d2:c4:82:43:6d: e7:a5:91:3c:73:f0:31:c6:24:c6:a8:22:8e:c9:ae:36: d1:8d:ea:be:dc:f8:91:92:2e:83:e2:8a:f4:d9:e9:50: c3:1c:17:b0:94:6f:34:ea:9b:62:e1:17:ed:48:99:d4: 83:91:eb:cc:3d:1d:05:c2:b1:ba:88:ab:eb:a4:c4:59: 73:cc:90:c7:2c:09:97:6d:99:dc:07:ca:d0:43:2f:25: ec:80:c8:a1:f8:92:24:d8:0f:d0:77:a1:3c:73:f8:27: 2c:30:33:f9:7b:f4:4f:bb:d3:fa:5b:6d:bc:2a:73:36 Fingerprint (SHA-256): 33:72:87:5F:F2:3F:EF:A4:C8:E3:3A:93:35:3C:51:F1:48:4A:70:91:2E:04:83:11:34:52:07:B0:5A:8C:5F:C7 Fingerprint (SHA1): 1D:2B:43:C4:88:76:ED:8A:95:86:5E:E3:55:5E:19:9D:65:D8:23:84 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5219: Certificate Type Extension (9) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 0 1 2 3 4 5 6 10 y Generating key. This may take a few moments... 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > 0 - Server Auth 1 - Client Auth 2 - Code Signing 3 - Email Protection 4 - Timestamp 5 - OCSP Responder 6 - Step-up 7 - Microsoft Trust List Signing Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt10 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:3c Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:17 2015 Not After : Wed Aug 19 06:48:17 2015 Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:75:9e:59:f8:8a:fd:b8:99:8a:25:d3:b3:4a:a2:20: 7c:6b:7f:f3:ba:b0:a7:c9:7a:25:ec:b5:d0:00:10:86: 55:f9:97:a9:12:18:a6:09:c3:92:ae:13:e2:d2:95:78: 47:01:66:22:ca:18:8d:60:bc:fa:ac:c2:b2:82:3d:e6: be:60:84:e9:b8:7a:1a:c3:1a:c7:3f:bf:26:d1:87:c3: 75:19:d3:75:68:7b:fd:9c:bf:c9:73:96:97:42:a3:25: d3:78:18:8d:86:7c:74:69:d8:c6:66:ce:4f:2b:0c:45: e5:58:92:61:ed:9c:83:09:54:60:39:d7:f0:f0:45:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Extended Key Usage Critical: True TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Code Signing Certificate E-Mail Protection Certificate Time Stamping Certifcate OCSP Responder Certificate Strong Crypto Export Approved Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 22:f9:42:8b:48:df:43:9d:87:7e:af:a3:f1:98:31:12: 1f:5f:fb:0c:c4:cc:96:cf:1e:7d:2a:6f:4a:fb:34:ca: 5c:ce:79:23:89:27:8a:57:53:ae:16:63:74:e4:eb:69: 8d:a8:85:2b:32:ed:bf:e4:0a:5e:65:4e:74:fe:5c:45: e0:dc:12:ae:0a:ff:1f:a5:0d:42:4a:0f:60:e1:37:84: 5b:07:0e:85:e7:e5:42:1d:94:ea:08:03:2e:8b:1c:ff: 78:f9:d6:c1:c7:62:28:31:e5:47:b5:c8:b6:b0:08:e5: 2c:c2:b5:83:44:63:65:4f:2a:7d:48:0b:32:70:32:2d Fingerprint (SHA-256): B0:11:07:07:95:7A:9E:05:94:7E:BD:76:96:40:B8:60:EA:88:2A:46:5C:40:CF:27:C5:44:1C:38:80:8B:97:86 Fingerprint (SHA1): 66:C9:D8:65:54:4C:C9:8D:6B:A7:3B:AF:4C:2F:3C:95:EB:12:DD:53 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5220: Extended Key Usage Extension (10) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/test.args certutil options: 1 2 3 4 5 6 10 n Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt11 Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:43 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi ew,ST=California,C=US" Validity: Not Before: Tue May 19 06:48:20 2015 Not After : Wed Aug 19 06:48:20 2015 Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V iew,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:a9:19:0b:e8:4c:a7:10:84:72:bc:94:e7:f3:78:9d: e6:a8:97:5a:ff:9e:65:bb:c4:2c:62:fa:21:83:a1:fe: 03:54:dc:3c:49:f6:30:84:9a:50:9f:5c:a5:0f:f1:59: f1:ff:a6:cf:a7:cd:0b:66:72:8d:90:23:08:0a:62:2a: 77:43:fb:ba:93:b6:64:d7:bb:a3:bb:c6:d8:8f:99:02: 95:ea:3b:9c:60:e9:a3:3d:1c:ab:83:8d:b8:56:bb:34: c9:d8:9d:95:40:2c:7a:9d:26:7c:05:66:7d:7b:81:7f: da:22:10:ff:a2:36:3c:67:24:28:2b:20:5b:0d:1a:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Key Usage Usages: Non-Repudiation Key Encipherment Data Encipherment Key Agreement Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ad:26:20:57:3f:4e:34:98:d0:05:51:68:a9:0d:ee:09: 67:a7:e4:ef:f2:30:45:f3:34:82:2a:4b:46:da:89:19: 06:02:40:f6:4a:96:d8:a6:bb:9f:e2:30:51:67:6d:bb: fb:53:46:a2:62:66:34:2c:49:29:ff:2e:56:ef:59:c3: 0e:03:ba:5a:fd:4c:64:e8:dd:a6:03:e1:ed:40:7b:b8: 5f:8c:05:84:a1:4f:8a:0a:4b:36:72:b5:4d:06:68:ef: c0:6a:ad:e9:f6:17:9c:55:ae:36:f7:0e:f3:09:7c:7c: fe:f9:e3:78:21:26:73:50:25:c4:88:71:ed:16:7a:ba Fingerprint (SHA-256): 44:59:5D:B3:B4:0D:D3:45:CB:7D:A4:31:C7:1C:87:15:29:E5:44:FD:43:F6:3B:35:23:4F:31:77:A9:E6:7E:46 Fingerprint (SHA1): E1:7A:B2:42:65:25:65:04:FF:F8:31:3C:D6:A9:D2:8E:91:DA:AB:1A Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5221: Certificate Key Usage Extension (11) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #5222: create cert with invalid SAN parameter (12) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com Generating key. This may take a few moments... certutil: Problem creating SubjectAltName extension: error 0: Success certutil: unable to create cert (Success) cert.sh: #5223: create cert with invalid SAN parameter (13) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com Generating key. This may take a few moments... cert.sh: #5224: create cert with valid SAN parameter (14) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:51 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 06:48:28 2015 Not After : Wed Aug 19 06:48:28 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:39:ab:08:a8:9e:e8:b5:c4:37:fb:60:12:f9:df:83: 3f:9b:cc:69:bf:90:56:ac:23:bd:bd:51:a1:f9:88:5f: 7e:22:29:80:f4:92:6a:01:76:3a:69:f0:17:52:a6:ba: 5e:4b:18:14:8d:72:68:cc:09:b9:45:68:ce:d1:25:ca: 32:f8:5a:38:c1:7b:86:13:6b:e0:cb:d1:d3:ca:2b:1d: d4:ce:b4:f5:8e:82:26:78:54:0c:8f:27:20:bf:b6:30: c9:43:27:e1:3f:a8:b6:28:44:08:5d:16:ed:68:cf:a0: 77:d1:8d:b9:26:f4:8f:54:83:30:13:8e:71:dc:46:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b9:7c:90:8d:a9:3e:a5:d5:15:1a:5d:36:b2:5f:9e:bd: 26:0a:40:eb:a4:f3:a8:4b:3e:47:a6:d3:23:2a:21:24: da:7d:03:ac:bc:60:f6:34:83:44:c3:90:77:de:ff:69: 92:8c:5e:dd:d1:9d:00:1a:f0:ad:f5:07:df:5b:a3:36: b3:3a:58:9b:e7:6a:23:64:1a:f3:14:d5:82:6e:86:cd: 4e:3a:7d:bb:b0:d0:0a:9c:e3:af:8f:64:6d:5e:0f:b5: 2b:c8:95:53:59:8d:a9:f1:8a:9c:4d:f1:df:bf:a8:4b: 6b:63:a5:a8:c8:fa:54:f0:55:24:99:70:79:3c:36:56 Fingerprint (SHA-256): 42:E9:E7:11:AF:53:E0:C2:EA:7D:80:5F:5D:E1:E0:36:73:E4:61:8C:7E:2A:14:7A:EC:B4:DB:D6:B2:AB:CE:C4 Fingerprint (SHA1): 3A:B6:2E:C6:C2:E1:D3:FF:A8:9B:A6:A2:28:5C:6E:86:5C:FE:DE:CB Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5225: create cert with valid SAN parameter (15) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17 writing output to /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der cert.sh: #5226: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der (16) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #5227: create cert with valid SAN parameter (17) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #5228: expect failure to list cert, because we deleted it (18) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5229: create cert with invalid generic ext parameter (19) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5230: create cert with invalid generic ext parameter (20) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success cert.sh: #5231: create cert with invalid generic ext parameter (21) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der Generating key. This may take a few moments... cert.sh: #5232: create cert with valid generic ext parameter (22) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN Certificate: Data: Version: 3 (0x2) Serial Number: 00:a2:cd:36:66 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=example.com" Validity: Not Before: Tue May 19 06:48:40 2015 Not After : Wed Aug 19 06:48:40 2015 Subject: "CN=example.com" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ce:cd:3a:5e:5a:c8:3f:a8:6b:52:2f:08:c4:0a:a2:d5: 5a:e8:90:11:59:17:fc:db:27:38:f5:36:d7:a0:04:a9: f9:de:ca:3f:04:83:08:d1:20:39:79:eb:b7:56:1c:b6: 84:8f:ab:50:57:ec:de:23:1c:0b:b3:71:96:12:50:9d: 0d:bc:c8:55:f3:a2:fb:b2:bd:bf:cd:61:f6:e7:87:f4: 6f:63:6a:b2:d7:df:1b:df:54:9f:f8:17:31:df:c1:e6: 44:92:68:82:9e:69:70:8d:1c:2e:21:93:09:79:e8:dd: 7f:7e:97:29:af:82:44:8d:7a:87:49:2c:7a:d8:a7:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Alt Name DNS name: "example.com" DNS name: "www.example.com" Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c0:e6:f9:17:d8:f8:75:27:e4:0e:13:71:f6:cf:e1:65: 32:e3:c8:38:51:b2:09:60:1f:14:9f:74:90:d4:b0:f0: 99:20:05:03:bf:8a:20:b2:25:6c:b6:46:a0:55:d5:f5: f5:5f:22:cb:40:2d:32:5d:4a:1b:0f:b6:93:7b:af:91: 66:d5:2b:e8:35:3b:cb:5c:6c:b2:7b:a7:b4:3b:24:10: 70:b6:ee:b0:80:2c:f4:e3:bb:3e:9c:a1:6e:6f:d7:3e: 12:65:7f:69:00:a2:11:10:8d:fd:12:58:d3:6a:e0:2f: 8a:b7:24:d8:75:5e:b2:65:ec:32:36:3d:01:eb:01:c5 Fingerprint (SHA-256): 05:35:1C:7C:69:C9:AF:B6:5F:67:FC:01:6E:70:86:F7:E5:E3:FC:8D:79:C9:1A:EB:3D:CA:B1:BD:A8:C4:0A:60 Fingerprint (SHA1): 62:93:9F:66:18:04:0F:2E:FF:82:FB:B3:F4:07:05:CD:09:88:B2:30 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User cert.sh: #5233: create cert with valid generic ext parameter (23) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN cert.sh: #5234: create cert with valid generic ext parameter (24) - PASSED certutil -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found certutil: Could not find cert: WithSAN : PR_FILE_NOT_FOUND_ERROR: File not found cert.sh: #5235: expect failure to list cert, because we deleted it (25) - PASSED cert.sh: Create A Password Test Cert ============== cert.sh: Create A Password Test Ca -------- cert.sh: Creating a CA Certificate PasswordCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass cert.sh: Creating CA Cert DB -------------------------- certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw cert.sh: #5236: Creating CA Cert DB - PASSED cert.sh: Loading root cert module to CA Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5237: Loading root cert module to CA Cert DB - PASSED cert.sh: Certificate initialized ---------- cert.sh: Creating CA Cert PasswordCA -------------------------- certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? cert.sh: #5238: Creating CA Cert PasswordCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -o root.cert cert.sh: #5239: Exporting Root Cert - PASSED cert.sh: Changing password on Password Test Cert's Cert DB -------------------------- certutil -W -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw -@ ../tests.fipspw Password changed successfully. cert.sh: #5240: Changing password on Password Test Cert's Cert DB - PASSED cert.sh: Generate Certificate for Password Test Cert with new password -------------------------- certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw -z ../tests_noise Generating key. This may take a few moments... Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5241: Generate Certificate for Password Test Cert with new password - PASSED cert.sh SUCCESS: PASSWORD passed cert.sh: Verify Certificate for Password Test Cert with new password -------------------------- certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw certutil: certificate is valid cert.sh: #5242: Verify Certificate for Password Test Cert with new password - PASSED cert.sh: Creating Distrusted Certificate cert.sh: Initializing Distrusted's Cert DB -------------------------- certutil -N -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw cert.sh: #5243: Initializing Distrusted's Cert DB - PASSED cert.sh: Loading root cert module to Distrusted's Cert DB -------------------------- modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q ' to abort, or to continue: Module "RootCerts" added to database. cert.sh: #5244: Loading root cert module to Distrusted's Cert DB - PASSED cert.sh: Import Root CA for Distrusted -------------------------- certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA.ca.cert cert.sh: #5245: Import Root CA for Distrusted - PASSED cert.sh: Import EC Root CA for Distrusted -------------------------- certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA-ec.ca.cert cert.sh: #5246: Import EC Root CA for Distrusted - PASSED cert.sh: Generate Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5247: Generate Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's Request -------------------------- certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw cert.sh: #5248: Sign Distrusted's Request - PASSED cert.sh: Import Distrusted's Cert -------------------------- certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5249: Import Distrusted's Cert - PASSED cert.sh SUCCESS: Distrusted's Cert Created cert.sh: Generate EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5250: Generate EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request -------------------------- certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw cert.sh: #5251: Sign Distrusted's EC Request - PASSED cert.sh: Import Distrusted's EC Cert -------------------------- certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5252: Import Distrusted's EC Cert - PASSED cert.sh SUCCESS: Distrusted's EC Cert Created cert.sh: Generate mixed EC Cert Request for Distrusted -------------------------- certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5253: Generate mixed EC Cert Request for Distrusted - PASSED cert.sh: Sign Distrusted's EC Request with RSA -------------------------- certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw cert.sh: #5254: Sign Distrusted's EC Request with RSA - PASSED cert.sh: Import Distrusted's mixed EC Cert -------------------------- certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5255: Import Distrusted's mixed EC Cert - PASSED cert.sh SUCCESS: Distrusted's mixed EC Cert Created cert.sh: Mark CERT as unstrusted -------------------------- certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw cert.sh: #5256: Mark CERT as unstrusted - PASSED cert.sh: Creating Distrusted Intermediate cert.sh: Creating a CA Certificate DistrustedCA ========================== /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA cert.sh: Creating CA Cert DistrustedCA -------------------------- certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010 Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Is this a critical extension [y/N]? cert.sh: #5257: Creating CA Cert DistrustedCA - PASSED cert.sh: Exporting Root Cert -------------------------- certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -o root.cert cert.sh: #5258: Exporting Root Cert - PASSED cert.sh: Import Distrusted Intermediate -------------------------- certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -i ../CA/DistrustedCA.ca.cert cert.sh: #5259: Import Distrusted Intermediate - PASSED cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA -------------------------- certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5260: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED cp: './req' and '/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA/req' are the same file cert.sh: Sign LeafChainedToDistrustedCA's Request -------------------------- certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw cert.sh: #5261: Sign LeafChainedToDistrustedCA's Request - PASSED cert.sh: Import LeafChainedToDistrustedCA's Cert -t u,u,u -------------------------- certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5262: Import LeafChainedToDistrustedCA's Cert -t u,u,u - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server -------------------------- certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5263: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client -------------------------- certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5264: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5265: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient -------------------------- certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user. cert.sh: #5266: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder -------------------------- certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5267: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer -------------------------- certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5268: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED cert.sh: Verify Distrusted Cert for SSL Server -------------------------- certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5269: Verify Distrusted Cert for SSL Server - PASSED cert.sh: Verify Distrusted Cert for SSL Client -------------------------- certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5270: Verify Distrusted Cert for SSL Client - PASSED cert.sh: Verify Distrusted Cert for Email signer -------------------------- certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5271: Verify Distrusted Cert for Email signer - PASSED cert.sh: Verify Distrusted Cert for Email recipient -------------------------- certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5272: Verify Distrusted Cert for Email recipient - PASSED cert.sh: Verify Distrusted Cert for OCSP responder -------------------------- certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Certificate type not approved for application. cert.sh: #5273: Verify Distrusted Cert for OCSP responder - PASSED cert.sh: Verify Distrusted Cert for Object Signer -------------------------- certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user. cert.sh: #5274: Verify Distrusted Cert for Object Signer - PASSED cert.sh: OCSP response creation selftest cert.sh: perform selftest -------------------------- ocspresp /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/serverCA serverCA chain-1-serverCA -f ../tests.pw cert.sh: #5275: perform selftest - PASSED cert.sh: Creating Client CA Issued Certificates Range 40 - 52 === cert.sh: Generate Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5276: Generate Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's Request -------------------------- certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw cert.sh: #5277: Sign TestUser40's Request - PASSED cert.sh: Import TestUser40's Cert -------------------------- certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5278: Import TestUser40's Cert - PASSED cert.sh SUCCESS: TestUser40's Cert Created cert.sh: Generate EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5279: Generate EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request -------------------------- certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw cert.sh: #5280: Sign TestUser40's EC Request - PASSED cert.sh: Import TestUser40's EC Cert -------------------------- certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5281: Import TestUser40's EC Cert - PASSED cert.sh SUCCESS: TestUser40's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser40 -------------------------- certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5282: Generate mixed EC Cert Request for TestUser40 - PASSED cert.sh: Sign TestUser40's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw cert.sh: #5283: Sign TestUser40's EC Request with RSA - PASSED cert.sh: Import TestUser40's mixed EC Cert -------------------------- certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5284: Import TestUser40's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser40's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5285: Generate Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's Request -------------------------- certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw cert.sh: #5286: Sign TestUser41's Request - PASSED cert.sh: Import TestUser41's Cert -------------------------- certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5287: Import TestUser41's Cert - PASSED cert.sh SUCCESS: TestUser41's Cert Created cert.sh: Generate EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5288: Generate EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request -------------------------- certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw cert.sh: #5289: Sign TestUser41's EC Request - PASSED cert.sh: Import TestUser41's EC Cert -------------------------- certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5290: Import TestUser41's EC Cert - PASSED cert.sh SUCCESS: TestUser41's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser41 -------------------------- certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5291: Generate mixed EC Cert Request for TestUser41 - PASSED cert.sh: Sign TestUser41's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw cert.sh: #5292: Sign TestUser41's EC Request with RSA - PASSED cert.sh: Import TestUser41's mixed EC Cert -------------------------- certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5293: Import TestUser41's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser41's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5294: Generate Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's Request -------------------------- certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw cert.sh: #5295: Sign TestUser42's Request - PASSED cert.sh: Import TestUser42's Cert -------------------------- certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5296: Import TestUser42's Cert - PASSED cert.sh SUCCESS: TestUser42's Cert Created cert.sh: Generate EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5297: Generate EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request -------------------------- certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw cert.sh: #5298: Sign TestUser42's EC Request - PASSED cert.sh: Import TestUser42's EC Cert -------------------------- certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5299: Import TestUser42's EC Cert - PASSED cert.sh SUCCESS: TestUser42's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser42 -------------------------- certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5300: Generate mixed EC Cert Request for TestUser42 - PASSED cert.sh: Sign TestUser42's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw cert.sh: #5301: Sign TestUser42's EC Request with RSA - PASSED cert.sh: Import TestUser42's mixed EC Cert -------------------------- certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5302: Import TestUser42's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser42's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5303: Generate Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's Request -------------------------- certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw cert.sh: #5304: Sign TestUser43's Request - PASSED cert.sh: Import TestUser43's Cert -------------------------- certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5305: Import TestUser43's Cert - PASSED cert.sh SUCCESS: TestUser43's Cert Created cert.sh: Generate EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5306: Generate EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request -------------------------- certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw cert.sh: #5307: Sign TestUser43's EC Request - PASSED cert.sh: Import TestUser43's EC Cert -------------------------- certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5308: Import TestUser43's EC Cert - PASSED cert.sh SUCCESS: TestUser43's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser43 -------------------------- certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5309: Generate mixed EC Cert Request for TestUser43 - PASSED cert.sh: Sign TestUser43's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw cert.sh: #5310: Sign TestUser43's EC Request with RSA - PASSED cert.sh: Import TestUser43's mixed EC Cert -------------------------- certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5311: Import TestUser43's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser43's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5312: Generate Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's Request -------------------------- certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw cert.sh: #5313: Sign TestUser44's Request - PASSED cert.sh: Import TestUser44's Cert -------------------------- certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5314: Import TestUser44's Cert - PASSED cert.sh SUCCESS: TestUser44's Cert Created cert.sh: Generate EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5315: Generate EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request -------------------------- certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw cert.sh: #5316: Sign TestUser44's EC Request - PASSED cert.sh: Import TestUser44's EC Cert -------------------------- certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5317: Import TestUser44's EC Cert - PASSED cert.sh SUCCESS: TestUser44's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser44 -------------------------- certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5318: Generate mixed EC Cert Request for TestUser44 - PASSED cert.sh: Sign TestUser44's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw cert.sh: #5319: Sign TestUser44's EC Request with RSA - PASSED cert.sh: Import TestUser44's mixed EC Cert -------------------------- certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5320: Import TestUser44's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser44's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5321: Generate Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's Request -------------------------- certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw cert.sh: #5322: Sign TestUser45's Request - PASSED cert.sh: Import TestUser45's Cert -------------------------- certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5323: Import TestUser45's Cert - PASSED cert.sh SUCCESS: TestUser45's Cert Created cert.sh: Generate EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5324: Generate EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request -------------------------- certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw cert.sh: #5325: Sign TestUser45's EC Request - PASSED cert.sh: Import TestUser45's EC Cert -------------------------- certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5326: Import TestUser45's EC Cert - PASSED cert.sh SUCCESS: TestUser45's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser45 -------------------------- certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5327: Generate mixed EC Cert Request for TestUser45 - PASSED cert.sh: Sign TestUser45's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw cert.sh: #5328: Sign TestUser45's EC Request with RSA - PASSED cert.sh: Import TestUser45's mixed EC Cert -------------------------- certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5329: Import TestUser45's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser45's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5330: Generate Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's Request -------------------------- certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw cert.sh: #5331: Sign TestUser46's Request - PASSED cert.sh: Import TestUser46's Cert -------------------------- certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5332: Import TestUser46's Cert - PASSED cert.sh SUCCESS: TestUser46's Cert Created cert.sh: Generate EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5333: Generate EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request -------------------------- certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw cert.sh: #5334: Sign TestUser46's EC Request - PASSED cert.sh: Import TestUser46's EC Cert -------------------------- certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5335: Import TestUser46's EC Cert - PASSED cert.sh SUCCESS: TestUser46's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser46 -------------------------- certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5336: Generate mixed EC Cert Request for TestUser46 - PASSED cert.sh: Sign TestUser46's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw cert.sh: #5337: Sign TestUser46's EC Request with RSA - PASSED cert.sh: Import TestUser46's mixed EC Cert -------------------------- certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5338: Import TestUser46's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser46's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5339: Generate Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's Request -------------------------- certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw cert.sh: #5340: Sign TestUser47's Request - PASSED cert.sh: Import TestUser47's Cert -------------------------- certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5341: Import TestUser47's Cert - PASSED cert.sh SUCCESS: TestUser47's Cert Created cert.sh: Generate EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5342: Generate EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request -------------------------- certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw cert.sh: #5343: Sign TestUser47's EC Request - PASSED cert.sh: Import TestUser47's EC Cert -------------------------- certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5344: Import TestUser47's EC Cert - PASSED cert.sh SUCCESS: TestUser47's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser47 -------------------------- certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5345: Generate mixed EC Cert Request for TestUser47 - PASSED cert.sh: Sign TestUser47's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw cert.sh: #5346: Sign TestUser47's EC Request with RSA - PASSED cert.sh: Import TestUser47's mixed EC Cert -------------------------- certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5347: Import TestUser47's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser47's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5348: Generate Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's Request -------------------------- certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw cert.sh: #5349: Sign TestUser48's Request - PASSED cert.sh: Import TestUser48's Cert -------------------------- certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5350: Import TestUser48's Cert - PASSED cert.sh SUCCESS: TestUser48's Cert Created cert.sh: Generate EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5351: Generate EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request -------------------------- certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw cert.sh: #5352: Sign TestUser48's EC Request - PASSED cert.sh: Import TestUser48's EC Cert -------------------------- certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5353: Import TestUser48's EC Cert - PASSED cert.sh SUCCESS: TestUser48's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser48 -------------------------- certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5354: Generate mixed EC Cert Request for TestUser48 - PASSED cert.sh: Sign TestUser48's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw cert.sh: #5355: Sign TestUser48's EC Request with RSA - PASSED cert.sh: Import TestUser48's mixed EC Cert -------------------------- certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5356: Import TestUser48's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser48's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5357: Generate Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's Request -------------------------- certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw cert.sh: #5358: Sign TestUser49's Request - PASSED cert.sh: Import TestUser49's Cert -------------------------- certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5359: Import TestUser49's Cert - PASSED cert.sh SUCCESS: TestUser49's Cert Created cert.sh: Generate EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5360: Generate EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request -------------------------- certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw cert.sh: #5361: Sign TestUser49's EC Request - PASSED cert.sh: Import TestUser49's EC Cert -------------------------- certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5362: Import TestUser49's EC Cert - PASSED cert.sh SUCCESS: TestUser49's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser49 -------------------------- certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5363: Generate mixed EC Cert Request for TestUser49 - PASSED cert.sh: Sign TestUser49's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw cert.sh: #5364: Sign TestUser49's EC Request with RSA - PASSED cert.sh: Import TestUser49's mixed EC Cert -------------------------- certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5365: Import TestUser49's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser49's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5366: Generate Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's Request -------------------------- certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw cert.sh: #5367: Sign TestUser50's Request - PASSED cert.sh: Import TestUser50's Cert -------------------------- certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5368: Import TestUser50's Cert - PASSED cert.sh SUCCESS: TestUser50's Cert Created cert.sh: Generate EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5369: Generate EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request -------------------------- certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw cert.sh: #5370: Sign TestUser50's EC Request - PASSED cert.sh: Import TestUser50's EC Cert -------------------------- certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5371: Import TestUser50's EC Cert - PASSED cert.sh SUCCESS: TestUser50's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser50 -------------------------- certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5372: Generate mixed EC Cert Request for TestUser50 - PASSED cert.sh: Sign TestUser50's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw cert.sh: #5373: Sign TestUser50's EC Request with RSA - PASSED cert.sh: Import TestUser50's mixed EC Cert -------------------------- certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5374: Import TestUser50's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser50's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5375: Generate Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's Request -------------------------- certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw cert.sh: #5376: Sign TestUser51's Request - PASSED cert.sh: Import TestUser51's Cert -------------------------- certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5377: Import TestUser51's Cert - PASSED cert.sh SUCCESS: TestUser51's Cert Created cert.sh: Generate EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5378: Generate EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request -------------------------- certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw cert.sh: #5379: Sign TestUser51's EC Request - PASSED cert.sh: Import TestUser51's EC Cert -------------------------- certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5380: Import TestUser51's EC Cert - PASSED cert.sh SUCCESS: TestUser51's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser51 -------------------------- certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5381: Generate mixed EC Cert Request for TestUser51 - PASSED cert.sh: Sign TestUser51's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw cert.sh: #5382: Sign TestUser51's EC Request with RSA - PASSED cert.sh: Import TestUser51's mixed EC Cert -------------------------- certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5383: Import TestUser51's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser51's mixed EC Cert Created cert.sh: Generate Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5384: Generate Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's Request -------------------------- certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw cert.sh: #5385: Sign TestUser52's Request - PASSED cert.sh: Import TestUser52's Cert -------------------------- certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5386: Import TestUser52's Cert - PASSED cert.sh SUCCESS: TestUser52's Cert Created cert.sh: Generate EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5387: Generate EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request -------------------------- certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw cert.sh: #5388: Sign TestUser52's EC Request - PASSED cert.sh: Import TestUser52's EC Cert -------------------------- certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ec.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5389: Import TestUser52's EC Cert - PASSED cert.sh SUCCESS: TestUser52's EC Cert Created cert.sh: Generate mixed EC Cert Request for TestUser52 -------------------------- certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req Generating key. This may take a few moments... cert.sh: #5390: Generate mixed EC Cert Request for TestUser52 - PASSED cert.sh: Sign TestUser52's EC Request with RSA -------------------------- certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw cert.sh: #5391: Sign TestUser52's EC Request with RSA - PASSED cert.sh: Import TestUser52's mixed EC Cert -------------------------- certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ecmixed.cert Notice: Trust flag u is set automatically if the private key is present. cert.sh: #5392: Import TestUser52's mixed EC Cert - PASSED cert.sh SUCCESS: TestUser52's mixed EC Cert Created cert.sh: Creating CA CRL ===================================== cert.sh: Generating CRL for range 40-42 TestCA authority -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or cert.sh: #5393: Generating CRL for range 40-42 TestCA authority - PASSED cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority -------------------------- crlutil -q -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec cert.sh: #5394: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED cert.sh: Modifying CA CRL by adding one more cert ============ cert.sh: Modify CRL by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or cert.sh: #5395: Modify CRL by adding one more cert - PASSED cert.sh: Modify CRL (ECC) by adding one more cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec cert.sh: #5396: Modify CRL (ECC) by adding one more cert - PASSED cert.sh: Modifying CA CRL by removing one cert =============== cert.sh: Modify CRL by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1 cert.sh: #5397: Modify CRL by removing one cert - PASSED cert.sh: Modify CRL (ECC) by removing one cert -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec cert.sh: #5398: Modify CRL (ECC) by removing one cert - PASSED cert.sh: Creating CA CRL for groups 1 and 2 =============== cert.sh: Creating CRL for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42 cert.sh: #5399: Creating CRL for groups 1 and 2 - PASSED cert.sh: Creating CRL (ECC) for groups 1 and 2 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec cert.sh: #5400: Creating CRL (ECC) for groups 1 and 2 - PASSED cert.sh: Creating CA CRL for groups 1, 2 and 3 =============== cert.sh: Creating CRL for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48 cert.sh: #5401: Creating CRL for groups 1, 2 and 3 - PASSED cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 -------------------------- crlutil -q -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec cert.sh: #5402: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED cert.sh: Importing Server CA Issued CRL for certs trough 52 cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -D -n TestCA -f ../tests.pw -d ../server crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #5403: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server cert.sh: #5404: Importing CRL for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found. cert.sh: #5405: Importing CRL (ECC) for groups 1 - PASSED cert.sh: Importing CRL (ECC) for groups 1 -------------------------- crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server cert.sh: #5406: Importing CRL (ECC) for groups 1 - PASSED cert.sh SUCCESS: SSL CRL prep passed cert.sh cert.sh: finished cert.sh TIMESTAMP cert END: Tue May 19 02:51:20 EDT 2015 Running tests for dbtests TIMESTAMP dbtests BEGIN: Tue May 19 02:51:20 EDT 2015 ./dbtests.sh: line 173: syntax error near unexpected token `then' ./dbtests.sh: line 173: ` if [[ $EUID -ne 0 ]] then' TIMESTAMP dbtests END: Tue May 19 02:51:20 EDT 2015 Running tests for tools TIMESTAMP tools BEGIN: Tue May 19 02:51:20 EDT 2015 tools.sh: Tools Tests with ECC =============================== tools.sh: Exporting Alice's email cert & key - default ciphers tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5407: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: e6:6d:5f:9f:f8:14:2d:e2:ab:dc:b5:7b:d7:8b:5b:85 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5408: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5409: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's email EC cert & key--------------- pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \ -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5410: Exporting Alice's email EC cert & key (pk12util -o) - PASSED tools.sh: Importing Alice's email EC cert & key -------------- pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5411: Importing Alice's email EC cert & key (pk12util -i) - PASSED tools.sh: Listing Alice's pk12 EC file ----------------- pk12util -l Alice-ec.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice-ec Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 49:71:7d:5f:50:c4:76:cb:01:5d:22:a5:95:22:b6:b2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 06:45:20 2015 Not After : Tue May 19 06:45:20 2065 Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor nia,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:4f:7e:c8:77:aa:35:1e:32:fc:fa:05:e4:65:01: 70:df:32:82:e9:c9:12:8f:ad:17:7e:13:96:79:9e:3c: ac:51:6c:5b:28:32:7e:4e:86:1e:e4:21:99:cc:ce:3f: 3b:a2:ba:a1:71:cf:76:b8:d0:54:ec:43:d9:3f:fb:c2: b9:a6:fd:00:a9:5b:36:c8:3a:4f:23:69:8c:90:91:0d: da:ef:bd:7e:c2:b8:cf:e4:db:d3:b5:c9:a6:de:20:0a: c5:a0:92:67:bd:ed:55:0a:53:3a:9f:56:81:f8:b5:3b: 8e:c4:30:cb:6e:59:6c:9a:b0:c0:39:73:12:df:9e:13: 58:03:b7:bd:fe Curve: SECG elliptic curve secp521r1 (aka NIST P-521) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:41:76:78:f7:4d:38:9b:90:6c:1f:c3:8a: 34:3d:d6:ee:f1:3f:0d:aa:22:2e:f3:56:e8:01:4d:52: 02:23:1e:53:e8:cb:7d:16:11:8d:ae:49:d6:7b:63:f3: 6d:ed:7e:8d:4a:ea:e9:19:9f:c4:d4:6f:2c:98:49:ee: b5:00:02:52:ae:0d:02:42:00:c4:12:fb:65:5c:10:c3: 97:6a:dd:47:3c:21:73:e7:5a:21:4e:67:fb:be:e8:ac: f5:96:37:96:4b:57:29:8a:b4:b7:e2:c4:42:c1:69:cd: 63:79:4e:78:7c:e5:48:e5:65:8a:60:d9:75:0f:12:73: 2d:ef:cf:a8:b7:ab:0c:3a:40:a1 Fingerprint (SHA-256): BC:1E:57:7C:6A:61:0C:FE:48:AC:96:64:45:2A:70:66:8C:FA:73:5D:D4:ED:BD:B4:EE:A2:A5:1C:D4:4A:14:FC Fingerprint (SHA1): B5:E5:57:5D:3F:AF:52:CF:E7:0A:1F:65:73:A3:7E:F6:C9:51:C6:ED Friendly Name: TestCA-ec Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ ia,C=US" Validity: Not Before: Tue May 19 06:46:42 2015 Not After : Tue May 19 06:46:42 2020 Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:22 EC Public Key: PublicValue: 04:fe:43:0a:85:1f:b1:1c:b7:31:55:c3:1c:82:41:ba: 60:bc:89:54:bf:ab:bf:f0:1c:8b:8d:28:b5:87:3c:8f: b1:96:b5:e3:27:c1:9a:e0:74:8b:63:c5:d8:83:d3:25: 3f:2f:ab:59:54:5a:fc:af:25:49:3e:d8:a3:3f:8f:f3: 7f:67:f6:16:0d:7b:d0:cb:4e:0c:fe:a1:f6:12:7c:e7: ee:b4:9c:ea:ec:a8:6e:6a:b4:20:0b:e7:87:fc:aa:a9: eb Curve: SECG elliptic curve secp384r1 (aka NIST P-384) Signature Algorithm: X9.62 ECDSA signature with SHA-1 Signature: 30:81:87:02:42:01:e8:0c:40:30:41:5e:ca:f3:1a:4e: 4f:77:52:17:c0:ff:17:f0:04:21:a7:88:c6:df:c2:50: be:33:54:78:41:ed:c8:ca:cb:96:7c:df:75:88:47:48: 30:af:1f:ab:5c:4a:c2:1b:7d:d4:31:c2:29:16:f8:db: 15:14:52:5a:c6:0c:34:02:41:69:29:0a:18:be:33:ec: f9:5c:9a:71:7c:5b:5b:19:48:d3:c5:da:f4:99:0a:bd: 91:35:71:df:21:fa:7a:cf:09:44:b5:cd:f2:75:44:4f: 50:14:5d:d4:63:6a:05:40:a5:d9:25:44:04:25:46:76: 4a:b0:cd:f7:55:b5:18:51:73:65 Fingerprint (SHA-256): 82:51:08:F5:FC:3C:A6:9C:E6:5D:74:4C:41:00:E6:F7:A9:2F:F6:C5:D4:8F:CB:85:F0:60:1A:E8:CD:1A:5C:4F Fingerprint (SHA1): F0:C3:6F:E5:5A:BE:A2:B2:84:31:57:C8:96:7F:DA:20:CA:08:09:19 Friendly Name: Alice-ec tools.sh: #5412: Listing Alice's pk12 EC file (pk12util -l) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5413: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: cf:26:b3:5f:f4:f2:1b:28:ed:92:5e:09:fb:bb:69:61 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5414: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5415: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5416: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: 56:c5:aa:8e:26:6f:fe:0e:08:5c:0e:5f:54:dd:ef:98 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5417: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5418: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5419: Exporting with [RC2-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC Parameters: Salt: e6:d9:b6:53:c5:e7:d2:48:b2:db:6b:7d:27:b7:4f:84 Iteration Count: 2000 (0x7d0) tools.sh: #5420: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5421: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5422: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: ca:f4:6c:4f:84:b7:12:ef:91:ab:cb:94:74:43:77:7d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5423: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5424: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5425: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 65:d8:f5:3c:1b:14:c3:38:6d:8b:49:d9:ae:f6:78:29 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5426: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5427: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5428: Exporting with [DES-EDE3-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: c0:02:ab:67:72:e1:36:4c:26:c5:f6:1d:4c:95:e5:6b Iteration Count: 2000 (0x7d0) tools.sh: #5429: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5430: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5431: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 33:01:7e:09:46:2d:db:23:32:ba:27:67:2a:40:f4:fb Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:2a:2f:67:ca:1b:76:e2:da:52:4b:b3:c4:93:65: d1:a5 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5432: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5433: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5434: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 57:85:72:e2:62:29:a1:80:49:d5:68:fc:c1:5b:21:af Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:b4:2c:db:50:a1:e9:92:e6:ba:0c:c1:fc:68:da: ca:f5 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5435: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5436: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5437: Exporting with [AES-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ae:e3:e0:36:b3:9e:dc:8c:85:ef:d9:ca:a3:58:b0:b9 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-128-CBC Args: 04:10:ff:80:a4:90:23:c9:a7:a5:b3:cb:bb:6d:38:5b: d8:9b tools.sh: #5438: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5439: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5440: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3c:6e:49:52:1d:3d:ec:19:ab:f9:a5:22:9c:22:9a:2c Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:b8:a4:b9:c3:ea:d4:e4:30:0b:8a:e1:a3:f9:7d: 41:12 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5441: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5442: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5443: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 38:83:14:01:c9:95:2b:92:f8:ca:e5:47:19:96:b0:54 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:ff:f3:54:69:22:f5:3d:b1:4e:20:22:cd:68:b5: a3:26 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5444: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5445: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5446: Exporting with [AES-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 9f:b7:e9:34:90:b9:87:03:fa:6b:7b:5a:b9:14:7c:84 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-192-CBC Args: 04:10:c5:01:5e:3d:40:55:f6:81:36:91:3c:60:28:b5: 90:75 tools.sh: #5447: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5448: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5449: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 4f:17:65:b5:98:b6:a9:2a:25:5c:ac:ce:ea:66:a8:91 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:61:97:ec:75:c6:86:1e:a1:db:ef:f0:14:dc:a2: 96:52 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5450: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5451: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5452: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 0d:58:fe:c0:62:55:cf:3a:4d:aa:0c:89:dd:f2:a3:51 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:e5:d5:e6:92:fe:bd:17:9f:1e:d2:84:74:e1:07: d0:4c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5453: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5454: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5455: Exporting with [AES-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: d4:60:13:69:32:dc:22:1b:ca:7a:e4:de:7d:7c:81:73 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: AES-256-CBC Args: 04:10:84:10:f8:de:c4:39:e6:56:90:a4:7a:43:88:29: 45:82 tools.sh: #5456: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5457: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5458: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3b:62:27:71:08:62:8d:11:64:3c:90:f3:6d:51:52:56 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:6d:b1:4d:81:3f:81:27:24:53:d4:2b:2f:d8:f8: 91:39 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5459: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5460: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5461: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ef:d2:e7:65:aa:72:47:91:79:92:99:5c:f1:1d:de:64 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:26:52:8b:de:b4:42:d5:c9:cf:6a:81:3e:f8:6b: 01:be Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5462: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5463: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5464: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ff:cf:86:33:ee:0f:7b:2f:f4:23:e1:ad:86:4d:8c:d8 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-128-CBC Args: 04:10:0c:5d:91:cb:b9:46:8c:bd:d0:ea:21:23:ee:4b: 13:c8 tools.sh: #5465: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5466: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5467: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 72:a0:4b:ac:9b:30:af:20:13:34:7a:85:61:0d:25:0a Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:8a:34:cf:32:05:57:dd:a5:f2:53:22:8e:7d:82: 8e:09 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5468: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5469: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5470: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 3a:5d:dc:ab:e8:72:1a:a5:49:5a:c5:42:83:7e:64:30 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:41:48:8f:2c:67:76:eb:2c:c2:73:d6:97:e8:28: 0f:9c Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5471: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5472: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5473: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 74:ea:1c:57:b5:69:1e:52:87:69:b1:6c:1e:dd:78:ae Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-192-CBC Args: 04:10:38:49:4f:ed:da:f0:7a:6b:e0:0a:9f:d0:ee:a6: 8e:1a tools.sh: #5474: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5475: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5476: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 63:d8:b9:bc:32:08:bc:7c:1a:5f:1f:8e:0e:ba:91:85 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:0c:4a:cd:bd:d6:50:60:87:f5:9e:fb:ca:df:ef: 17:21 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5477: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5478: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5479: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: ba:f9:a6:2b:af:43:af:82:1a:78:38:f3:40:64:a8:48 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:dc:ec:fa:f6:0d:a6:8f:37:5c:b3:9b:38:1b:cc: 8b:1e Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5480: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5481: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5482: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption v2 Encryption: KDF: PKCS #5 Password Based Key Dervive Function v2 Parameters: Salt: 42:9e:75:f1:c3:59:51:20:ba:88:ed:02:41:b7:57:d6 Iteration Count: 2000 (0x7d0) Key Length: 32 (0x20) KDF algorithm: HMAC SHA-1 Cipher: CAMELLIA-256-CBC Args: 04:10:8b:50:94:e5:a9:c1:f1:d7:2c:4c:65:6d:6f:87: c0:45 tools.sh: #5483: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5484: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5485: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: a6:2a:72:75:b1:5a:d0:e2:eb:e1:e2:a9:e6:d8:7c:f2 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5486: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5487: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5488: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 33:b6:62:ac:da:e4:d8:07:80:08:39:38:4b:73:12:34 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5489: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5490: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5491: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: b7:30:ac:fd:5c:6b:78:d4:61:33:37:6f:20:2c:79:3a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5492: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5493: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5494: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: 7d:03:8f:2b:3e:be:98:b4:8f:5c:a9:7a:17:a4:9b:15 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5495: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5496: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5497: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC Parameters: Salt: e4:f3:1a:3d:54:f4:2d:4e:8b:ef:65:15:25:fc:68:b1 Iteration Count: 2000 (0x7d0) tools.sh: #5498: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5499: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5500: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 58:37:d3:5a:6b:bd:9d:5b:79:7e:28:b5:19:d6:98:8c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5501: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5502: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5503: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: d2:81:9c:d2:7e:21:b1:18:2a:04:46:dc:70:c6:40:47 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5504: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5505: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5506: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 28:d8:fa:4c:23:99:f7:ed:cc:1d:c6:88:5a:20:79:07 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5507: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5508: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5509: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: 36:4e:c8:db:e0:ab:1f:e0:64:9b:06:15:7b:1a:43:cf Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5510: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5511: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5512: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC Parameters: Salt: a5:fe:c0:9a:13:1b:c0:f7:1a:bd:9e:92:53:0b:c4:6b Iteration Count: 2000 (0x7d0) tools.sh: #5513: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5514: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5515: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 12:8e:79:fd:93:e7:9c:11:7d:97:20:3d:55:14:c5:f9 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5516: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5517: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5518: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 32:9e:fe:47:7a:f2:ca:e7:ed:e2:9a:a3:ab:eb:79:d7 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5519: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5520: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5521: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 53:88:a1:da:36:30:ae:78:e9:f0:3b:e4:63:39:27:00 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5522: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5523: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5524: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 18:f3:36:8e:f3:f2:15:42:aa:a5:52:9a:a5:b5:46:99 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5525: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5526: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5527: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC Parameters: Salt: 28:66:a7:8b:53:10:b3:2e:65:16:f9:56:d2:76:bb:54 Iteration Count: 2000 (0x7d0) tools.sh: #5528: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5529: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5530: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 34:6a:d1:27:95:c6:9e:d6:d4:99:95:11:8e:cb:58:9d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5531: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5532: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5533: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 53:ff:a8:93:6a:84:eb:e8:57:17:16:79:76:93:35:0d Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5534: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5535: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5536: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d9:a3:bf:7f:9d:6d:da:fc:9a:8c:d2:2d:9a:ac:53:1c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5537: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5538: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5539: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: fe:10:74:1c:50:2d:9a:a1:99:0b:da:fe:81:54:e6:bd Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5540: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5541: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting with [default:null] pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5542: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 71:cc:7b:c2:89:9f:c5:cc:9f:76:1d:f2:03:9a:0c:07 Iteration Count: 2000 (0x7d0) tools.sh: #5543: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5544: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5545: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 6b:6c:3c:bf:0f:27:74:f6:b6:f2:97:62:c1:a7:d8:04 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5546: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5547: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5548: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f3:99:cd:f7:68:88:d8:f3:d2:7b:9d:09:bb:ef:f7:43 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5549: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5550: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5551: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 46:63:a2:82:58:72:dc:bb:b0:a9:a2:6d:1b:49:dc:9a Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5552: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5553: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5554: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 59:01:fd:5d:3c:c0:4b:c1:19:42:03:3b:b9:83:8a:b4 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5555: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5556: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5557: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 93:93:a6:e0:0b:6f:be:80:a8:8b:4f:ef:9a:cd:cb:de Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5558: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5559: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5560: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: f2:e4:3f:1f:4f:1f:76:ce:6b:40:d8:9c:50:05:b8:78 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5561: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5562: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5563: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: d3:bb:9e:cc:0f:22:fc:67:15:7f:43:47:41:39:ef:32 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5564: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5565: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5566: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 88:29:73:4c:b2:ab:4b:e0:4f:5d:c0:e6:81:b9:1c:ad Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5567: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5568: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5569: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 73:bc:3a:99:96:4d:40:20:b0:b0:cf:eb:76:02:91:5c Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5570: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5571: Importing Alice.p12 (pk12util -i) - PASSED tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o) pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5572: Exporting Alices's key & cert with [default:default] (pk12util -o) - PASSED tools.sh: Listing Alice's pk12 file pk12util -l Alice.p12 -w ../tests.pw Key(shrouded): Friendly Name: Alice Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: 81:71:14:7a:9e:3e:e9:d0:4a:92:8f:e4:9b:2c:12:41 Iteration Count: 2000 (0x7d0) Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:44:59 2015 Not After : Tue May 19 06:44:59 2065 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:00:ee:90:07:14:30:f1:62:6e:79:de:b3:30:63:4f: 0c:1e:58:5c:68:1c:80:eb:a1:fb:a8:81:76:59:38:71: a9:d1:86:0c:49:23:41:cc:c3:3e:db:5e:4b:21:34:bb: 79:c3:57:45:4d:08:48:17:54:b7:0e:10:e6:b4:bb:be: ac:ae:09:bb:30:06:93:c1:54:b6:e2:05:eb:d4:9c:e2: 8f:2d:ef:29:18:24:df:14:ef:81:24:b7:62:c3:f2:1e: 53:1b:d4:19:44:67:23:07:a0:df:4b:3a:0c:2f:cf:de: 36:be:82:28:bd:f7:db:27:68:b7:20:21:95:65:de:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5c:47:97:82:bd:70:01:95:29:77:e9:1d:d5:16:90:e8: 83:0c:85:2d:24:7b:94:83:97:83:2b:2e:e1:b7:24:52: 86:80:8b:f0:8a:4b:07:d2:0b:35:13:9a:87:46:cc:fd: 44:d5:ee:8a:76:60:a3:81:45:50:01:a4:17:cc:3f:97: 72:1e:0b:5d:39:f7:1a:b8:0b:ed:95:e3:f6:45:37:70: d5:6d:a2:50:6f:f9:cc:a4:f3:fa:0f:61:5f:d1:04:63: d5:27:29:79:f3:74:9a:40:18:7b:52:5e:43:db:c2:96: b6:e2:e3:a9:fd:3e:c9:32:e1:eb:4b:4d:f1:6d:71:03 Fingerprint (SHA-256): 14:2F:A7:BE:F0:42:F3:E0:66:F1:8D:C4:A1:E0:54:9E:4F:E6:43:0F:C3:19:09:B4:4B:64:97:8E:19:CC:84:DD Fingerprint (SHA1): 4A:C5:9E:E7:A7:88:CE:3C:57:2D:B7:C0:F1:57:95:5D:54:98:06:C0 Friendly Name: TestCA Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 30 (0x1e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:46:40 2015 Not After : Tue May 19 06:46:40 2020 Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C alifornia,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:34:35:e0:87:b9:3a:d6:32:b8:1a:2c:ba:55:86:d9: c1:e1:cb:75:9d:12:d2:23:9f:6d:e9:73:22:c1:b6:ad: 41:c6:81:99:a4:be:c9:b3:8b:e4:31:77:8b:cf:8b:6d: bd:e4:f3:fc:07:39:25:aa:37:48:43:69:38:35:c8:11: 9f:c1:bb:d0:6e:10:db:21:60:e7:04:71:07:31:2d:a5: fe:bf:1c:84:03:9b:c5:8f:5e:c4:27:4e:e7:b5:f4:7f: 88:b7:f6:3a:ed:a9:4b:d3:16:f3:6f:c5:bd:24:eb:0d: 5a:4b:80:c9:d5:87:23:78:f2:d2:8c:28:c2:f0:be:a3 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 41:c3:e3:e3:74:a7:b1:c9:b6:c3:3f:e3:2d:5a:36:fa: 57:2a:e3:c9:0c:34:77:22:be:9b:b7:b0:51:ff:5f:55: 49:38:e6:fa:81:49:41:03:36:de:c6:ba:55:cc:e3:36: 07:1c:79:19:d9:19:46:8a:46:49:a5:2b:e3:bf:0a:12: 85:aa:5c:6e:f2:31:ee:eb:ed:4b:fc:40:c0:55:69:8c: e2:33:66:86:92:a5:b8:34:d4:6c:9d:83:c1:0f:85:66: 2a:23:c1:7a:a8:4f:6a:c5:c4:48:26:4a:a9:57:a8:04: 39:e5:9e:dd:54:59:46:80:a7:35:e2:fb:29:a1:5c:31 Fingerprint (SHA-256): 13:B4:A6:22:F8:B3:16:BF:D7:5C:AC:72:B2:FA:A4:F5:FE:EB:5C:36:43:AE:30:50:B5:45:01:2B:84:77:BD:AA Fingerprint (SHA1): E5:74:47:24:83:8F:D0:43:20:04:7F:65:73:96:4B:00:19:EB:8E:54 Friendly Name: Alice tools.sh: #5573: Listing Alice.p12 (pk12util -l) - PASSED tools.sh: Importing Alice's pk12 Alice.p12 file pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw pk12util: PKCS12 IMPORT SUCCESSFUL tools.sh: #5574: Importing Alice.p12 (pk12util -i) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -c null pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm. tools.sh: #5575: Exporting with [null:default] (pk12util -o) - PASSED pk12util -o Alice.p12 -n "Alice" -d ../alicedir \ -k ../tests.pw -w ../tests.pw -C null pk12util: PKCS12 EXPORT SUCCESSFUL tools.sh: #5576: Exporting with [default:null] (pk12util -o) - PASSED tools.sh: Create objsign cert ------------------------------- signtool -G "objectsigner" -d ../tools/signdir -p "nss" WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair certificate request generated certificate has been signed certificate "objsigner" added to database Exported certificate to x509.raw and x509.cacert. tools.sh: #5577: Create objsign cert (signtool -G) - PASSED tools.sh: Signing a jar of files ---------------------------- signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html adding ../tools/html/sign.html to nojs.jar...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.jar...(deflated 28%) Generating zigbert.sf file.. adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 36%) adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%) tree "../tools/html" signed successfully tools.sh: #5578: Signing a jar of files (signtool -Z) - PASSED tools.sh: Listing signed files in jar ---------------------- signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner archive "nojs.jar" has passed crypto verification. found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match found a RSA signature file: META-INF/zigbert.rsa status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #5579: Listing signed files in jar (signtool -v) - PASSED tools.sh: Show who signed jar ------------------------------ signtool -w nojs.jar -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #5580: Show who signed jar (signtool -w) - PASSED tools.sh: Signing a xpi of files ---------------------------- signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \ ../tools/html Generating ../tools/html/META-INF/manifest.mf file.. --> sign.html --> signjs.html Generating zigbert.sf file.. Creating XPI Compatible Archive adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%) --> sign.html adding ../tools/html/sign.html to nojs.xpi...(deflated 26%) --> signjs.html adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%) adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%) adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 36%) tree "../tools/html" signed successfully tools.sh: #5581: Signing a xpi of files (signtool -Z -X) - PASSED tools.sh: Listing signed files in xpi ---------------------- signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner archive "nojs.xpi" has passed crypto verification. found a RSA signature file: META-INF/zigbert.rsa found a MF master manifest file: META-INF/manifest.mf found a SF signature manifest file: META-INF/zigbert.sf md5 digest on global metainfo: match sha digest on global metainfo: match status path ------------ ------------------- verified sign.html verified signjs.html tools.sh: #5582: Listing signed files in xpi (signtool -v) - PASSED tools.sh: Show who signed xpi ------------------------------ signtool -w nojs.xpi -d ../tools/signdir Signer information: nickname: objsigner subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org tools.sh: #5583: Show who signed xpi (signtool -w) - PASSED TIMESTAMP tools END: Tue May 19 02:53:20 EDT 2015 Running tests for fips TIMESTAMP fips BEGIN: Tue May 19 02:53:20 EDT 2015 fips.sh: FIPS 140 Compliance Tests =============================== fips.sh: Verify this module is in FIPS mode ----------------- modutil -dbdir ../fips -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal FIPS PKCS #11 Module slots: 1 slot attached status: loaded slot: NSS FIPS 140-2 User Private Key Services token: NSS FIPS 140-2 Certificate DB 2. RootCerts library name: /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token ----------------------------------------------------------- FIPS mode enabled. fips.sh: #5584: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #5585: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys ------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 2154cd41f8c93901459d43b64945f5a4bb3f391b NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate fips.sh: #5586: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Attempt to list FIPS module keys with incorrect password certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.fipsbadpw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" Incorrect password/PIN entered. certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. fips.sh: #5587: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED certutil -K returned 255 fips.sh: Validate the certificate -------------------------- certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw certutil: certificate is valid fips.sh: #5588: Validate the certificate (certutil -V -e) . - PASSED fips.sh: Export the certificate and key as a PKCS#12 file -- pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 EXPORT SUCCESSFUL fips.sh: #5589: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED fips.sh: Export the certificate as a DER-encoded file ------ certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt fips.sh: #5590: Export the certificate as a DER (certutil -L -r) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate Cu,Cu,Cu fips.sh: #5591: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Delete the certificate and key from the FIPS module certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw fips.sh: #5592: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #5593: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys. certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" certutil: no keys found fips.sh: #5594: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #5595: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #5596: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 2154cd41f8c93901459d43b64945f5a4bb3f391b FIPS_PUB_140_Test_Certificate fips.sh: #5597: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Delete the certificate from the FIPS module certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate fips.sh: #5598: Delete the certificate from the FIPS module (certutil -D) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI fips.sh: #5599: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: Import the certificate and key from the PKCS#12 file pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw pk12util: PKCS12 IMPORT SUCCESSFUL fips.sh: #5600: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED fips.sh: List the FIPS module certificates ----------------- certutil -d ../fips -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FIPS_PUB_140_Test_Certificate u,u,u fips.sh: #5601: List the FIPS module certificates (certutil -L) . - PASSED fips.sh: List the FIPS module keys -------------------------- certutil -d ../fips -K -f ../tests.fipspw certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services" < 0> dsa 2154cd41f8c93901459d43b64945f5a4bb3f391b FIPS_PUB_140_Test_Certificate fips.sh: #5602: List the FIPS module keys (certutil -K) . - PASSED fips.sh: Run PK11MODE in FIPSMODE ----------------- pk11mode -d ../fips -p fips- -f ../tests.fipspw Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 Loaded FC_GetFunctionList for FIPS MODE; slotID 0 **** Total number of TESTS ran in FIPS MODE is 106. **** **** ALL TESTS PASSED **** fips.sh: #5603: Run PK11MODE in FIPS mode (pk11mode) . - PASSED fips.sh: Run PK11MODE in Non FIPSMODE ----------------- pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 loaded C_GetFunctionList for NON FIPS MODE; slotID 1 **** Total number of TESTS ran in NON FIPS MODE is 104. **** **** ALL TESTS PASSED **** fips.sh: #5604: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED mkdir /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspem.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle cp /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle fips.sh: Detect mangled softoken-------------------------- mangling /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so mangle -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so -o -8 -b 5 cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle Changing byte 0x00032e40 (208448): from 01 (1) to 21 (33) LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/fips/mangle dbtest -r -d ../fips fips.sh: #5605: Init NSS with a corrupted library (dbtest -r) . - PASSED fips.sh done TIMESTAMP fips END: Tue May 19 02:54:18 EDT 2015 Running tests for crmf TIMESTAMP crmf BEGIN: Tue May 19 02:54:18 EDT 2015 crmf.sh: CRMF/CMMF Tests =============================== crmf.sh: CRMF/CMMF Tests ------------------------------ crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode crmftest v1.0 Generating CRMF request Decoding CRMF request crmftest: Processing cert request 0 crmftest: Processing cert request 1 Exiting successfully!!! crmf.sh: #5606: CRMF test . - PASSED crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf crmftest v1.0 Doing CMMF Stuff Exiting successfully!!! crmf.sh: #5607: CMMF test . - PASSED TIMESTAMP crmf END: Tue May 19 02:54:20 EDT 2015 Running tests for smime TIMESTAMP smime BEGIN: Tue May 19 02:54:20 EDT 2015 smime.sh: S/MIME Tests with ECC =============================== smime.sh: Signing Detached Message {SHA1} ------------------ cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1 smime.sh: #5608: Create Detached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5609: Verifying Alice's Detached Signature (SHA1) . - PASSED smime.sh: Signing Attached Message (SHA1) ------------------ cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1 smime.sh: #5610: Create Attached Signature Alice (SHA1) . - PASSED cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1 smime.sh: #5611: Decode Alice's Attached Signature (SHA1) . - PASSED diff alice.txt alice.data.SHA1 smime.sh: #5612: Compare Attached Signed Data and Original (SHA1) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------ cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1 smime.sh: #5613: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5614: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------ cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1 smime.sh: #5615: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1 smime.sh: #5616: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED diff alice.txt alice-ec.data.SHA1 smime.sh: #5617: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED smime.sh: Signing Detached Message {SHA256} ------------------ cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256 smime.sh: #5618: Create Detached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5619: Verifying Alice's Detached Signature (SHA256) . - PASSED smime.sh: Signing Attached Message (SHA256) ------------------ cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256 smime.sh: #5620: Create Attached Signature Alice (SHA256) . - PASSED cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256 smime.sh: #5621: Decode Alice's Attached Signature (SHA256) . - PASSED diff alice.txt alice.data.SHA256 smime.sh: #5622: Compare Attached Signed Data and Original (SHA256) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------ cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256 smime.sh: #5623: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5624: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------ cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256 smime.sh: #5625: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256 smime.sh: #5626: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED diff alice.txt alice-ec.data.SHA256 smime.sh: #5627: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED smime.sh: Signing Detached Message {SHA384} ------------------ cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384 smime.sh: #5628: Create Detached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5629: Verifying Alice's Detached Signature (SHA384) . - PASSED smime.sh: Signing Attached Message (SHA384) ------------------ cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384 smime.sh: #5630: Create Attached Signature Alice (SHA384) . - PASSED cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384 smime.sh: #5631: Decode Alice's Attached Signature (SHA384) . - PASSED diff alice.txt alice.data.SHA384 smime.sh: #5632: Compare Attached Signed Data and Original (SHA384) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------ cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384 smime.sh: #5633: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5634: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------ cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384 smime.sh: #5635: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384 smime.sh: #5636: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED diff alice.txt alice-ec.data.SHA384 smime.sh: #5637: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED smime.sh: Signing Detached Message {SHA512} ------------------ cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512 smime.sh: #5638: Create Detached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5639: Verifying Alice's Detached Signature (SHA512) . - PASSED smime.sh: Signing Attached Message (SHA512) ------------------ cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512 smime.sh: #5640: Create Attached Signature Alice (SHA512) . - PASSED cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512 smime.sh: #5641: Decode Alice's Attached Signature (SHA512) . - PASSED diff alice.txt alice.data.SHA512 smime.sh: #5642: Compare Attached Signed Data and Original (SHA512) . - PASSED smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------ cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512 smime.sh: #5643: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. smime.sh: #5644: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------ cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512 smime.sh: #5645: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512 smime.sh: #5646: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED diff alice.txt alice-ec.data.SHA512 smime.sh: #5647: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED smime.sh: Enveloped Data Tests ------------------------------ cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \ -o alice.env smime.sh: #5648: Create Enveloped Data Alice . - PASSED cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1 smime.sh: #5649: Decode Enveloped Data Alice . - PASSED diff alice.txt alice.data1 smime.sh: #5650: Compare Decoded Enveloped Data and Original . - PASSED smime.sh: Testing multiple recipients ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \ -r bob@bogus.com,dave@bogus.com smime.sh: #5651: Create Multiple Recipients Enveloped Data Alice . - PASSED smime.sh: Testing multiple email addrs ------------------------------ cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \ -r eve@bogus.net smime.sh: #5652: Encrypt to a Multiple Email cert . - PASSED cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2 smime.sh: #5653: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3 smime.sh: #5654: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4 smime.sh: #5655: Decrypt with a Multiple Email cert . - PASSED smime.sh: #5656: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED smime.sh: #5657: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED smime.sh: #5658: Compare Decoded with Multiple Email cert . - PASSED smime.sh: Sending CERTS-ONLY Message ------------------------------ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \ -d ../alicedir > co.der smime.sh: #5659: Create Certs-Only Alice . - PASSED cmsutil -D -i co.der -d ../bobdir smime.sh: #5660: Verify Certs-Only by CA . - PASSED smime.sh: Encrypted-Data Message --------------------------------- cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \ -r "bob@bogus.com" > alice.enc smime.sh: #5661: Create Encrypted-Data . - PASSED cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \ -o alice.data2 smime.sh: #5662: Decode Encrypted-Data . - PASSED smime.sh: #5663: Compare Decoded and Original Data . - PASSED smime.sh: p7 util Data Tests ------------------------------ p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env smime.sh: #5664: Creating envelope for user Alice . - PASSED p7content -d ../alicedir -i alice.env -o alice_p7.data smime.sh: #5665: Verifying file delivered to user Alice . - PASSED diff alice.txt alice_p7.data.sed smime.sh: #5666: Compare Decoded Enveloped Data and Original . - PASSED p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e smime.sh: #5667: Signing file for user Alice . - PASSED p7verify -d ../alicedir -c alice.txt -s alice.sig Signature is valid. smime.sh: #5668: Verifying file delivered to user Alice . - PASSED TIMESTAMP smime END: Tue May 19 02:54:51 EDT 2015 Running tests for ssl TIMESTAMP ssl BEGIN: Tue May 19 02:54:51 EDT 2015 ./ssl.sh: line 128: syntax error near unexpected token `then' ./ssl.sh: line 128: ` [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then' TIMESTAMP ssl END: Tue May 19 02:54:51 EDT 2015 Running tests for merge TIMESTAMP merge BEGIN: Tue May 19 02:54:51 EDT 2015 sdr.sh: SDR Tests =============================== sdr.sh: Creating an SDR key/SDR Encrypt - Value 1 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.900 -t "Test1" sdr.sh: #5669: Creating SDR Key/Encrypt - Value 1 - PASSED sdr.sh: SDR Encrypt - Value 2 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v2.900 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #5670: Encrypt - Value 2 - PASSED sdr.sh: SDR Encrypt - Value 3 sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.900 -t "1234567" sdr.sh: #5671: Encrypt - Value 3 - PASSED sdr.sh: SDR Decrypt - Value 1 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.900 -t "Test1" sdr.sh: #5672: Decrypt - Value 1 - PASSED sdr.sh: SDR Decrypt - Value 2 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v2.900 -t "The quick brown fox jumped over the lazy dog" sdr.sh: #5673: Decrypt - Value 2 - PASSED sdr.sh: SDR Decrypt - Value 3 sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.900 -t "1234567" sdr.sh: #5674: Decrypt - Value 3 - PASSED merge.sh: Merge Tests =============================== merge.sh: Creating an SDR key & Encrypt sdrtest -d . -o /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #5675: Creating SDR Key - PASSED merge.sh: Merging in Key for Existing user certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5676: Merging Dave - PASSED merge.sh: Merging in new user certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5677: Merging server - PASSED merge.sh: Merging in new chain certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5678: Merging ext_client - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5679: Merging conflicting nicknames 1 - PASSED merge.sh: Merging in conflicting nicknames 1 certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5680: Merging conflicting nicknames 2 - PASSED merge.sh: Verify nicknames were deconflicted (Alice #4) Certificate: Data: Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:50:00 2015 Not After : Tue May 19 06:50:00 2020 Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:e2:e8:d4:c4:61:8a:f3:89:03:20:31:46:94:6a:cc: b5:ca:d3:f8:98:40:20:c3:65:3a:dc:5e:7d:bc:30:04: ee:fc:bf:e8:01:2e:38:58:9e:41:3f:f1:8b:9f:f2:5d: 44:d0:35:54:aa:fc:2f:95:3d:01:6c:57:5c:8d:dd:13: 6b:a9:60:d4:e1:4e:dd:8d:7e:c5:c4:39:ff:bc:32:72: 53:63:95:5d:7a:50:72:9e:96:9f:ff:0b:66:cb:d9:a9: 0c:62:26:0c:3f:fa:a9:65:60:8f:c1:e7:11:a4:dc:16: 73:29:46:de:b9:82:68:57:03:ab:41:9c:24:3f:18:c7 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4a:02:ee:65:d3:5b:ec:13:d1:2a:68:81:a4:f2:69:98: 43:9f:60:cb:68:87:34:c0:d5:10:cb:c6:b5:38:da:8a: c2:99:73:a2:2c:33:cd:12:5e:9f:10:5e:fa:55:92:78: db:ce:46:09:73:8b:54:ee:1b:7f:24:76:7f:27:d7:af: d7:e9:cb:a8:ce:20:8e:11:fb:b8:e1:7e:c4:be:81:69: 95:b0:0d:f8:4a:b8:60:c7:8d:76:8d:b4:98:0d:54:9e: 44:c7:3a:fa:70:17:36:77:f8:84:6d:e6:87:e9:d6:41: 12:e6:e6:b7:49:02:f5:13:e5:6c:e1:80:cc:9e:c3:09 Fingerprint (SHA-256): AA:55:70:0D:03:A8:84:A3:0B:FD:0B:2D:73:B5:00:FF:AB:E2:33:51:EF:F3:7A:51:73:98:B8:49:79:FC:D8:49 Fingerprint (SHA1): 3F:A3:43:31:82:59:6D:37:66:F7:D0:37:9E:0E:5E:2E:97:64:C5:61 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5681: Verify nicknames were deconflicted (Alice #4) - PASSED merge.sh: Verify nicknames were deconflicted (Alice #100) Certificate: Data: Version: 3 (0x2) Serial Number: 46 (0x2e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Tue May 19 06:50:08 2015 Not After : Tue May 19 06:50:08 2020 Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ad:99:ea:53:5b:23:22:a0:d3:01:de:56:e8:b3:17:5e: c4:d2:a3:5f:cd:14:95:53:da:a2:76:97:2d:06:94:4f: 37:65:4c:b0:92:27:2e:bf:21:31:27:41:6b:09:41:bb: 56:ad:1c:4d:8a:24:7a:76:78:ce:5e:b5:59:18:73:96: 4b:64:26:69:35:8e:64:5d:3b:98:15:15:35:78:29:55: 85:97:49:c1:5b:80:5b:90:ce:ac:cf:c1:8f:91:3c:c0: ed:f9:1a:23:b3:f2:59:1e:ab:81:7c:3d:ca:ea:54:58: 93:41:36:b0:d2:a7:9c:65:25:1a:6e:52:d5:4b:0f:5f Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6f:df:e8:6c:0e:c6:32:a7:58:1d:dd:72:4e:df:ac:54: fa:1d:44:5f:66:69:80:6d:9c:84:5e:fd:33:58:e1:fb: 1f:c8:f3:76:f3:00:b8:8f:fd:4a:d4:54:d7:4a:97:55: 2f:1f:29:bf:75:68:40:c6:8b:73:1a:f9:c6:1f:ae:df: dd:12:d2:dd:31:76:77:98:8f:da:b1:11:d5:04:58:ed: 51:4f:de:07:1c:6f:ec:17:67:72:e2:6e:c9:aa:a2:9d: 83:91:a7:d8:7b:a5:b2:d8:51:46:97:b9:08:e0:90:20: 43:69:e0:fc:8b:6b:0b:28:c5:cb:bc:5b:26:82:f4:66 Fingerprint (SHA-256): 64:FD:2F:79:89:F2:F1:E7:62:D3:A1:11:96:7A:5D:AD:9D:7F:E6:4B:EC:29:46:41:76:B6:83:BE:2F:7C:B6:D1 Fingerprint (SHA1): 8A:A5:F1:44:0B:D6:34:60:A6:3E:FA:17:9E:54:26:CC:2F:BB:BA:B6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: merge.sh: #5682: Verify nicknames were deconflicted (Alice #100) - PASSED merge.sh: Merging in SDR certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw merge.sh: #5683: Merging SDR - PASSED Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI TestCA CT,C,C TestCA-ec CT,C,C Alice u,u,u Alice-ec u,u,u Alice-ecmixed u,u,u bob@bogus.com ,, Dave u,u,u eve@bogus.com ,, bob-ec@bogus.com ,, Dave-ec u,u,u Dave-ecmixed u,u,u localhost.localdomain u,u,u localhost.localdomain-ec u,u,u localhost.localdomain-ecmixed u,u,u localhost-sni.localdomain u,u,u localhost-sni.localdomain-ec u,u,u localhost-sni.localdomain-ecmixed u,u,u ExtendedSSLUser u,u,u serverCA C,C,C ExtendedSSLUser-ec u,u,u serverCA-ec C,C,C ExtendedSSLUser-ecmixed u,u,u clientCA T,C,C chain-2-clientCA-ec ,, chain-2-clientCA ,, chain-1-clientCA ,, chain-1-clientCA-ec ,, clientCA-ec T,C,C Alice #2 ,, Alice #1 ,, Alice #99 ,, Alice #3 ,, Alice #4 ,, Alice #100 ,, CRL names CRL Type TestCA CRL TestCA-ec CRL merge.sh: Decrypt - With Original SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v3.900 -t Test2 -f ../tests.pw merge.sh: #5684: Decrypt - Value 3 - PASSED merge.sh: Decrypt - With Merged SDR Key sdrtest -d . -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests.v1.900 -t Test1 -f ../tests.pw merge.sh: #5685: Decrypt - Value 1 - PASSED merge.sh: Signing with merged key ------------------ cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig merge.sh: #5686: Create Detached Signature Dave . - PASSED cmsutil -D -i dave.dsig -c alice.txt -d . Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) From: alice@bogus.com Subject: message Alice --> Bob To: bob@bogus.com This is a test message from Alice to Bob. merge.sh: #5687: Verifying Dave's Detached Signature - PASSED merge.sh: verifying merged cert ------------------ certutil -V -n ExtendedSSLUser -u C -d . certutil: certificate is valid merge.sh: #5688: Verifying ExtendedSSL User Cert - PASSED merge.sh: verifying merged crl ------------------ crlutil -L -n TestCA -d . CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" This Update: Tue May 19 06:51:08 2015 Entry 1 (0x1): Serial Number: 40 (0x28) Revocation Date: Tue May 19 06:44:56 2015 Entry Extensions: Name: CRL reason code Entry 2 (0x2): Serial Number: 42 (0x2a) Revocation Date: Tue May 19 06:51:05 2015 CRL Extensions: Name: Certificate Issuer Alt Name RFC822 Name: "caemail@ca.com" DNS name: "ca.com" Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" URI: "http://ca.com" IP Address: 87:0b:31:39:32:2e:31:36:38:2e:30:2e:31 merge.sh: #5689: Verifying TestCA CRL - PASSED TIMESTAMP merge END: Tue May 19 02:55:19 EDT 2015 Running tests for chains TIMESTAMP chains BEGIN: Tue May 19 02:55:19 EDT 2015 chains.sh: Certificate Chains Tests =============================== chains.sh: Creating DB OCSPRootDB certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd chains.sh: #5690: OCSPD: Creating DB OCSPRootDB - PASSED chains.sh: Creating Root CA OCSPRoot certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025520 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5691: OCSPD: Creating Root CA OCSPRoot - PASSED chains.sh: Exporting Root CA OCSPRoot.der certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der chains.sh: #5692: OCSPD: Exporting Root CA OCSPRoot.der - PASSED chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5693: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database - PASSED chains.sh: Creating DB OCSPCA1DB certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd chains.sh: #5694: OCSPD: Creating DB OCSPCA1DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US" -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5695: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der - PASSED chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5696: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5697: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database - PASSED chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5698: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database - PASSED chains.sh: Creating DB OCSPCA2DB certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd chains.sh: #5699: OCSPD: Creating DB OCSPCA2DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US" -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5700: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der - PASSED chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5701: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5702: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database - PASSED chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5703: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database - PASSED chains.sh: Creating DB OCSPCA3DB certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd chains.sh: #5704: OCSPD: Creating DB OCSPCA3DB - PASSED chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US" -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5705: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der - PASSED chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5706: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5707: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database - PASSED chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss pk12util: PKCS12 EXPORT SUCCESSFUL chains.sh: #5708: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database - PASSED chains.sh: Creating DB OCSPEE11DB certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd chains.sh: #5709: OCSPD: Creating DB OCSPEE11DB - PASSED chains.sh: Creating EE certifiate request OCSPEE11Req.der certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US" -R -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5710: OCSPD: Creating EE certifiate request OCSPEE11Req.der - PASSED chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5711: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5712: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database - PASSED chains.sh: Creating DB OCSPEE12DB certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd chains.sh: #5713: OCSPD: Creating DB OCSPEE12DB - PASSED chains.sh: Creating EE certifiate request OCSPEE12Req.der certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US" -R -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5714: OCSPD: Creating EE certifiate request OCSPEE12Req.der - PASSED chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5715: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5716: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database - PASSED chains.sh: Creating DB OCSPEE13DB certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd chains.sh: #5717: OCSPD: Creating DB OCSPEE13DB - PASSED chains.sh: Creating EE certifiate request OCSPEE13Req.der certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US" -R -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5718: OCSPD: Creating EE certifiate request OCSPEE13Req.der - PASSED chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5719: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5720: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database - PASSED chains.sh: Creating DB OCSPEE14DB certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd chains.sh: #5721: OCSPD: Creating DB OCSPEE14DB - PASSED chains.sh: Creating EE certifiate request OCSPEE14Req.der certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US" -R -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE14Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5722: OCSPD: Creating EE certifiate request OCSPEE14Req.der - PASSED chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5723: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5724: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database - PASSED chains.sh: Creating DB OCSPEE15DB certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd chains.sh: #5725: OCSPD: Creating DB OCSPEE15DB - PASSED chains.sh: Creating EE certifiate request OCSPEE15Req.der certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US" -R -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE15Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5726: OCSPD: Creating EE certifiate request OCSPEE15Req.der - PASSED chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5727: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1 - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5728: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database - PASSED chains.sh: Creating DB OCSPEE21DB certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd chains.sh: #5729: OCSPD: Creating DB OCSPEE21DB - PASSED chains.sh: Creating EE certifiate request OCSPEE21Req.der certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US" -R -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5730: OCSPD: Creating EE certifiate request OCSPEE21Req.der - PASSED chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5731: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5732: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database - PASSED chains.sh: Creating DB OCSPEE22DB certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd chains.sh: #5733: OCSPD: Creating DB OCSPEE22DB - PASSED chains.sh: Creating EE certifiate request OCSPEE22Req.der certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US" -R -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5734: OCSPD: Creating EE certifiate request OCSPEE22Req.der - PASSED chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5735: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5736: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database - PASSED chains.sh: Creating DB OCSPEE23DB certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd chains.sh: #5737: OCSPD: Creating DB OCSPEE23DB - PASSED chains.sh: Creating EE certifiate request OCSPEE23Req.der certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US" -R -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5738: OCSPD: Creating EE certifiate request OCSPEE23Req.der - PASSED chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5739: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2 - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5740: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database - PASSED chains.sh: Creating DB OCSPEE31DB certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd chains.sh: #5741: OCSPD: Creating DB OCSPEE31DB - PASSED chains.sh: Creating EE certifiate request OCSPEE31Req.der certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US" -R -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE31Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5742: OCSPD: Creating EE certifiate request OCSPEE31Req.der - PASSED chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5743: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5744: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database - PASSED chains.sh: Creating DB OCSPEE32DB certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd chains.sh: #5745: OCSPD: Creating DB OCSPEE32DB - PASSED chains.sh: Creating EE certifiate request OCSPEE32Req.der certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US" -R -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5746: OCSPD: Creating EE certifiate request OCSPEE32Req.der - PASSED chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9113/ocsp 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5747: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5748: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database - PASSED chains.sh: Creating DB OCSPEE33DB certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd chains.sh: #5749: OCSPD: Creating DB OCSPEE33DB - PASSED chains.sh: Creating EE certifiate request OCSPEE33Req.der certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US" -R -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5750: OCSPD: Creating EE certifiate request OCSPEE33Req.der - PASSED chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 2 7 http://localhost.localdomain:9114 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #5751: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3 - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5752: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database - PASSED chains.sh: Create CRL for OCSPRootDB crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519065616Z nextupdate=20160519065616Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 06:56:16 2015 Next Update: Thu May 19 06:56:16 2016 CRL Extensions: chains.sh: #5753: OCSPD: Create CRL for OCSPRootDB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPRoot crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl === Crlutil input data === update=20150519065617Z addcert 2 20150519065617Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" This Update: Tue May 19 06:56:17 2015 Next Update: Thu May 19 06:56:16 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:17 2015 CRL Extensions: chains.sh: #5754: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot - PASSED chains.sh: Create CRL for OCSPCA1DB crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519065618Z nextupdate=20160519065618Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:56:18 2015 Next Update: Thu May 19 06:56:18 2016 CRL Extensions: chains.sh: #5755: OCSPD: Create CRL for OCSPCA1DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519065619Z addcert 2 20150519065619Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:56:19 2015 Next Update: Thu May 19 06:56:18 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:19 2015 CRL Extensions: chains.sh: #5756: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1 - PASSED chains.sh: Revoking certificate with SN 4 issued by OCSPCA1 crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl === Crlutil input data === update=20150519065620Z addcert 4 20150519065620Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" This Update: Tue May 19 06:56:20 2015 Next Update: Thu May 19 06:56:18 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:19 2015 Entry 2 (0x2): Serial Number: 4 (0x4) Revocation Date: Tue May 19 06:56:20 2015 CRL Extensions: chains.sh: #5757: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1 - PASSED chains.sh: Create CRL for OCSPCA2DB crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519065621Z nextupdate=20160519065621Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:56:21 2015 Next Update: Thu May 19 06:56:21 2016 CRL Extensions: chains.sh: #5758: OCSPD: Create CRL for OCSPCA2DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519065622Z addcert 2 20150519065622Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:56:22 2015 Next Update: Thu May 19 06:56:21 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:22 2015 CRL Extensions: chains.sh: #5759: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA2 crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl === Crlutil input data === update=20150519065623Z addcert 3 20150519065623Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US" This Update: Tue May 19 06:56:23 2015 Next Update: Thu May 19 06:56:21 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:22 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 06:56:23 2015 CRL Extensions: chains.sh: #5760: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2 - PASSED chains.sh: Create CRL for OCSPCA3DB crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519065624Z nextupdate=20160519065624Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:56:24 2015 Next Update: Thu May 19 06:56:24 2016 CRL Extensions: chains.sh: #5761: OCSPD: Create CRL for OCSPCA3DB - PASSED chains.sh: Revoking certificate with SN 2 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519065625Z addcert 2 20150519065625Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:56:25 2015 Next Update: Thu May 19 06:56:24 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:25 2015 CRL Extensions: chains.sh: #5762: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3 - PASSED chains.sh: Revoking certificate with SN 3 issued by OCSPCA3 crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl === Crlutil input data === update=20150519065626Z addcert 3 20150519065626Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US" This Update: Tue May 19 06:56:26 2015 Next Update: Thu May 19 06:56:24 2016 Entry 1 (0x1): Serial Number: 2 (0x2) Revocation Date: Tue May 19 06:56:25 2015 Entry 2 (0x2): Serial Number: 3 (0x3) Revocation Date: Tue May 19 06:56:26 2015 CRL Extensions: chains.sh: #5763: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3 - PASSED chains.sh: Creating DB ServerDB certutil -N -d ServerDB -f ServerDB/dbpasswd chains.sh: #5764: OCSPD: Creating DB ServerDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ServerDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der chains.sh: #5765: OCSPD: Importing certificate OCSPRoot.der to ServerDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ServerDB database crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl chains.sh: #5766: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database - PASSED chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5767: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5768: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5769: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database - PASSED chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database /builddir/build/BUILD/nss-3.16.2.3/dist/Linux3.19_arm_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss pk12util: PKCS12 IMPORT SUCCESSFUL chains.sh: #5770: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database - PASSED chains.sh: Creating DB ClientDB certutil -N -d ClientDB -f ClientDB/dbpasswd chains.sh: #5771: OCSPD: Creating DB ClientDB - PASSED chains.sh: Importing certificate OCSPRoot.der to ClientDB database certutil -A -n OCSPRoot -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der chains.sh: #5772: OCSPD: Importing certificate OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing CRL OCSPRoot.crl to ClientDB database crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl chains.sh: #5773: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database certutil -A -n OCSPCA1OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der chains.sh: #5774: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database certutil -A -n OCSPCA2OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der chains.sh: #5775: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database certutil -A -n OCSPCA3OCSPRoot -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der chains.sh: #5776: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database certutil -A -n OCSPEE11OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der chains.sh: #5777: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database certutil -A -n OCSPEE12OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der chains.sh: #5778: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database certutil -A -n OCSPEE13OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der chains.sh: #5779: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database certutil -A -n OCSPEE14OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der chains.sh: #5780: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database certutil -A -n OCSPEE15OCSPCA1 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der chains.sh: #5781: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database certutil -A -n OCSPEE21OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der chains.sh: #5782: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database certutil -A -n OCSPEE22OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der chains.sh: #5783: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database certutil -A -n OCSPEE23OCSPCA2 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der chains.sh: #5784: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database certutil -A -n OCSPEE31OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der chains.sh: #5785: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database certutil -A -n OCSPEE32OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der chains.sh: #5786: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database - PASSED chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database certutil -A -n OCSPEE33OCSPCA3 -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der chains.sh: #5787: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database - PASSED httpserv starting at Tue May 19 02:56:44 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O get -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:56:44 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:56:50 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5788: Waiting for Server - FAILED kill -0 29586 >/dev/null 2>/dev/null httpserv with PID 29586 found at Tue May 19 02:56:50 EDT 2015 httpserv with PID 29586 started at Tue May 19 02:56:50 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5789: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 29586 at Tue May 19 02:56:52 EDT 2015 kill -USR1 29586 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 29586 killed at Tue May 19 02:56:52 EDT 2015 httpserv starting at Tue May 19 02:56:52 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O post -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:56:52 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:56:58 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5790: Waiting for Server - FAILED kill -0 29671 >/dev/null 2>/dev/null httpserv with PID 29671 found at Tue May 19 02:56:58 EDT 2015 httpserv with PID 29671 started at Tue May 19 02:56:58 EDT 2015 Cert = OCSPEE11OCSPCA1.cert tstclnt -h localhost.localdomain -p 9113 -q -t 20 tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5791: Test that OCSP server is reachable - FAILED trying to kill httpserv with PID 29671 at Tue May 19 02:57:00 EDT 2015 kill -USR1 29671 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 29671 killed at Tue May 19 02:57:00 EDT 2015 httpserv starting at Tue May 19 02:57:00 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O random -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 02:57:00 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 02:57:06 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #5792: Waiting for Server - FAILED kill -0 29758 >/dev/null 2>/dev/null httpserv with PID 29758 found at Tue May 19 02:57:06 EDT 2015 httpserv with PID 29758 started at Tue May 19 02:57:06 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #5793: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025521 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5794: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #5795: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #5796: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025522 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5797: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #5798: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #5799: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5800: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025523 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5801: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5802: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025524 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5803: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5804: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #5805: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #5806: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5807: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519025525 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5808: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5809: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5810: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #5811: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #5812: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025522 (0x1eefb372) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:57:12 2015 Not After : Tue May 19 06:57:12 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:b0:53:a9:41:46:41:19:ec:b2:c1:a4:65:cf:ca:2f: c4:d2:38:b5:5a:63:0a:f8:96:59:91:3a:28:a9:28:b0: f8:9b:e0:ed:df:20:fc:44:0d:0a:9f:94:ff:c5:da:00: fd:5e:bb:b1:cf:60:83:9c:8a:90:d1:3b:9d:f0:9d:c8: d6:6f:b1:82:e9:0c:90:2a:60:e1:03:c5:27:14:39:ef: 6a:ae:86:06:52:21:da:13:22:b4:6b:01:69:82:8d:cd: ab:0d:e7:4c:44:c4:6a:ab:64:5e:89:45:e2:f2:87:e7: 25:9c:1e:b8:91:6a:b4:9c:b9:95:8a:65:70:f5:a5:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:d1:c0:9d:b8:67:b9:d7:b1:a7:89:bb:a1:69:65:0b: 66:91:27:d2:7f:84:75:e9:d3:0a:a0:c3:01:33:65:f9: 2c:f0:02:b6:26:2a:cd:50:3e:31:65:21:35:50:78:62: bb:a5:5a:ed:02:7e:26:26:a5:74:ba:7a:c6:d2:f8:50: f9:0c:8e:1c:7d:23:74:fa:da:07:b5:45:8f:45:3a:6d: d9:74:bc:82:c9:9f:01:7a:21:18:9d:d5:af:db:b6:55: c4:28:17:db:df:41:43:91:ac:f6:1a:1f:55:89:59:18: 9a:40:03:15:2b:47:ad:a3:63:59:ee:b1:e6:ea:c5:0f Fingerprint (SHA-256): 71:AB:94:8B:82:F9:3D:32:0C:69:13:1F:9B:3D:90:1F:A4:1D:E8:A8:55:63:0A:2C:2A:7D:8C:33:AD:3C:19:FB Fingerprint (SHA1): 89:4F:9F:7B:67:4A:3F:1C:73:77:54:BD:F3:5B:CC:D9:59:05:6C:02 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5813: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025521 (0x1eefb371) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:57:09 2015 Not After : Tue May 19 06:57:09 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 98:60:bb:83:46:bd:cb:de:ae:46:ca:cd:4d:16:90:af: 57:5f:f1:5c:c6:7c:47:c6:be:74:ed:11:cf:62:57:26: d4:4c:9b:31:86:5f:4f:71:6c:17:ed:87:93:c3:bd:4b: 22:bc:24:74:93:60:64:29:23:8b:a7:39:59:69:76:fe: 74:1b:2b:d1:e9:8c:b9:ed:53:f9:35:1b:86:d9:f7:dd: af:03:f3:c1:c5:e9:e7:1c:64:03:8a:c6:2d:a2:f8:c5: 65:3e:6f:71:a3:ca:c3:dc:b6:9c:cf:05:b4:82:a9:2e: fc:f7:75:30:ff:f3:be:5d:97:9c:93:3d:53:af:05:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:2c:1a:4e:d6:d2:07:a9:57:ea:f8:f8:6d:89:84:6e: d9:ef:7e:08:e2:5c:82:b5:cc:3d:fd:ba:2f:9f:27:10: ae:44:50:92:7d:12:98:7b:75:25:3c:88:0d:a4:6d:ca: 00:ac:37:dc:e5:c4:46:85:c5:a1:39:e6:33:bd:50:ea: 85:ca:6c:fc:51:54:aa:8f:b2:68:a3:a5:97:bd:c8:e2: d9:5c:22:1c:de:56:64:d1:9d:b8:38:0d:5c:59:76:6a: b6:54:20:f2:c7:80:1e:7e:0e:d8:48:a5:f3:31:14:ed: 28:68:d8:8b:b9:a6:71:48:ad:f2:10:1a:a6:d1:0a:2b Fingerprint (SHA-256): 29:66:44:97:C5:6E:87:B5:0D:6D:98:E7:A9:BB:20:4D:D7:0C:9E:62:0D:18:1E:9D:9F:C4:42:2F:D0:E4:FD:5E Fingerprint (SHA1): 15:48:B9:C2:C3:70:E8:62:14:12:8D:C2:54:A4:78:2F:14:F5:37:60 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5814: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5815: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #5816: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #5817: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025521 (0x1eefb371) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:57:09 2015 Not After : Tue May 19 06:57:09 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 98:60:bb:83:46:bd:cb:de:ae:46:ca:cd:4d:16:90:af: 57:5f:f1:5c:c6:7c:47:c6:be:74:ed:11:cf:62:57:26: d4:4c:9b:31:86:5f:4f:71:6c:17:ed:87:93:c3:bd:4b: 22:bc:24:74:93:60:64:29:23:8b:a7:39:59:69:76:fe: 74:1b:2b:d1:e9:8c:b9:ed:53:f9:35:1b:86:d9:f7:dd: af:03:f3:c1:c5:e9:e7:1c:64:03:8a:c6:2d:a2:f8:c5: 65:3e:6f:71:a3:ca:c3:dc:b6:9c:cf:05:b4:82:a9:2e: fc:f7:75:30:ff:f3:be:5d:97:9c:93:3d:53:af:05:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:2c:1a:4e:d6:d2:07:a9:57:ea:f8:f8:6d:89:84:6e: d9:ef:7e:08:e2:5c:82:b5:cc:3d:fd:ba:2f:9f:27:10: ae:44:50:92:7d:12:98:7b:75:25:3c:88:0d:a4:6d:ca: 00:ac:37:dc:e5:c4:46:85:c5:a1:39:e6:33:bd:50:ea: 85:ca:6c:fc:51:54:aa:8f:b2:68:a3:a5:97:bd:c8:e2: d9:5c:22:1c:de:56:64:d1:9d:b8:38:0d:5c:59:76:6a: b6:54:20:f2:c7:80:1e:7e:0e:d8:48:a5:f3:31:14:ed: 28:68:d8:8b:b9:a6:71:48:ad:f2:10:1a:a6:d1:0a:2b Fingerprint (SHA-256): 29:66:44:97:C5:6E:87:B5:0D:6D:98:E7:A9:BB:20:4D:D7:0C:9E:62:0D:18:1E:9D:9F:C4:42:2F:D0:E4:FD:5E Fingerprint (SHA1): 15:48:B9:C2:C3:70:E8:62:14:12:8D:C2:54:A4:78:2F:14:F5:37:60 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5818: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025522 (0x1eefb372) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:57:12 2015 Not After : Tue May 19 06:57:12 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:b0:53:a9:41:46:41:19:ec:b2:c1:a4:65:cf:ca:2f: c4:d2:38:b5:5a:63:0a:f8:96:59:91:3a:28:a9:28:b0: f8:9b:e0:ed:df:20:fc:44:0d:0a:9f:94:ff:c5:da:00: fd:5e:bb:b1:cf:60:83:9c:8a:90:d1:3b:9d:f0:9d:c8: d6:6f:b1:82:e9:0c:90:2a:60:e1:03:c5:27:14:39:ef: 6a:ae:86:06:52:21:da:13:22:b4:6b:01:69:82:8d:cd: ab:0d:e7:4c:44:c4:6a:ab:64:5e:89:45:e2:f2:87:e7: 25:9c:1e:b8:91:6a:b4:9c:b9:95:8a:65:70:f5:a5:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:d1:c0:9d:b8:67:b9:d7:b1:a7:89:bb:a1:69:65:0b: 66:91:27:d2:7f:84:75:e9:d3:0a:a0:c3:01:33:65:f9: 2c:f0:02:b6:26:2a:cd:50:3e:31:65:21:35:50:78:62: bb:a5:5a:ed:02:7e:26:26:a5:74:ba:7a:c6:d2:f8:50: f9:0c:8e:1c:7d:23:74:fa:da:07:b5:45:8f:45:3a:6d: d9:74:bc:82:c9:9f:01:7a:21:18:9d:d5:af:db:b6:55: c4:28:17:db:df:41:43:91:ac:f6:1a:1f:55:89:59:18: 9a:40:03:15:2b:47:ad:a3:63:59:ee:b1:e6:ea:c5:0f Fingerprint (SHA-256): 71:AB:94:8B:82:F9:3D:32:0C:69:13:1F:9B:3D:90:1F:A4:1D:E8:A8:55:63:0A:2C:2A:7D:8C:33:AD:3C:19:FB Fingerprint (SHA1): 89:4F:9F:7B:67:4A:3F:1C:73:77:54:BD:F3:5B:CC:D9:59:05:6C:02 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5819: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #5820: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #5821: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #5822: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5823: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #5824: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025522 (0x1eefb372) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:57:12 2015 Not After : Tue May 19 06:57:12 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:b0:53:a9:41:46:41:19:ec:b2:c1:a4:65:cf:ca:2f: c4:d2:38:b5:5a:63:0a:f8:96:59:91:3a:28:a9:28:b0: f8:9b:e0:ed:df:20:fc:44:0d:0a:9f:94:ff:c5:da:00: fd:5e:bb:b1:cf:60:83:9c:8a:90:d1:3b:9d:f0:9d:c8: d6:6f:b1:82:e9:0c:90:2a:60:e1:03:c5:27:14:39:ef: 6a:ae:86:06:52:21:da:13:22:b4:6b:01:69:82:8d:cd: ab:0d:e7:4c:44:c4:6a:ab:64:5e:89:45:e2:f2:87:e7: 25:9c:1e:b8:91:6a:b4:9c:b9:95:8a:65:70:f5:a5:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:d1:c0:9d:b8:67:b9:d7:b1:a7:89:bb:a1:69:65:0b: 66:91:27:d2:7f:84:75:e9:d3:0a:a0:c3:01:33:65:f9: 2c:f0:02:b6:26:2a:cd:50:3e:31:65:21:35:50:78:62: bb:a5:5a:ed:02:7e:26:26:a5:74:ba:7a:c6:d2:f8:50: f9:0c:8e:1c:7d:23:74:fa:da:07:b5:45:8f:45:3a:6d: d9:74:bc:82:c9:9f:01:7a:21:18:9d:d5:af:db:b6:55: c4:28:17:db:df:41:43:91:ac:f6:1a:1f:55:89:59:18: 9a:40:03:15:2b:47:ad:a3:63:59:ee:b1:e6:ea:c5:0f Fingerprint (SHA-256): 71:AB:94:8B:82:F9:3D:32:0C:69:13:1F:9B:3D:90:1F:A4:1D:E8:A8:55:63:0A:2C:2A:7D:8C:33:AD:3C:19:FB Fingerprint (SHA1): 89:4F:9F:7B:67:4A:3F:1C:73:77:54:BD:F3:5B:CC:D9:59:05:6C:02 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5825: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025522 (0x1eefb372) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 06:57:12 2015 Not After : Tue May 19 06:57:12 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:b0:53:a9:41:46:41:19:ec:b2:c1:a4:65:cf:ca:2f: c4:d2:38:b5:5a:63:0a:f8:96:59:91:3a:28:a9:28:b0: f8:9b:e0:ed:df:20:fc:44:0d:0a:9f:94:ff:c5:da:00: fd:5e:bb:b1:cf:60:83:9c:8a:90:d1:3b:9d:f0:9d:c8: d6:6f:b1:82:e9:0c:90:2a:60:e1:03:c5:27:14:39:ef: 6a:ae:86:06:52:21:da:13:22:b4:6b:01:69:82:8d:cd: ab:0d:e7:4c:44:c4:6a:ab:64:5e:89:45:e2:f2:87:e7: 25:9c:1e:b8:91:6a:b4:9c:b9:95:8a:65:70:f5:a5:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:d1:c0:9d:b8:67:b9:d7:b1:a7:89:bb:a1:69:65:0b: 66:91:27:d2:7f:84:75:e9:d3:0a:a0:c3:01:33:65:f9: 2c:f0:02:b6:26:2a:cd:50:3e:31:65:21:35:50:78:62: bb:a5:5a:ed:02:7e:26:26:a5:74:ba:7a:c6:d2:f8:50: f9:0c:8e:1c:7d:23:74:fa:da:07:b5:45:8f:45:3a:6d: d9:74:bc:82:c9:9f:01:7a:21:18:9d:d5:af:db:b6:55: c4:28:17:db:df:41:43:91:ac:f6:1a:1f:55:89:59:18: 9a:40:03:15:2b:47:ad:a3:63:59:ee:b1:e6:ea:c5:0f Fingerprint (SHA-256): 71:AB:94:8B:82:F9:3D:32:0C:69:13:1F:9B:3D:90:1F:A4:1D:E8:A8:55:63:0A:2C:2A:7D:8C:33:AD:3C:19:FB Fingerprint (SHA1): 89:4F:9F:7B:67:4A:3F:1C:73:77:54:BD:F3:5B:CC:D9:59:05:6C:02 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5826: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #5827: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #5828: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #5829: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #5830: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #5831: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025521 (0x1eefb371) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:57:09 2015 Not After : Tue May 19 06:57:09 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 98:60:bb:83:46:bd:cb:de:ae:46:ca:cd:4d:16:90:af: 57:5f:f1:5c:c6:7c:47:c6:be:74:ed:11:cf:62:57:26: d4:4c:9b:31:86:5f:4f:71:6c:17:ed:87:93:c3:bd:4b: 22:bc:24:74:93:60:64:29:23:8b:a7:39:59:69:76:fe: 74:1b:2b:d1:e9:8c:b9:ed:53:f9:35:1b:86:d9:f7:dd: af:03:f3:c1:c5:e9:e7:1c:64:03:8a:c6:2d:a2:f8:c5: 65:3e:6f:71:a3:ca:c3:dc:b6:9c:cf:05:b4:82:a9:2e: fc:f7:75:30:ff:f3:be:5d:97:9c:93:3d:53:af:05:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:2c:1a:4e:d6:d2:07:a9:57:ea:f8:f8:6d:89:84:6e: d9:ef:7e:08:e2:5c:82:b5:cc:3d:fd:ba:2f:9f:27:10: ae:44:50:92:7d:12:98:7b:75:25:3c:88:0d:a4:6d:ca: 00:ac:37:dc:e5:c4:46:85:c5:a1:39:e6:33:bd:50:ea: 85:ca:6c:fc:51:54:aa:8f:b2:68:a3:a5:97:bd:c8:e2: d9:5c:22:1c:de:56:64:d1:9d:b8:38:0d:5c:59:76:6a: b6:54:20:f2:c7:80:1e:7e:0e:d8:48:a5:f3:31:14:ed: 28:68:d8:8b:b9:a6:71:48:ad:f2:10:1a:a6:d1:0a:2b Fingerprint (SHA-256): 29:66:44:97:C5:6E:87:B5:0D:6D:98:E7:A9:BB:20:4D:D7:0C:9E:62:0D:18:1E:9D:9F:C4:42:2F:D0:E4:FD:5E Fingerprint (SHA1): 15:48:B9:C2:C3:70:E8:62:14:12:8D:C2:54:A4:78:2F:14:F5:37:60 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5832: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025521 (0x1eefb371) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 06:57:09 2015 Not After : Tue May 19 06:57:09 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 98:60:bb:83:46:bd:cb:de:ae:46:ca:cd:4d:16:90:af: 57:5f:f1:5c:c6:7c:47:c6:be:74:ed:11:cf:62:57:26: d4:4c:9b:31:86:5f:4f:71:6c:17:ed:87:93:c3:bd:4b: 22:bc:24:74:93:60:64:29:23:8b:a7:39:59:69:76:fe: 74:1b:2b:d1:e9:8c:b9:ed:53:f9:35:1b:86:d9:f7:dd: af:03:f3:c1:c5:e9:e7:1c:64:03:8a:c6:2d:a2:f8:c5: 65:3e:6f:71:a3:ca:c3:dc:b6:9c:cf:05:b4:82:a9:2e: fc:f7:75:30:ff:f3:be:5d:97:9c:93:3d:53:af:05:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:2c:1a:4e:d6:d2:07:a9:57:ea:f8:f8:6d:89:84:6e: d9:ef:7e:08:e2:5c:82:b5:cc:3d:fd:ba:2f:9f:27:10: ae:44:50:92:7d:12:98:7b:75:25:3c:88:0d:a4:6d:ca: 00:ac:37:dc:e5:c4:46:85:c5:a1:39:e6:33:bd:50:ea: 85:ca:6c:fc:51:54:aa:8f:b2:68:a3:a5:97:bd:c8:e2: d9:5c:22:1c:de:56:64:d1:9d:b8:38:0d:5c:59:76:6a: b6:54:20:f2:c7:80:1e:7e:0e:d8:48:a5:f3:31:14:ed: 28:68:d8:8b:b9:a6:71:48:ad:f2:10:1a:a6:d1:0a:2b Fingerprint (SHA-256): 29:66:44:97:C5:6E:87:B5:0D:6D:98:E7:A9:BB:20:4D:D7:0C:9E:62:0D:18:1E:9D:9F:C4:42:2F:D0:E4:FD:5E Fingerprint (SHA1): 15:48:B9:C2:C3:70:E8:62:14:12:8D:C2:54:A4:78:2F:14:F5:37:60 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #5833: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #5834: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025526 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5835: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #5836: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #5837: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025527 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5838: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #5839: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #5840: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025528 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5841: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #5842: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #5843: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025529 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5844: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #5845: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #5846: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025530 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5847: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #5848: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #5849: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025531 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5850: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #5851: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #5852: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025532 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5853: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #5854: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #5855: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025533 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5856: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #5857: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #5858: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025534 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5859: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #5860: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #5861: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5862: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519025535 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5863: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5864: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519025536 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5865: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5866: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519025537 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5867: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5868: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #5869: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #5870: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5871: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519025538 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5872: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5873: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519025539 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5874: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5875: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519025540 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5876: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5877: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #5878: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #5879: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5880: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519025541 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5881: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5882: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519025542 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5883: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5884: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519025543 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5885: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5886: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #5887: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #5888: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5889: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519025544 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5890: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5891: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519025545 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5892: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5893: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519025546 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5894: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5895: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #5896: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5897: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5898: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519025547 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5899: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5900: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #5901: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5902: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025548 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #5903: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5904: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025526 (0x1eefb376) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 06:57:42 2015 Not After : Tue May 19 06:57:42 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c2:b9:0e:fc:3b:d4:1c:f7:cb:23:1a:0c:9e:5f:b8:ad: d6:7e:ce:ca:4c:f4:1c:37:b5:c4:a3:19:b1:c6:71:42: 14:60:ca:10:bc:c2:ce:ca:b0:bd:17:ef:cd:8e:ee:bf: c8:3e:cb:63:57:ee:c1:e5:c9:b2:87:08:a3:b8:6f:8a: 3b:08:d8:35:e2:b6:25:25:70:cf:1e:05:52:c0:c3:d4: e4:97:42:5d:40:79:cd:10:17:f4:8d:cc:11:2b:0c:c3: 04:12:98:a5:93:66:ea:f6:12:08:15:99:e6:b8:6f:17: 57:c3:0a:a7:b7:f1:88:7e:3a:6f:64:5c:d9:70:01:0b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 9a:de:67:c0:be:cc:de:9a:e8:25:51:9d:3b:ac:37:0c: 37:77:68:dd:fb:f5:4c:6c:44:71:d1:ac:de:e7:62:cd: 4d:f3:68:ef:2a:f4:e9:ad:3d:dd:db:66:a0:33:4d:42: f6:9d:82:d0:f8:c9:93:63:62:12:bd:e7:f2:b2:19:30: f7:cb:3f:79:10:5d:69:3e:7c:e5:bd:31:0e:d0:a7:95: f0:c0:3f:b9:60:8f:f5:d7:9f:34:f1:5b:5b:88:4e:83: 78:0a:d4:39:1d:8e:56:4b:a6:2e:a9:1f:52:69:ae:f7: 84:47:4c:5b:b5:ac:2e:c7:ff:be:97:07:13:dc:5d:66 Fingerprint (SHA-256): 3B:26:D4:E8:6E:9A:EA:F5:46:68:2D:16:AB:F2:15:AB:83:D7:E5:55:83:D5:DD:09:72:35:C3:6D:1F:27:A7:90 Fingerprint (SHA1): E8:66:C8:91:BE:F5:AF:E1:F0:08:8A:60:95:23:D0:12:4B:A5:7E:17 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5905: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025527 (0x1eefb377) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 06:57:45 2015 Not After : Tue May 19 06:57:45 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ea:fb:77:22:52:4f:99:19:03:e6:12:87:1b:3b:03:88: 4c:fe:61:86:4d:8a:74:50:42:53:17:9f:d2:f4:55:55: fd:9b:c5:d7:93:b7:d1:2e:e2:6c:01:82:90:e0:c7:77: 77:cb:1a:a4:c7:1e:9b:fd:52:8e:5d:7a:f2:0e:b6:0b: b6:de:2e:bc:13:49:07:ed:a2:c4:4b:71:c4:09:0f:0a: e1:60:40:df:4c:6d:b8:68:b5:15:94:09:2c:3b:70:20: 66:b9:10:47:64:a1:84:32:b9:e7:53:b0:8f:9f:f3:d6: b3:4c:f1:06:86:3d:d9:ef:84:d6:8b:4f:d2:2c:71:7f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 16:d8:ab:b5:98:ad:de:e6:47:cd:69:34:11:bd:21:36: 93:c3:e9:d6:30:4f:48:df:3b:f0:ad:6b:06:79:c6:60: 20:d4:47:49:cf:ab:0a:5d:f8:53:65:11:b0:4c:92:f8: 2c:88:94:d1:1c:e7:df:16:ca:97:fd:d3:29:38:14:4c: 74:2d:10:77:e0:0c:71:46:6a:f6:53:26:42:b7:fe:22: b3:f5:8e:ca:41:b5:60:13:42:82:a3:6e:ae:c3:d2:94: 83:f0:a4:61:20:60:0a:8c:4b:80:9d:12:74:0b:1d:ce: 6e:14:4d:30:aa:42:24:e4:dc:33:c6:57:98:c7:1a:65 Fingerprint (SHA-256): C0:C6:8F:B3:29:A3:B4:80:B5:09:CA:8D:DC:AA:90:03:63:8A:33:CD:5C:DA:5F:EA:12:24:AC:79:A4:F4:6D:CA Fingerprint (SHA1): D8:BA:39:CA:70:6B:9E:CD:B8:50:78:C9:EB:E9:F6:83:C1:4A:0A:87 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5906: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025528 (0x1eefb378) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 06:57:47 2015 Not After : Tue May 19 06:57:47 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: af:ec:d3:55:4b:17:86:51:28:76:03:3e:d9:6a:49:03: 24:5e:a6:4f:56:1a:63:79:02:2b:7f:d1:73:14:f8:12: 36:1c:08:3a:05:99:8d:a7:e6:02:95:93:51:9b:ec:2a: 11:22:e1:b0:58:9c:0a:02:fb:e0:9e:dc:1c:12:f5:f1: 67:67:3b:28:95:9b:b3:30:ab:96:83:39:9d:09:7b:53: b7:0a:f1:bc:6b:c2:99:77:1d:50:9f:3b:e1:17:5a:97: 23:fc:21:a8:24:1e:06:93:ae:e6:a7:39:62:a5:93:00: 02:53:bc:17:62:90:1a:2b:d1:dc:65:56:71:e0:f5:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 08:df:fa:1a:56:5d:34:8d:b4:02:c8:65:e8:be:26:e4: 73:97:c4:07:05:60:25:6e:cb:b5:3e:58:ce:46:04:ea: 94:e4:b1:14:1b:79:a3:8d:5d:cc:a3:ee:cf:63:a7:e2: 02:7b:87:9e:31:1e:4b:79:d6:c0:40:8a:0b:38:a7:ef: 1a:86:73:57:3e:da:74:a6:2e:f7:83:ec:67:2b:c4:67: 19:23:6a:53:33:94:07:f9:70:dc:8e:94:15:ce:51:79: dc:be:3b:b0:54:55:19:d2:e5:54:25:74:66:90:7d:a4: c7:2e:70:3d:65:56:2e:28:7e:12:85:76:0a:f8:d4:26 Fingerprint (SHA-256): 33:4F:9F:FE:78:98:79:DC:C1:8F:E5:CC:E1:FA:9D:1D:B9:02:4D:04:6A:C1:C9:87:BB:A7:51:8E:C1:8A:9F:3A Fingerprint (SHA1): F8:6F:EB:BD:96:56:46:D5:BD:DD:A2:A5:C8:46:D1:44:A8:14:48:11 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #5907: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025529 (0x1eefb379) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 06:57:50 2015 Not After : Tue May 19 06:57:50 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:d3:4d:33:91:a6:5a:a7:7f:0c:97:e8:02:21:8d:23: 76:59:49:b3:43:7e:c3:9c:b0:06:1a:dc:48:bd:bb:b0: 69:9a:3e:3b:87:f1:67:b9:b5:3d:50:17:ff:5f:36:d6: 8b:50:81:7e:71:29:ab:b0:09:55:fe:d4:68:a0:70:76: 75:aa:f8:04:38:5f:b5:7b:d8:1c:c3:f0:19:44:24:c1: 6d:07:01:b4:80:0f:d8:12:71:01:3c:25:b9:b9:45:e7: b5:2e:ca:7c:3e:ca:cd:56:6b:b9:86:01:90:97:a5:39: 81:c1:cf:ce:04:b1:10:4d:f4:01:00:a6:a8:61:1d:eb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:2c:5f:5b:fa:83:29:4d:57:d4:73:b9:7c:d8:cd:91: fe:80:f4:91:e1:ee:56:47:a1:b4:72:94:e3:69:b2:ca: 40:42:ac:81:f4:ce:d0:fd:50:f8:f1:f1:b5:4b:8f:2b: c7:1f:de:13:98:e2:fb:fa:95:c8:30:01:4c:0e:2b:be: 09:f8:ba:2b:90:bc:57:af:9e:1a:2b:67:c8:9f:17:50: 31:05:c4:da:a6:b4:40:54:6e:cf:d0:dd:c9:e7:bb:fc: a7:ca:81:a9:79:76:ae:8c:a8:0f:3c:88:33:21:37:51: 10:5b:42:1f:77:74:df:a6:86:65:c6:61:11:13:bd:21 Fingerprint (SHA-256): 4A:63:38:3C:47:4E:30:9A:3F:B8:BD:CE:1B:EF:0C:44:EC:73:E2:E5:23:93:C4:07:2C:E4:93:EC:92:F6:3D:F7 Fingerprint (SHA1): D2:5C:34:32:53:0E:AE:A7:70:25:39:0B:46:D5:1A:15:B7:02:5B:60 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5908: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025530 (0x1eefb37a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 06:57:53 2015 Not After : Tue May 19 06:57:53 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:18:14:de:b3:e3:29:4f:55:a0:88:17:7d:4d:f6:c7: 3f:ad:81:ca:ce:b5:c0:32:9f:cb:60:3c:88:cf:aa:7b: 82:2c:03:62:97:62:50:b7:e3:6e:6b:76:95:39:4a:a0: a2:3a:1d:53:b8:3e:ee:a2:48:6b:a8:17:d6:6e:ef:c3: f6:7f:a2:f3:a6:5c:3b:50:67:39:27:56:d2:d4:54:bb: 12:91:4d:ea:1c:2b:f8:40:05:9d:a3:90:a4:c8:eb:a0: 4f:a4:1a:ee:00:5e:d7:3a:3c:73:3d:54:8f:27:b1:67: b4:20:3d:46:0c:3c:b2:8e:9a:c2:7f:08:ca:f0:6c:dd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b5:26:98:da:60:aa:6b:d0:6f:8d:2d:de:97:a8:48:e6: c2:66:5c:5f:73:9f:28:cb:cb:9b:22:30:bf:e9:8e:e5: 4d:fe:5c:7a:a2:20:b2:a2:d1:ba:14:36:6c:00:7d:c7: 3a:0a:63:e5:13:4b:ef:6d:64:92:66:f8:9a:ff:31:72: 31:fb:1c:c5:c7:cc:5d:39:1b:fa:ec:94:64:6e:2a:39: 1c:5d:f5:6d:74:43:49:67:14:3a:b4:35:e5:8a:d8:bf: d1:30:28:2c:7a:11:df:56:6b:42:11:4b:19:b4:04:eb: 5d:0b:e2:13:ba:d2:19:c6:2d:1e:0d:9a:63:68:c0:dc Fingerprint (SHA-256): 64:1D:C2:A2:BA:77:23:07:1F:F4:5C:A2:2D:99:4A:D1:7F:73:2C:CE:3A:E4:E7:D5:8D:49:31:24:30:3E:D5:41 Fingerprint (SHA1): 02:52:1C:08:73:0A:B5:2D:14:0E:D5:B9:4A:1A:69:AE:52:16:9A:F5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5909: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025531 (0x1eefb37b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 06:57:57 2015 Not After : Tue May 19 06:57:57 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:a8:62:68:49:7e:bb:7f:75:1d:fa:a1:79:59:37:a5: a0:68:b6:97:9b:21:37:5c:b8:c6:ad:ca:f2:2d:b5:6b: a9:18:6f:bd:7f:b0:43:85:e8:fb:71:61:94:61:08:ea: f3:3c:1d:2b:8b:f4:29:dd:40:d8:50:82:27:d9:ef:05: 62:35:44:02:bf:3c:65:76:61:ad:66:8f:77:a4:d4:a8: 26:9d:34:18:45:e2:ce:76:e4:b7:1f:19:fa:9c:f8:be: b4:06:7d:10:b3:d5:bc:f7:31:cd:9f:76:e1:05:ec:36: 15:69:d9:51:94:0a:c5:82:4c:91:09:9a:5d:9e:d7:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6a:b4:99:2f:83:c7:81:10:1e:33:e8:5d:d9:8b:1f:12: 70:29:9d:a8:a4:c0:3e:b3:c3:bd:fa:4f:a8:db:9c:37: 04:15:5f:23:a6:6b:41:b0:2a:f3:7d:f9:00:ea:c8:da: e6:12:e4:1b:f5:19:43:37:d2:1e:ef:45:ca:37:92:00: 02:09:c1:22:57:e5:3f:a7:b3:cc:44:45:b0:e1:4b:d2: 17:87:20:29:3a:79:71:9a:d2:4f:12:77:fb:fd:27:1d: ea:d2:d5:a2:d3:f9:66:16:8f:48:60:3c:f7:e3:ee:c8: f1:42:e9:67:c9:b5:71:f3:1d:55:ae:12:ab:d0:63:7f Fingerprint (SHA-256): CC:64:64:71:95:3E:78:71:82:B1:EE:3C:D3:E8:8A:9C:7D:93:03:5F:0D:85:ED:66:95:3D:94:D1:C8:B7:CD:DD Fingerprint (SHA1): CE:AE:77:F8:54:79:FA:AC:79:40:91:84:B4:18:46:2C:7E:DE:D5:6C Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #5910: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025532 (0x1eefb37c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 06:58:01 2015 Not After : Tue May 19 06:58:01 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:a3:6e:54:43:37:58:f8:be:b4:84:da:79:03:fe:c9: 6c:42:1b:cc:79:70:33:85:a9:13:0b:f4:a1:bc:6c:49: 07:44:b6:f8:bc:ed:92:fb:56:ab:56:1d:dc:9c:b1:d4: 79:b2:5c:a4:d7:d3:7d:ee:40:03:62:4c:b7:a5:dc:24: b6:74:d5:96:84:52:f9:dd:b0:92:c3:f4:65:67:3f:3e: ca:c7:be:87:2c:a2:4a:f3:17:7f:ce:34:b3:79:04:53: 27:13:23:d6:f2:35:cc:17:f7:ed:dc:36:9e:d6:e6:9f: c6:f8:ed:71:7d:65:8c:71:c4:91:11:f1:4a:30:b6:7d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:11:48:90:fd:44:c2:e1:a8:f4:22:56:f8:ed:7a:93: 22:c5:ac:c0:41:96:3f:30:91:34:19:19:d5:c3:81:f0: 59:47:21:1b:83:71:3e:6c:3c:7d:90:01:c0:7a:24:25: b9:dd:b7:c3:df:b6:19:9f:fc:6b:fd:55:95:a6:c4:78: 53:e6:4b:e9:d3:b7:ba:55:da:40:a7:9e:c9:78:e5:f9: 54:f7:b6:6a:4a:a4:dc:84:36:db:ca:3b:98:5a:46:03: d7:cc:9c:f2:3e:3c:a6:86:3a:89:dd:67:52:57:2f:6b: 21:17:58:fd:09:c7:e7:72:95:b2:dc:79:ec:b3:42:14 Fingerprint (SHA-256): F1:25:D9:B8:95:75:69:74:2E:01:47:56:90:8C:CC:B6:35:CA:1D:08:95:23:56:B4:D0:06:A2:59:F1:F2:A8:ED Fingerprint (SHA1): 27:5C:92:3D:7C:40:35:65:79:CA:43:C9:08:ED:55:DD:08:5D:38:B5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5911: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025533 (0x1eefb37d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 06:58:05 2015 Not After : Tue May 19 06:58:05 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:89:01:9a:a9:83:11:3b:21:ef:8b:80:fc:0d:eb:96: 7a:38:1f:25:4e:53:37:a7:b9:5f:9a:a9:22:d6:74:e9: 76:2b:eb:63:a8:91:f8:c8:4d:b7:c4:60:78:90:7c:27: 68:90:d4:34:24:87:5f:5e:90:57:ce:8d:45:6c:58:0e: 06:ed:a5:53:b9:b2:df:cb:ca:03:04:55:08:ff:32:c8: 73:07:d3:9f:eb:a5:2d:4e:89:07:c0:07:62:f0:9b:6a: b1:b6:72:a9:21:00:7d:75:40:6b:ad:d7:4f:83:b1:92: 8e:fe:bd:3b:f8:f6:e2:84:29:6c:aa:13:0f:76:cf:37 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:24:85:d0:c3:e1:09:ee:98:1c:20:57:81:ad:43:f9: cc:19:79:d9:5e:4e:5f:da:2b:bb:94:55:f4:9a:f6:ef: 5a:6e:cf:a9:b4:e3:61:23:a5:df:29:5c:f7:fc:44:7a: 2a:75:fb:b9:98:ec:03:bc:9d:d2:d9:3c:c9:5e:36:ae: 58:ca:8b:ef:be:c0:0b:99:84:8c:3e:b5:9d:0c:4e:42: 1b:57:c8:08:fe:b0:c4:f0:0d:9e:77:12:37:e7:43:79: 42:8c:74:76:9c:f6:a8:8e:75:08:e8:65:51:e3:40:a9: 80:fa:73:7d:be:25:ca:e2:28:1e:3d:19:6e:e2:99:12 Fingerprint (SHA-256): 33:17:9F:A4:DA:F5:7A:2F:1D:67:93:07:50:9D:43:60:F1:E7:5E:6F:71:F8:39:A9:71:6B:85:07:DF:85:1E:25 Fingerprint (SHA1): 33:39:04:3F:CF:98:33:B9:4C:3A:E4:F1:94:F0:EB:F2:F2:2A:D3:D2 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5912: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025534 (0x1eefb37e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 06:58:08 2015 Not After : Tue May 19 06:58:08 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:04:a3:73:3f:52:58:5c:79:dc:1f:d0:6a:f7:69:06: 00:81:4c:b8:dd:7b:4b:2e:e4:6d:be:c7:72:bf:b2:66: ca:b2:eb:28:69:72:fc:fe:bd:df:04:12:38:0b:53:1c: a7:6a:e3:e2:94:cb:95:32:23:d6:28:4b:4b:0e:52:72: f0:2a:34:fe:d3:b8:4b:a2:f4:dc:8d:74:2a:fb:f9:20: 97:83:99:08:74:0f:09:fd:40:ee:86:1f:fb:55:b2:e7: 55:1d:b2:21:20:f7:e6:20:bf:df:98:81:b5:40:94:e1: f4:c6:dc:49:29:d3:a7:ee:f5:d9:d4:3f:a1:f1:54:2b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:53:aa:34:4c:2d:a8:2c:0a:47:59:fa:f5:91:c3:a2: 57:9a:5c:0d:a6:c7:9e:1f:10:e3:7d:bd:c5:73:46:7c: 06:87:33:f4:cf:0b:fe:1c:5e:d7:9a:2c:07:17:18:17: 7a:eb:2e:39:4a:da:73:56:15:12:8e:a2:ff:38:c6:88: b7:bb:da:f5:06:29:0b:13:65:f3:c9:af:ff:f3:2b:f6: 9a:af:02:00:2d:c6:fc:c9:e7:fa:ba:68:f8:9e:ad:e4: 43:35:dc:f6:4c:d6:26:b2:65:21:75:e2:3b:d3:1b:b4: 9b:af:98:dd:de:d9:a3:cc:f1:db:97:60:54:ea:d8:e3 Fingerprint (SHA-256): 91:D2:22:AA:93:88:DE:87:DD:F2:56:49:15:C0:35:67:4A:33:79:17:92:F8:65:A9:6B:3D:89:CB:E6:17:6E:1C Fingerprint (SHA1): 0B:8E:7B:8C:6C:2E:E5:C1:26:71:38:D1:B6:39:B7:8A:97:1B:00:8B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #5913: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #5914: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025549 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5915: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #5916: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5917: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5918: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025550 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5919: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5920: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5921: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5922: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025551 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5923: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5924: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #5925: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5926: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025552 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5927: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5928: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5929: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025549 (0x1eefb38d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:58:52 2015 Not After : Tue May 19 06:58:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:2b:cf:76:5f:17:33:48:ba:50:57:ea:47:3d:d8:7e: 89:78:5e:32:45:53:81:56:a6:c9:ac:f3:24:09:f7:f1: 3d:33:dd:f4:2b:77:4a:fa:b1:56:d3:ee:4f:ad:0c:83: da:f4:40:71:9d:c3:2e:ce:de:c4:03:35:4d:ac:ab:b6: 7a:8f:39:33:6c:9c:fa:79:09:39:4d:fa:4f:7f:64:9e: 26:83:32:a9:38:60:25:03:ee:d7:e3:4b:91:89:a3:dc: 81:5c:f2:46:37:50:b7:55:b8:61:ef:52:9f:b9:b9:89: d9:21:05:11:da:6b:a8:c1:d8:34:58:f6:4d:24:36:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:90:9c:b1:7f:fa:50:59:4b:49:52:df:bf:14:df:bd: 9d:ea:eb:e6:a0:2c:2b:18:bd:0b:e4:fb:b9:d4:f9:e9: d8:31:8a:ea:1c:40:1e:74:d2:66:47:9c:27:ef:6e:b0: 7b:df:bd:3c:33:0b:db:1d:e8:9f:1d:83:6a:f4:41:8d: dc:2e:b9:9d:7d:28:f0:26:0b:c0:81:56:e7:bc:54:15: 64:c5:1d:31:1a:00:87:15:0d:92:a5:92:9a:aa:73:c4: f2:19:e4:01:26:bd:80:a7:d3:87:60:53:b9:fa:99:69: f9:8d:36:60:37:ec:3c:2d:b4:ae:3b:98:12:5b:16:aa Fingerprint (SHA-256): EB:7F:2F:16:56:4B:8E:BC:C2:7C:98:C4:D6:CD:CE:34:F5:73:5F:A0:A3:B0:30:40:C9:33:D0:A3:40:72:37:D7 Fingerprint (SHA1): A9:A9:D4:D7:D4:A6:30:C2:E3:A6:36:13:A0:67:82:4E:89:AD:AE:B1 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5930: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5931: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025550 (0x1eefb38e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:58:57 2015 Not After : Tue May 19 06:58:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:48:70:5e:05:8b:95:04:f3:e4:fe:58:e8:21:b0:d8: eb:c2:dc:ae:77:71:01:a4:eb:a2:50:df:7f:48:fc:f2: cf:c1:e2:06:ec:55:bc:60:cc:1f:5c:9d:c3:a0:ef:f2: ec:95:c8:0c:42:3b:f0:b3:b0:b5:d0:e1:fd:2e:75:73: a5:f4:c0:42:d6:ed:e2:5a:9d:8b:f1:cc:0c:d7:72:59: 25:44:e1:98:a8:71:db:87:3b:47:fc:23:58:5b:8f:41: 58:ef:65:aa:1e:d0:f4:ce:95:0f:30:09:69:f9:e8:56: b7:8c:c8:bb:fe:cb:99:59:02:8a:33:d1:f2:c3:46:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6a:23:43:1d:69:a2:c6:d5:dc:43:9d:0a:73:02:65:7c: d2:63:23:46:9f:ef:9f:db:dc:f4:6e:d6:5a:b1:23:87: 90:22:61:ae:52:ac:66:6d:b2:51:48:bf:86:3f:4d:a6: 7f:71:a2:b5:fe:7a:7a:18:4a:4a:2a:ac:e0:2c:a2:ca: 41:1d:14:3b:86:f9:a9:d2:51:48:f5:99:3f:35:e3:88: d4:be:f9:52:c9:5f:16:c8:86:78:30:f4:08:2f:f6:1a: 2c:f0:1c:df:97:7f:10:84:0e:72:d3:2f:f4:aa:08:d3: 84:12:94:6f:8f:ca:ac:67:65:b2:e5:7f:b0:7b:86:7b Fingerprint (SHA-256): 63:49:C9:03:5A:F3:CF:F0:FA:64:A0:D1:22:89:5A:05:26:21:36:A9:2A:5C:F5:7B:AE:53:44:73:69:D5:20:60 Fingerprint (SHA1): E8:BB:DB:E9:2F:77:C6:C1:82:E9:AA:89:B6:46:2C:83:7E:D6:12:6D Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5932: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5933: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025551 (0x1eefb38f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:01 2015 Not After : Tue May 19 06:59:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:7f:d1:c7:75:54:82:fa:14:30:cd:86:b8:97:c4:3b: a9:0f:52:3a:e6:a1:c6:aa:6d:a1:d0:37:4b:3f:2b:95: c0:7e:ec:e2:3b:c5:3d:0a:1b:2a:12:19:1e:73:1b:6d: 5a:76:a1:47:df:ae:53:03:56:a7:ef:8a:a7:1b:33:ae: a1:02:5c:98:9b:af:28:f4:79:3d:ef:2f:52:65:2c:dd: 83:8c:d3:8d:c2:fa:a3:e4:eb:5b:fe:4d:c0:5b:55:32: c4:b7:29:d1:10:e3:f6:2e:0f:4e:ac:a1:c0:0b:87:9a: 36:6c:41:ab:11:cb:63:1b:15:b6:0a:e6:a3:35:eb:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:7f:b8:73:5f:a2:fa:53:d1:9e:fa:b9:db:91:56:59: d2:fb:f4:18:5f:29:bf:b2:36:a0:08:0b:b9:aa:bd:89: 45:91:41:6b:1b:65:0b:0c:bc:de:df:7e:bb:a9:eb:be: 4b:ad:59:f7:14:2d:8e:a9:69:1b:8c:3c:69:5b:26:f9: 06:d9:5f:2c:17:26:37:65:fd:35:53:79:b3:a4:c1:31: af:5a:2b:7d:f9:29:9f:f2:22:a9:ad:35:7b:73:b1:37: d9:98:07:ec:93:af:e9:87:1f:0a:40:54:34:4f:48:1c: a7:52:0d:a2:94:09:92:9e:c0:9f:92:d5:a2:a5:db:4a Fingerprint (SHA-256): A6:14:70:85:F8:60:68:98:52:15:B6:87:33:0E:2F:25:DD:48:00:3D:DD:12:09:EF:87:73:D2:85:38:71:16:E0 Fingerprint (SHA1): 9C:4A:12:73:6F:37:12:A0:31:37:9C:B7:03:3C:28:4F:70:46:98:7D Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #5934: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5935: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #5936: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #5937: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #5938: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025549 (0x1eefb38d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:58:52 2015 Not After : Tue May 19 06:58:52 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:2b:cf:76:5f:17:33:48:ba:50:57:ea:47:3d:d8:7e: 89:78:5e:32:45:53:81:56:a6:c9:ac:f3:24:09:f7:f1: 3d:33:dd:f4:2b:77:4a:fa:b1:56:d3:ee:4f:ad:0c:83: da:f4:40:71:9d:c3:2e:ce:de:c4:03:35:4d:ac:ab:b6: 7a:8f:39:33:6c:9c:fa:79:09:39:4d:fa:4f:7f:64:9e: 26:83:32:a9:38:60:25:03:ee:d7:e3:4b:91:89:a3:dc: 81:5c:f2:46:37:50:b7:55:b8:61:ef:52:9f:b9:b9:89: d9:21:05:11:da:6b:a8:c1:d8:34:58:f6:4d:24:36:87 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 95:90:9c:b1:7f:fa:50:59:4b:49:52:df:bf:14:df:bd: 9d:ea:eb:e6:a0:2c:2b:18:bd:0b:e4:fb:b9:d4:f9:e9: d8:31:8a:ea:1c:40:1e:74:d2:66:47:9c:27:ef:6e:b0: 7b:df:bd:3c:33:0b:db:1d:e8:9f:1d:83:6a:f4:41:8d: dc:2e:b9:9d:7d:28:f0:26:0b:c0:81:56:e7:bc:54:15: 64:c5:1d:31:1a:00:87:15:0d:92:a5:92:9a:aa:73:c4: f2:19:e4:01:26:bd:80:a7:d3:87:60:53:b9:fa:99:69: f9:8d:36:60:37:ec:3c:2d:b4:ae:3b:98:12:5b:16:aa Fingerprint (SHA-256): EB:7F:2F:16:56:4B:8E:BC:C2:7C:98:C4:D6:CD:CE:34:F5:73:5F:A0:A3:B0:30:40:C9:33:D0:A3:40:72:37:D7 Fingerprint (SHA1): A9:A9:D4:D7:D4:A6:30:C2:E3:A6:36:13:A0:67:82:4E:89:AD:AE:B1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5939: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5940: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025550 (0x1eefb38e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:58:57 2015 Not After : Tue May 19 06:58:57 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:48:70:5e:05:8b:95:04:f3:e4:fe:58:e8:21:b0:d8: eb:c2:dc:ae:77:71:01:a4:eb:a2:50:df:7f:48:fc:f2: cf:c1:e2:06:ec:55:bc:60:cc:1f:5c:9d:c3:a0:ef:f2: ec:95:c8:0c:42:3b:f0:b3:b0:b5:d0:e1:fd:2e:75:73: a5:f4:c0:42:d6:ed:e2:5a:9d:8b:f1:cc:0c:d7:72:59: 25:44:e1:98:a8:71:db:87:3b:47:fc:23:58:5b:8f:41: 58:ef:65:aa:1e:d0:f4:ce:95:0f:30:09:69:f9:e8:56: b7:8c:c8:bb:fe:cb:99:59:02:8a:33:d1:f2:c3:46:c9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6a:23:43:1d:69:a2:c6:d5:dc:43:9d:0a:73:02:65:7c: d2:63:23:46:9f:ef:9f:db:dc:f4:6e:d6:5a:b1:23:87: 90:22:61:ae:52:ac:66:6d:b2:51:48:bf:86:3f:4d:a6: 7f:71:a2:b5:fe:7a:7a:18:4a:4a:2a:ac:e0:2c:a2:ca: 41:1d:14:3b:86:f9:a9:d2:51:48:f5:99:3f:35:e3:88: d4:be:f9:52:c9:5f:16:c8:86:78:30:f4:08:2f:f6:1a: 2c:f0:1c:df:97:7f:10:84:0e:72:d3:2f:f4:aa:08:d3: 84:12:94:6f:8f:ca:ac:67:65:b2:e5:7f:b0:7b:86:7b Fingerprint (SHA-256): 63:49:C9:03:5A:F3:CF:F0:FA:64:A0:D1:22:89:5A:05:26:21:36:A9:2A:5C:F5:7B:AE:53:44:73:69:D5:20:60 Fingerprint (SHA1): E8:BB:DB:E9:2F:77:C6:C1:82:E9:AA:89:B6:46:2C:83:7E:D6:12:6D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5941: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5942: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025551 (0x1eefb38f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:01 2015 Not After : Tue May 19 06:59:01 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:7f:d1:c7:75:54:82:fa:14:30:cd:86:b8:97:c4:3b: a9:0f:52:3a:e6:a1:c6:aa:6d:a1:d0:37:4b:3f:2b:95: c0:7e:ec:e2:3b:c5:3d:0a:1b:2a:12:19:1e:73:1b:6d: 5a:76:a1:47:df:ae:53:03:56:a7:ef:8a:a7:1b:33:ae: a1:02:5c:98:9b:af:28:f4:79:3d:ef:2f:52:65:2c:dd: 83:8c:d3:8d:c2:fa:a3:e4:eb:5b:fe:4d:c0:5b:55:32: c4:b7:29:d1:10:e3:f6:2e:0f:4e:ac:a1:c0:0b:87:9a: 36:6c:41:ab:11:cb:63:1b:15:b6:0a:e6:a3:35:eb:a3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 6d:7f:b8:73:5f:a2:fa:53:d1:9e:fa:b9:db:91:56:59: d2:fb:f4:18:5f:29:bf:b2:36:a0:08:0b:b9:aa:bd:89: 45:91:41:6b:1b:65:0b:0c:bc:de:df:7e:bb:a9:eb:be: 4b:ad:59:f7:14:2d:8e:a9:69:1b:8c:3c:69:5b:26:f9: 06:d9:5f:2c:17:26:37:65:fd:35:53:79:b3:a4:c1:31: af:5a:2b:7d:f9:29:9f:f2:22:a9:ad:35:7b:73:b1:37: d9:98:07:ec:93:af:e9:87:1f:0a:40:54:34:4f:48:1c: a7:52:0d:a2:94:09:92:9e:c0:9f:92:d5:a2:a5:db:4a Fingerprint (SHA-256): A6:14:70:85:F8:60:68:98:52:15:B6:87:33:0E:2F:25:DD:48:00:3D:DD:12:09:EF:87:73:D2:85:38:71:16:E0 Fingerprint (SHA1): 9C:4A:12:73:6F:37:12:A0:31:37:9C:B7:03:3C:28:4F:70:46:98:7D Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #5943: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5944: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #5945: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025553 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5946: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #5947: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5948: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5949: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025554 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5950: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5951: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5952: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5953: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025555 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5954: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5955: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #5956: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5957: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519025556 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5958: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5959: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #5960: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #5961: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519025557 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5962: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5963: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #5964: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025553 (0x1eefb391) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:18 2015 Not After : Tue May 19 06:59:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:84:86:09:00:27:83:cc:06:fb:66:71:cd:72:bf:75: ae:84:b1:c3:d4:eb:d1:e9:af:51:8e:96:37:8d:53:ca: 5a:75:fe:fc:27:4a:6e:d7:84:9f:51:a7:50:c1:33:7f: fa:5b:0d:9c:83:b6:da:9f:bf:5d:61:8e:d4:22:17:79: 8e:9b:ca:92:0a:ba:ae:7b:29:b5:26:19:42:a7:4f:fe: 7f:2a:cc:2f:fc:23:5c:4d:59:5a:e9:cb:9e:6e:4c:6d: 9e:0e:a3:f7:0c:bd:7a:71:f1:54:ce:79:0b:18:43:c3: 71:b2:59:36:cc:97:15:65:c3:fc:4c:0c:03:18:05:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:af:c4:97:ad:51:8e:fa:f3:eb:29:54:1b:e3:f3:a2: 7e:66:a2:08:9d:d4:2f:86:8a:0b:c1:62:7f:13:38:69: e6:46:42:b4:b8:8d:e0:1b:82:0c:e2:81:f6:ec:c7:72: 60:9b:1d:a5:65:63:7d:53:3f:cf:00:a2:a2:08:22:cc: a7:3a:44:99:ce:29:92:54:db:77:28:f4:31:88:63:f0: 84:f9:55:25:c4:f4:ff:b3:5f:de:28:2b:b2:af:2a:99: 22:a0:2d:2f:74:4f:6f:79:ce:5c:75:c9:95:f5:11:39: cb:a7:7b:45:ce:b8:47:33:82:30:8f:e1:fc:26:c2:61 Fingerprint (SHA-256): 02:EC:61:1F:31:00:51:7F:5E:31:7A:CA:4E:22:F1:A4:8D:E0:0C:A6:3F:22:C5:F0:11:B7:5B:56:14:3A:56:89 Fingerprint (SHA1): DE:B3:5B:34:89:C5:57:7D:2F:1D:1C:1C:67:A1:96:45:79:2E:B4:87 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5965: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5966: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025554 (0x1eefb392) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:22 2015 Not After : Tue May 19 06:59:22 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:9f:e9:5e:7f:a8:ee:b0:cb:cc:57:a3:66:da:64:a6: b9:37:77:1a:09:aa:6e:cd:ec:fd:5f:70:f3:8a:58:fb: f0:de:63:bc:b2:c9:2b:4f:f5:de:f1:ae:67:17:12:51: a4:b1:1e:23:c5:b7:65:ac:44:0e:3a:dc:da:9a:04:6f: cf:ee:44:6b:de:b8:21:17:1c:ec:88:62:a4:20:b0:f0: a3:fe:a2:05:4e:ae:39:41:b2:b4:46:e7:9f:6c:5d:40: 4b:f0:47:a7:99:7e:b1:cd:0a:28:20:91:49:00:5b:5c: 7d:7b:4b:1e:c4:b8:d0:07:99:18:7d:53:c4:e8:81:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:6d:4a:94:3f:ee:4e:75:71:61:ae:e9:05:3a:88:ea: 26:10:61:90:b0:07:7a:07:14:da:f6:ed:5a:d1:c6:e9: 9f:8c:c4:ba:90:c8:ec:ec:8a:48:ab:15:b8:f8:ba:1f: 01:8b:e8:10:f3:d7:06:e1:4f:b1:09:1b:05:2c:8e:37: e3:37:a4:c0:8c:91:53:d4:99:a9:ca:7f:c0:e5:3e:10: 68:45:c9:71:80:7a:66:5c:76:54:65:4b:60:dd:2e:37: 1a:94:93:7f:2b:bc:53:ad:4f:89:64:03:b5:02:2a:ff: 39:fc:9c:a0:e9:80:b2:06:71:01:c4:c2:9f:f2:a1:d0 Fingerprint (SHA-256): A6:F6:2D:47:88:B4:CB:B3:18:F8:BB:51:75:FF:D7:AA:09:D6:99:9B:CC:AB:8C:D1:C1:FA:5A:EE:CC:08:36:DD Fingerprint (SHA1): 8E:01:1B:95:5A:E2:60:A6:6A:B2:97:25:C8:A7:0A:CF:0C:9D:19:54 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5967: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5968: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025555 (0x1eefb393) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:26 2015 Not After : Tue May 19 06:59:26 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:d9:7c:3f:c8:b5:c1:1e:b9:fa:79:cd:36:4e:fe:ae: 4d:c8:71:0a:bc:59:0e:94:d1:29:d8:3f:1b:89:e5:32: da:7c:1e:cd:d1:2b:06:a5:a3:0f:5c:5e:2a:92:18:ce: 47:3d:da:3a:17:37:bf:88:d5:85:4a:19:0e:49:c3:3b: 1e:6f:40:b9:fe:0e:01:1d:60:3a:40:03:8d:95:5b:38: 32:88:99:17:88:e0:58:2e:d9:e5:c1:b9:b6:9c:53:63: b0:0d:a0:52:9f:b8:09:86:e8:78:d4:08:32:55:e0:f9: 64:8d:d1:e9:8a:1f:aa:be:b1:f9:5f:23:0b:20:4e:99 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:f3:11:89:12:da:51:b6:bb:61:98:66:5b:1c:4f:88: ca:de:73:92:c3:2c:52:c1:68:4f:b1:b3:f9:88:f6:0d: fa:58:73:c2:ab:4d:62:27:37:ca:1e:e4:e4:9f:d8:a1: fd:22:a8:69:53:2b:96:4f:5c:f1:3a:85:cc:14:9c:27: 82:84:e5:24:dc:00:48:21:a4:f4:0f:30:88:bd:35:63: 34:27:68:49:2f:ea:a3:10:9f:92:9e:00:af:44:3e:72: bf:73:ca:94:44:c6:9f:5a:0c:59:f1:cb:d0:2b:b8:b4: 7c:b8:f1:0e:a2:7e:8e:81:ae:0b:3c:fb:c7:a1:fb:f9 Fingerprint (SHA-256): 3C:CC:61:15:0E:87:7F:29:64:79:44:F3:19:83:A2:AF:63:FF:3F:16:BE:44:DA:9C:C6:E4:1B:16:70:66:0C:70 Fingerprint (SHA1): E7:C4:90:3C:87:2E:31:49:FD:3A:BA:92:C7:56:B0:92:C2:A0:2F:8A Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #5969: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5970: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #5971: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #5972: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #5973: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025553 (0x1eefb391) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:18 2015 Not After : Tue May 19 06:59:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:84:86:09:00:27:83:cc:06:fb:66:71:cd:72:bf:75: ae:84:b1:c3:d4:eb:d1:e9:af:51:8e:96:37:8d:53:ca: 5a:75:fe:fc:27:4a:6e:d7:84:9f:51:a7:50:c1:33:7f: fa:5b:0d:9c:83:b6:da:9f:bf:5d:61:8e:d4:22:17:79: 8e:9b:ca:92:0a:ba:ae:7b:29:b5:26:19:42:a7:4f:fe: 7f:2a:cc:2f:fc:23:5c:4d:59:5a:e9:cb:9e:6e:4c:6d: 9e:0e:a3:f7:0c:bd:7a:71:f1:54:ce:79:0b:18:43:c3: 71:b2:59:36:cc:97:15:65:c3:fc:4c:0c:03:18:05:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:af:c4:97:ad:51:8e:fa:f3:eb:29:54:1b:e3:f3:a2: 7e:66:a2:08:9d:d4:2f:86:8a:0b:c1:62:7f:13:38:69: e6:46:42:b4:b8:8d:e0:1b:82:0c:e2:81:f6:ec:c7:72: 60:9b:1d:a5:65:63:7d:53:3f:cf:00:a2:a2:08:22:cc: a7:3a:44:99:ce:29:92:54:db:77:28:f4:31:88:63:f0: 84:f9:55:25:c4:f4:ff:b3:5f:de:28:2b:b2:af:2a:99: 22:a0:2d:2f:74:4f:6f:79:ce:5c:75:c9:95:f5:11:39: cb:a7:7b:45:ce:b8:47:33:82:30:8f:e1:fc:26:c2:61 Fingerprint (SHA-256): 02:EC:61:1F:31:00:51:7F:5E:31:7A:CA:4E:22:F1:A4:8D:E0:0C:A6:3F:22:C5:F0:11:B7:5B:56:14:3A:56:89 Fingerprint (SHA1): DE:B3:5B:34:89:C5:57:7D:2F:1D:1C:1C:67:A1:96:45:79:2E:B4:87 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5974: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5975: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025554 (0x1eefb392) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:22 2015 Not After : Tue May 19 06:59:22 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:9f:e9:5e:7f:a8:ee:b0:cb:cc:57:a3:66:da:64:a6: b9:37:77:1a:09:aa:6e:cd:ec:fd:5f:70:f3:8a:58:fb: f0:de:63:bc:b2:c9:2b:4f:f5:de:f1:ae:67:17:12:51: a4:b1:1e:23:c5:b7:65:ac:44:0e:3a:dc:da:9a:04:6f: cf:ee:44:6b:de:b8:21:17:1c:ec:88:62:a4:20:b0:f0: a3:fe:a2:05:4e:ae:39:41:b2:b4:46:e7:9f:6c:5d:40: 4b:f0:47:a7:99:7e:b1:cd:0a:28:20:91:49:00:5b:5c: 7d:7b:4b:1e:c4:b8:d0:07:99:18:7d:53:c4:e8:81:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:6d:4a:94:3f:ee:4e:75:71:61:ae:e9:05:3a:88:ea: 26:10:61:90:b0:07:7a:07:14:da:f6:ed:5a:d1:c6:e9: 9f:8c:c4:ba:90:c8:ec:ec:8a:48:ab:15:b8:f8:ba:1f: 01:8b:e8:10:f3:d7:06:e1:4f:b1:09:1b:05:2c:8e:37: e3:37:a4:c0:8c:91:53:d4:99:a9:ca:7f:c0:e5:3e:10: 68:45:c9:71:80:7a:66:5c:76:54:65:4b:60:dd:2e:37: 1a:94:93:7f:2b:bc:53:ad:4f:89:64:03:b5:02:2a:ff: 39:fc:9c:a0:e9:80:b2:06:71:01:c4:c2:9f:f2:a1:d0 Fingerprint (SHA-256): A6:F6:2D:47:88:B4:CB:B3:18:F8:BB:51:75:FF:D7:AA:09:D6:99:9B:CC:AB:8C:D1:C1:FA:5A:EE:CC:08:36:DD Fingerprint (SHA1): 8E:01:1B:95:5A:E2:60:A6:6A:B2:97:25:C8:A7:0A:CF:0C:9D:19:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5976: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5977: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025555 (0x1eefb393) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:26 2015 Not After : Tue May 19 06:59:26 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:d9:7c:3f:c8:b5:c1:1e:b9:fa:79:cd:36:4e:fe:ae: 4d:c8:71:0a:bc:59:0e:94:d1:29:d8:3f:1b:89:e5:32: da:7c:1e:cd:d1:2b:06:a5:a3:0f:5c:5e:2a:92:18:ce: 47:3d:da:3a:17:37:bf:88:d5:85:4a:19:0e:49:c3:3b: 1e:6f:40:b9:fe:0e:01:1d:60:3a:40:03:8d:95:5b:38: 32:88:99:17:88:e0:58:2e:d9:e5:c1:b9:b6:9c:53:63: b0:0d:a0:52:9f:b8:09:86:e8:78:d4:08:32:55:e0:f9: 64:8d:d1:e9:8a:1f:aa:be:b1:f9:5f:23:0b:20:4e:99 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:f3:11:89:12:da:51:b6:bb:61:98:66:5b:1c:4f:88: ca:de:73:92:c3:2c:52:c1:68:4f:b1:b3:f9:88:f6:0d: fa:58:73:c2:ab:4d:62:27:37:ca:1e:e4:e4:9f:d8:a1: fd:22:a8:69:53:2b:96:4f:5c:f1:3a:85:cc:14:9c:27: 82:84:e5:24:dc:00:48:21:a4:f4:0f:30:88:bd:35:63: 34:27:68:49:2f:ea:a3:10:9f:92:9e:00:af:44:3e:72: bf:73:ca:94:44:c6:9f:5a:0c:59:f1:cb:d0:2b:b8:b4: 7c:b8:f1:0e:a2:7e:8e:81:ae:0b:3c:fb:c7:a1:fb:f9 Fingerprint (SHA-256): 3C:CC:61:15:0E:87:7F:29:64:79:44:F3:19:83:A2:AF:63:FF:3F:16:BE:44:DA:9C:C6:E4:1B:16:70:66:0C:70 Fingerprint (SHA1): E7:C4:90:3C:87:2E:31:49:FD:3A:BA:92:C7:56:B0:92:C2:A0:2F:8A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #5978: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #5979: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025553 (0x1eefb391) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:18 2015 Not After : Tue May 19 06:59:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:84:86:09:00:27:83:cc:06:fb:66:71:cd:72:bf:75: ae:84:b1:c3:d4:eb:d1:e9:af:51:8e:96:37:8d:53:ca: 5a:75:fe:fc:27:4a:6e:d7:84:9f:51:a7:50:c1:33:7f: fa:5b:0d:9c:83:b6:da:9f:bf:5d:61:8e:d4:22:17:79: 8e:9b:ca:92:0a:ba:ae:7b:29:b5:26:19:42:a7:4f:fe: 7f:2a:cc:2f:fc:23:5c:4d:59:5a:e9:cb:9e:6e:4c:6d: 9e:0e:a3:f7:0c:bd:7a:71:f1:54:ce:79:0b:18:43:c3: 71:b2:59:36:cc:97:15:65:c3:fc:4c:0c:03:18:05:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:af:c4:97:ad:51:8e:fa:f3:eb:29:54:1b:e3:f3:a2: 7e:66:a2:08:9d:d4:2f:86:8a:0b:c1:62:7f:13:38:69: e6:46:42:b4:b8:8d:e0:1b:82:0c:e2:81:f6:ec:c7:72: 60:9b:1d:a5:65:63:7d:53:3f:cf:00:a2:a2:08:22:cc: a7:3a:44:99:ce:29:92:54:db:77:28:f4:31:88:63:f0: 84:f9:55:25:c4:f4:ff:b3:5f:de:28:2b:b2:af:2a:99: 22:a0:2d:2f:74:4f:6f:79:ce:5c:75:c9:95:f5:11:39: cb:a7:7b:45:ce:b8:47:33:82:30:8f:e1:fc:26:c2:61 Fingerprint (SHA-256): 02:EC:61:1F:31:00:51:7F:5E:31:7A:CA:4E:22:F1:A4:8D:E0:0C:A6:3F:22:C5:F0:11:B7:5B:56:14:3A:56:89 Fingerprint (SHA1): DE:B3:5B:34:89:C5:57:7D:2F:1D:1C:1C:67:A1:96:45:79:2E:B4:87 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5980: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025553 (0x1eefb391) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:18 2015 Not After : Tue May 19 06:59:18 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a8:84:86:09:00:27:83:cc:06:fb:66:71:cd:72:bf:75: ae:84:b1:c3:d4:eb:d1:e9:af:51:8e:96:37:8d:53:ca: 5a:75:fe:fc:27:4a:6e:d7:84:9f:51:a7:50:c1:33:7f: fa:5b:0d:9c:83:b6:da:9f:bf:5d:61:8e:d4:22:17:79: 8e:9b:ca:92:0a:ba:ae:7b:29:b5:26:19:42:a7:4f:fe: 7f:2a:cc:2f:fc:23:5c:4d:59:5a:e9:cb:9e:6e:4c:6d: 9e:0e:a3:f7:0c:bd:7a:71:f1:54:ce:79:0b:18:43:c3: 71:b2:59:36:cc:97:15:65:c3:fc:4c:0c:03:18:05:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 86:af:c4:97:ad:51:8e:fa:f3:eb:29:54:1b:e3:f3:a2: 7e:66:a2:08:9d:d4:2f:86:8a:0b:c1:62:7f:13:38:69: e6:46:42:b4:b8:8d:e0:1b:82:0c:e2:81:f6:ec:c7:72: 60:9b:1d:a5:65:63:7d:53:3f:cf:00:a2:a2:08:22:cc: a7:3a:44:99:ce:29:92:54:db:77:28:f4:31:88:63:f0: 84:f9:55:25:c4:f4:ff:b3:5f:de:28:2b:b2:af:2a:99: 22:a0:2d:2f:74:4f:6f:79:ce:5c:75:c9:95:f5:11:39: cb:a7:7b:45:ce:b8:47:33:82:30:8f:e1:fc:26:c2:61 Fingerprint (SHA-256): 02:EC:61:1F:31:00:51:7F:5E:31:7A:CA:4E:22:F1:A4:8D:E0:0C:A6:3F:22:C5:F0:11:B7:5B:56:14:3A:56:89 Fingerprint (SHA1): DE:B3:5B:34:89:C5:57:7D:2F:1D:1C:1C:67:A1:96:45:79:2E:B4:87 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #5981: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025554 (0x1eefb392) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:22 2015 Not After : Tue May 19 06:59:22 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:9f:e9:5e:7f:a8:ee:b0:cb:cc:57:a3:66:da:64:a6: b9:37:77:1a:09:aa:6e:cd:ec:fd:5f:70:f3:8a:58:fb: f0:de:63:bc:b2:c9:2b:4f:f5:de:f1:ae:67:17:12:51: a4:b1:1e:23:c5:b7:65:ac:44:0e:3a:dc:da:9a:04:6f: cf:ee:44:6b:de:b8:21:17:1c:ec:88:62:a4:20:b0:f0: a3:fe:a2:05:4e:ae:39:41:b2:b4:46:e7:9f:6c:5d:40: 4b:f0:47:a7:99:7e:b1:cd:0a:28:20:91:49:00:5b:5c: 7d:7b:4b:1e:c4:b8:d0:07:99:18:7d:53:c4:e8:81:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:6d:4a:94:3f:ee:4e:75:71:61:ae:e9:05:3a:88:ea: 26:10:61:90:b0:07:7a:07:14:da:f6:ed:5a:d1:c6:e9: 9f:8c:c4:ba:90:c8:ec:ec:8a:48:ab:15:b8:f8:ba:1f: 01:8b:e8:10:f3:d7:06:e1:4f:b1:09:1b:05:2c:8e:37: e3:37:a4:c0:8c:91:53:d4:99:a9:ca:7f:c0:e5:3e:10: 68:45:c9:71:80:7a:66:5c:76:54:65:4b:60:dd:2e:37: 1a:94:93:7f:2b:bc:53:ad:4f:89:64:03:b5:02:2a:ff: 39:fc:9c:a0:e9:80:b2:06:71:01:c4:c2:9f:f2:a1:d0 Fingerprint (SHA-256): A6:F6:2D:47:88:B4:CB:B3:18:F8:BB:51:75:FF:D7:AA:09:D6:99:9B:CC:AB:8C:D1:C1:FA:5A:EE:CC:08:36:DD Fingerprint (SHA1): 8E:01:1B:95:5A:E2:60:A6:6A:B2:97:25:C8:A7:0A:CF:0C:9D:19:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5982: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025554 (0x1eefb392) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 06:59:22 2015 Not After : Tue May 19 06:59:22 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9c:9f:e9:5e:7f:a8:ee:b0:cb:cc:57:a3:66:da:64:a6: b9:37:77:1a:09:aa:6e:cd:ec:fd:5f:70:f3:8a:58:fb: f0:de:63:bc:b2:c9:2b:4f:f5:de:f1:ae:67:17:12:51: a4:b1:1e:23:c5:b7:65:ac:44:0e:3a:dc:da:9a:04:6f: cf:ee:44:6b:de:b8:21:17:1c:ec:88:62:a4:20:b0:f0: a3:fe:a2:05:4e:ae:39:41:b2:b4:46:e7:9f:6c:5d:40: 4b:f0:47:a7:99:7e:b1:cd:0a:28:20:91:49:00:5b:5c: 7d:7b:4b:1e:c4:b8:d0:07:99:18:7d:53:c4:e8:81:43 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: a1:6d:4a:94:3f:ee:4e:75:71:61:ae:e9:05:3a:88:ea: 26:10:61:90:b0:07:7a:07:14:da:f6:ed:5a:d1:c6:e9: 9f:8c:c4:ba:90:c8:ec:ec:8a:48:ab:15:b8:f8:ba:1f: 01:8b:e8:10:f3:d7:06:e1:4f:b1:09:1b:05:2c:8e:37: e3:37:a4:c0:8c:91:53:d4:99:a9:ca:7f:c0:e5:3e:10: 68:45:c9:71:80:7a:66:5c:76:54:65:4b:60:dd:2e:37: 1a:94:93:7f:2b:bc:53:ad:4f:89:64:03:b5:02:2a:ff: 39:fc:9c:a0:e9:80:b2:06:71:01:c4:c2:9f:f2:a1:d0 Fingerprint (SHA-256): A6:F6:2D:47:88:B4:CB:B3:18:F8:BB:51:75:FF:D7:AA:09:D6:99:9B:CC:AB:8C:D1:C1:FA:5A:EE:CC:08:36:DD Fingerprint (SHA1): 8E:01:1B:95:5A:E2:60:A6:6A:B2:97:25:C8:A7:0A:CF:0C:9D:19:54 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #5983: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025555 (0x1eefb393) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:26 2015 Not After : Tue May 19 06:59:26 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:d9:7c:3f:c8:b5:c1:1e:b9:fa:79:cd:36:4e:fe:ae: 4d:c8:71:0a:bc:59:0e:94:d1:29:d8:3f:1b:89:e5:32: da:7c:1e:cd:d1:2b:06:a5:a3:0f:5c:5e:2a:92:18:ce: 47:3d:da:3a:17:37:bf:88:d5:85:4a:19:0e:49:c3:3b: 1e:6f:40:b9:fe:0e:01:1d:60:3a:40:03:8d:95:5b:38: 32:88:99:17:88:e0:58:2e:d9:e5:c1:b9:b6:9c:53:63: b0:0d:a0:52:9f:b8:09:86:e8:78:d4:08:32:55:e0:f9: 64:8d:d1:e9:8a:1f:aa:be:b1:f9:5f:23:0b:20:4e:99 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:f3:11:89:12:da:51:b6:bb:61:98:66:5b:1c:4f:88: ca:de:73:92:c3:2c:52:c1:68:4f:b1:b3:f9:88:f6:0d: fa:58:73:c2:ab:4d:62:27:37:ca:1e:e4:e4:9f:d8:a1: fd:22:a8:69:53:2b:96:4f:5c:f1:3a:85:cc:14:9c:27: 82:84:e5:24:dc:00:48:21:a4:f4:0f:30:88:bd:35:63: 34:27:68:49:2f:ea:a3:10:9f:92:9e:00:af:44:3e:72: bf:73:ca:94:44:c6:9f:5a:0c:59:f1:cb:d0:2b:b8:b4: 7c:b8:f1:0e:a2:7e:8e:81:ae:0b:3c:fb:c7:a1:fb:f9 Fingerprint (SHA-256): 3C:CC:61:15:0E:87:7F:29:64:79:44:F3:19:83:A2:AF:63:FF:3F:16:BE:44:DA:9C:C6:E4:1B:16:70:66:0C:70 Fingerprint (SHA1): E7:C4:90:3C:87:2E:31:49:FD:3A:BA:92:C7:56:B0:92:C2:A0:2F:8A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #5984: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025555 (0x1eefb393) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 06:59:26 2015 Not After : Tue May 19 06:59:26 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:d9:7c:3f:c8:b5:c1:1e:b9:fa:79:cd:36:4e:fe:ae: 4d:c8:71:0a:bc:59:0e:94:d1:29:d8:3f:1b:89:e5:32: da:7c:1e:cd:d1:2b:06:a5:a3:0f:5c:5e:2a:92:18:ce: 47:3d:da:3a:17:37:bf:88:d5:85:4a:19:0e:49:c3:3b: 1e:6f:40:b9:fe:0e:01:1d:60:3a:40:03:8d:95:5b:38: 32:88:99:17:88:e0:58:2e:d9:e5:c1:b9:b6:9c:53:63: b0:0d:a0:52:9f:b8:09:86:e8:78:d4:08:32:55:e0:f9: 64:8d:d1:e9:8a:1f:aa:be:b1:f9:5f:23:0b:20:4e:99 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:f3:11:89:12:da:51:b6:bb:61:98:66:5b:1c:4f:88: ca:de:73:92:c3:2c:52:c1:68:4f:b1:b3:f9:88:f6:0d: fa:58:73:c2:ab:4d:62:27:37:ca:1e:e4:e4:9f:d8:a1: fd:22:a8:69:53:2b:96:4f:5c:f1:3a:85:cc:14:9c:27: 82:84:e5:24:dc:00:48:21:a4:f4:0f:30:88:bd:35:63: 34:27:68:49:2f:ea:a3:10:9f:92:9e:00:af:44:3e:72: bf:73:ca:94:44:c6:9f:5a:0c:59:f1:cb:d0:2b:b8:b4: 7c:b8:f1:0e:a2:7e:8e:81:ae:0b:3c:fb:c7:a1:fb:f9 Fingerprint (SHA-256): 3C:CC:61:15:0E:87:7F:29:64:79:44:F3:19:83:A2:AF:63:FF:3F:16:BE:44:DA:9C:C6:E4:1B:16:70:66:0C:70 Fingerprint (SHA1): E7:C4:90:3C:87:2E:31:49:FD:3A:BA:92:C7:56:B0:92:C2:A0:2F:8A Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #5985: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #5986: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025558 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #5987: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #5988: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #5989: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5990: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025559 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5991: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5992: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #5993: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5994: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025560 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #5995: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #5996: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #5997: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #5998: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519025561 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #5999: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6000: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6001: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6002: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519025562 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6003: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6004: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6005: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6006: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519025563 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6007: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6008: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #6009: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6010: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519025564 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6011: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6012: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6013: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #6014: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #6015: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6016: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #6017: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025558 (0x1eefb396) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:59:52 2015 Not After : Tue May 19 06:59:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:79:1d:e0:6b:0b:9a:84:56:19:3a:5f:83:f3:c6:55: bc:f0:b2:6a:76:98:01:71:bf:ca:59:94:a5:42:71:23: a1:b6:85:d7:08:4b:3b:6b:09:3e:06:03:bc:04:47:fc: cf:65:84:2f:c0:a1:15:55:d0:ba:07:99:db:17:be:97: 92:b9:89:f8:9d:d3:ad:56:f5:f0:32:3a:33:b9:10:f6: 9b:4e:c7:bc:06:67:ac:91:ea:42:f1:03:3a:08:c0:5e: 23:69:ca:ee:7e:de:5b:0c:7a:80:17:79:68:7d:1a:87: e1:dd:53:5c:7d:ad:5f:2e:62:6b:59:17:95:24:38:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:da:cb:48:86:5e:85:f6:29:fe:e7:ce:71:2d:07:71: ec:6f:df:96:ba:5b:88:62:6d:b3:e7:41:88:c2:38:1c: cb:31:65:92:0f:d0:eb:86:f0:03:96:31:fd:11:c6:a0: 31:75:5d:78:0d:fb:1a:a0:40:9d:64:26:2c:37:2e:c8: 20:03:05:9b:3b:4c:99:79:1d:2c:f6:83:00:7d:c1:f8: 93:8a:15:37:5d:69:1b:79:ea:37:b5:8a:75:8c:76:8b: ca:ed:be:42:f4:73:73:20:7f:51:51:e9:c5:ec:f7:06: 93:95:21:c7:4f:d8:5a:1a:6e:e3:62:b2:d9:d4:54:8c Fingerprint (SHA-256): C5:4E:C2:3F:B7:93:E0:F0:D6:B0:AD:60:A6:DF:C6:31:82:AA:AE:0D:8A:F1:FB:29:20:45:26:8C:2C:6F:B6:68 Fingerprint (SHA1): 75:3D:79:70:FA:3C:6E:C8:F4:CA:FB:5F:E2:51:CE:95:4C:DC:56:9B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6018: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6019: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6020: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6021: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025558 (0x1eefb396) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 06:59:52 2015 Not After : Tue May 19 06:59:52 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:79:1d:e0:6b:0b:9a:84:56:19:3a:5f:83:f3:c6:55: bc:f0:b2:6a:76:98:01:71:bf:ca:59:94:a5:42:71:23: a1:b6:85:d7:08:4b:3b:6b:09:3e:06:03:bc:04:47:fc: cf:65:84:2f:c0:a1:15:55:d0:ba:07:99:db:17:be:97: 92:b9:89:f8:9d:d3:ad:56:f5:f0:32:3a:33:b9:10:f6: 9b:4e:c7:bc:06:67:ac:91:ea:42:f1:03:3a:08:c0:5e: 23:69:ca:ee:7e:de:5b:0c:7a:80:17:79:68:7d:1a:87: e1:dd:53:5c:7d:ad:5f:2e:62:6b:59:17:95:24:38:d1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:da:cb:48:86:5e:85:f6:29:fe:e7:ce:71:2d:07:71: ec:6f:df:96:ba:5b:88:62:6d:b3:e7:41:88:c2:38:1c: cb:31:65:92:0f:d0:eb:86:f0:03:96:31:fd:11:c6:a0: 31:75:5d:78:0d:fb:1a:a0:40:9d:64:26:2c:37:2e:c8: 20:03:05:9b:3b:4c:99:79:1d:2c:f6:83:00:7d:c1:f8: 93:8a:15:37:5d:69:1b:79:ea:37:b5:8a:75:8c:76:8b: ca:ed:be:42:f4:73:73:20:7f:51:51:e9:c5:ec:f7:06: 93:95:21:c7:4f:d8:5a:1a:6e:e3:62:b2:d9:d4:54:8c Fingerprint (SHA-256): C5:4E:C2:3F:B7:93:E0:F0:D6:B0:AD:60:A6:DF:C6:31:82:AA:AE:0D:8A:F1:FB:29:20:45:26:8C:2C:6F:B6:68 Fingerprint (SHA1): 75:3D:79:70:FA:3C:6E:C8:F4:CA:FB:5F:E2:51:CE:95:4C:DC:56:9B Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6022: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6023: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6024: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025565 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6025: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6026: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6027: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6028: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025566 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6029: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6030: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #6031: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6032: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519025567 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6033: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6034: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #6035: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6036: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519025568 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6037: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6038: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6039: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6040: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519025569 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6041: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6042: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #6043: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6044: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519025570 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6045: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6046: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #6047: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6048: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519025571 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6049: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6050: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6051: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6052: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519025572 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6053: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6054: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #6055: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6056: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519025573 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6057: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6058: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #6059: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6060: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519025574 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6061: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6062: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6063: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6064: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519025575 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6065: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6066: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #6067: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6068: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519025576 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6069: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6070: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #6071: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6072: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519025577 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6073: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6074: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6075: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6076: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519025578 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6077: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6078: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #6079: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6080: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519025579 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6081: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6082: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #6083: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6084: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519025580 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6085: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6086: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #6087: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6088: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519025581 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6089: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6090: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #6091: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6092: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519025582 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6093: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6094: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #6095: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6096: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519025583 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6097: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6098: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #6099: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6100: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519025584 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6101: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6102: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #6103: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6104: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519025585 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6105: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6106: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #6107: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6108: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519025586 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6109: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6110: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #6111: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6112: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519025587 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6113: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6114: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #6115: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6116: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519025588 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6117: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6118: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #6119: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6120: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519025589 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6121: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6122: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #6123: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6124: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519025590 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6125: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6126: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #6127: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6128: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519025591 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6129: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6130: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #6131: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6132: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519025592 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6133: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6134: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #6135: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6136: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519025593 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6137: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6138: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #6139: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6140: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519025594 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6141: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6142: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6143: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6144: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6145: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6146: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6147: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6148: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6149: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6150: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6151: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6152: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6153: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6154: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6155: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6156: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6157: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6158: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6159: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6160: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6161: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6162: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6163: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6164: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6165: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025565 (0x1eefb39d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:00:29 2015 Not After : Tue May 19 07:00:29 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b3:81:ba:fc:9b:a6:5f:f3:4f:db:38:26:43:e8:88:4b: 1a:35:e1:d3:b6:cc:3e:68:70:0d:e3:d4:b2:ed:73:cc: 8c:76:27:54:9d:9e:5b:b4:56:4f:c6:fb:0e:f7:0d:f7: 8d:05:dc:e4:77:b8:6a:7c:be:21:6a:58:cd:dd:55:53: fd:00:ad:78:9f:70:1a:b9:2e:e3:8c:db:0f:da:e4:11: 95:52:ca:c6:de:4d:79:ea:f3:fd:f0:96:64:11:19:2e: cf:fd:87:a9:a1:d6:7d:af:ab:7e:95:09:49:29:90:93: 28:33:e3:1d:8d:bb:e9:6c:65:47:35:c9:db:94:50:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8c:3c:71:9f:9b:0c:e8:b0:f0:2a:95:df:1c:df:cb:be: 8c:3c:aa:c7:14:94:30:a6:38:79:a4:05:7f:4a:25:28: e0:c4:ae:e5:36:18:5c:1c:7a:f6:61:bd:4a:27:61:b9: 60:de:1b:e7:cf:2c:2a:8d:94:14:92:41:9b:50:74:97: b0:0f:54:a9:01:98:35:28:1f:78:31:b4:7d:4d:06:83: c7:01:27:75:0c:0a:db:65:c9:ab:ed:05:37:ff:9f:ac: 67:3d:4b:70:5d:80:d3:31:81:59:29:9d:9f:46:fc:a7: a9:a0:d2:51:33:69:62:5d:28:22:44:78:8a:58:9b:86 Fingerprint (SHA-256): 5F:09:6E:A4:25:8C:CA:DB:31:BB:A7:18:C5:96:B8:E9:35:DC:E5:6C:7C:6A:1D:A0:74:78:CD:D5:A2:8E:D9:9A Fingerprint (SHA1): 19:A4:5F:46:AE:FF:B4:54:D0:4A:F2:43:E7:CD:EE:F8:2F:0F:12:73 Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6166: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6167: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6168: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025595 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6169: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6170: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #6171: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6172: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519025596 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6173: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6174: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #6175: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6176: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519025597 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6177: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6178: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #6179: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6180: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519025598 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6181: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6182: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #6183: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6184: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519025599 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6185: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6186: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #6187: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6188: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519025600 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6189: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6190: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #6191: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6192: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519025601 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6193: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6194: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6195: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025595 (0x1eefb3bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:02:41 2015 Not After : Tue May 19 07:02:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:4d:37:23:c2:36:57:d6:e4:2c:b5:a9:6a:7c:1c:2e: f6:07:2b:3c:e9:b2:3b:15:76:d0:c7:eb:4c:44:97:33: 7c:0b:8d:ac:bb:34:fc:36:a0:dc:66:e2:10:79:00:4f: 5f:2e:da:fe:96:7d:4c:33:9d:77:c4:89:5b:f9:2b:db: dc:c8:63:e4:d1:7a:87:1b:76:78:1e:8e:5f:04:62:e9: f5:b0:77:02:50:59:b5:14:27:30:d7:b5:53:8c:c8:5e: a5:f6:7c:0a:c6:22:e7:7c:b2:14:37:63:e1:ef:23:ac: f1:45:fb:fc:23:9a:92:51:45:74:e1:dd:10:3a:71:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 54:5f:c9:1d:e0:42:46:cf:68:b2:60:94:27:a0:01:7f: a4:81:6e:9e:51:13:2e:ac:87:f1:cd:5c:9a:d2:bc:45: a4:f1:99:1c:6d:f6:53:1c:0d:b7:31:dd:3a:c2:78:5d: 72:d3:e9:c2:e4:b4:84:6c:01:9f:75:c9:b9:2c:77:82: 7b:b8:c3:a9:35:cb:d1:7a:6d:51:17:7b:18:a0:a8:5e: 9b:67:43:22:5c:76:d0:8c:f9:04:20:74:e8:70:9d:ad: 0f:77:bb:9c:49:72:96:6b:0e:52:85:1b:4f:da:24:68: 2a:2a:de:9e:81:b4:97:23:d0:a3:f7:62:6e:43:4f:35 Fingerprint (SHA-256): BD:CD:FD:27:92:38:53:50:79:EE:9D:DC:B3:6C:C5:E7:41:DF:74:1B:18:26:6E:96:E9:2D:63:8F:34:1E:72:32 Fingerprint (SHA1): A5:66:5E:52:DD:6E:CF:DB:BE:98:52:FA:97:21:74:E4:80:BC:77:EA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #6196: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6197: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6198: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6199: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025595 (0x1eefb3bb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:02:41 2015 Not After : Tue May 19 07:02:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ae:4d:37:23:c2:36:57:d6:e4:2c:b5:a9:6a:7c:1c:2e: f6:07:2b:3c:e9:b2:3b:15:76:d0:c7:eb:4c:44:97:33: 7c:0b:8d:ac:bb:34:fc:36:a0:dc:66:e2:10:79:00:4f: 5f:2e:da:fe:96:7d:4c:33:9d:77:c4:89:5b:f9:2b:db: dc:c8:63:e4:d1:7a:87:1b:76:78:1e:8e:5f:04:62:e9: f5:b0:77:02:50:59:b5:14:27:30:d7:b5:53:8c:c8:5e: a5:f6:7c:0a:c6:22:e7:7c:b2:14:37:63:e1:ef:23:ac: f1:45:fb:fc:23:9a:92:51:45:74:e1:dd:10:3a:71:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 54:5f:c9:1d:e0:42:46:cf:68:b2:60:94:27:a0:01:7f: a4:81:6e:9e:51:13:2e:ac:87:f1:cd:5c:9a:d2:bc:45: a4:f1:99:1c:6d:f6:53:1c:0d:b7:31:dd:3a:c2:78:5d: 72:d3:e9:c2:e4:b4:84:6c:01:9f:75:c9:b9:2c:77:82: 7b:b8:c3:a9:35:cb:d1:7a:6d:51:17:7b:18:a0:a8:5e: 9b:67:43:22:5c:76:d0:8c:f9:04:20:74:e8:70:9d:ad: 0f:77:bb:9c:49:72:96:6b:0e:52:85:1b:4f:da:24:68: 2a:2a:de:9e:81:b4:97:23:d0:a3:f7:62:6e:43:4f:35 Fingerprint (SHA-256): BD:CD:FD:27:92:38:53:50:79:EE:9D:DC:B3:6C:C5:E7:41:DF:74:1B:18:26:6E:96:E9:2D:63:8F:34:1E:72:32 Fingerprint (SHA1): A5:66:5E:52:DD:6E:CF:DB:BE:98:52:FA:97:21:74:E4:80:BC:77:EA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #6200: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6201: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6202: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6203: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025602 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6204: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6205: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6206: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6207: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025603 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6208: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6209: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6210: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6211: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025604 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6212: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6213: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6214: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6215: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025605 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6216: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6217: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6218: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6219: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6220: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6221: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025602 (0x1eefb3c2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:03:11 2015 Not After : Tue May 19 07:03:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: de:cf:dd:14:cc:01:71:f7:97:bd:30:19:9b:2e:53:a2: d7:c3:45:ab:1a:2b:d5:b4:5d:72:2f:a3:4f:df:e5:13: dd:b0:e3:d2:10:15:cd:bb:5e:ef:ae:e4:cc:80:a7:63: 4d:79:e9:26:f0:fd:82:31:2f:f9:cf:5e:ed:0c:f7:0a: 3a:1c:dc:32:00:21:d3:8c:1d:c4:fc:9f:43:bc:ca:ec: d6:98:d1:ca:81:6d:76:1b:b0:be:44:ce:fb:b2:ab:f3: 17:30:8f:8a:2c:44:7e:26:c4:f4:27:f6:2f:5d:13:ba: c9:f9:b0:dd:5f:7d:a7:75:77:4a:34:a8:2e:cf:66:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8b:31:dd:01:f9:8c:b4:ae:b5:f1:d6:3a:56:e3:22:cd: b6:84:b2:9a:b2:ab:a0:74:f0:42:e6:f5:ca:57:dc:50: fe:a9:09:82:c6:fe:04:5a:58:f5:cf:e5:6a:c0:6f:16: 1b:27:eb:d8:a9:3d:88:b3:8d:dd:e9:ba:57:dc:0a:6f: 19:79:fa:4b:91:30:29:73:eb:b6:12:44:b1:ce:5e:e0: 3b:5b:66:f1:d3:9c:28:d3:ef:86:af:63:34:3d:45:65: ac:06:2f:3e:c5:6f:27:72:75:5b:cd:ba:58:6b:2c:9d: 31:ee:fc:33:d9:be:91:1e:15:ef:2d:19:4e:27:26:ee Fingerprint (SHA-256): AD:C4:FC:60:04:8D:CF:BD:15:59:E5:98:BA:6A:A2:1E:51:58:E3:4E:56:C4:1B:6B:70:F1:A8:9F:45:A3:39:FD Fingerprint (SHA1): B9:B7:BA:A9:B3:30:22:33:11:3D:2C:33:73:EF:89:CC:24:C3:D0:41 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6222: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6223: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6224: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025603 (0x1eefb3c3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:03:15 2015 Not After : Tue May 19 07:03:15 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:13:05:77:21:c6:4b:c5:2e:cb:86:5a:25:89:9a:d4: 2c:74:93:f7:90:c2:03:57:8b:81:6a:85:da:08:75:e3: 50:04:dd:1a:8c:23:22:5f:f8:97:21:de:7c:09:cd:07: 8e:c9:a3:f5:4f:24:35:0f:ea:f5:08:25:08:80:0f:97: 3c:93:5b:12:5b:16:81:25:6d:fd:a8:9d:e8:ad:48:67: 4d:77:7d:0f:67:ec:9f:92:a9:5d:72:cc:88:72:5e:70: 0a:03:94:73:a4:99:10:75:5e:b9:90:fc:a8:1d:17:78: 11:c6:3b:f8:a1:97:a7:e7:85:c6:a7:c6:79:b7:87:05 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 33:35:65:4a:87:be:cf:9f:4b:2f:d9:a6:99:db:81:3d: 9c:ab:bf:46:7b:34:4a:75:8f:5a:0e:21:13:24:99:6e: 71:12:34:c3:ef:55:ee:f7:c4:7d:b2:c0:5b:6f:a9:c1: ac:67:93:a3:74:e7:7a:e0:3c:cc:e7:8b:db:41:f2:e0: 83:40:d1:9a:d9:06:a5:4c:66:1d:f5:09:ab:0c:b8:10: 73:5f:8d:b5:88:aa:86:6b:13:be:b8:eb:3e:45:ec:47: 83:f6:82:08:77:ec:ad:f4:f2:af:a7:c4:b1:1b:d8:61: d0:41:15:2e:5a:ed:bc:52:01:f1:80:66:85:0b:7e:3a Fingerprint (SHA-256): 44:40:38:F2:6B:24:5C:62:A2:99:4C:28:24:A4:9A:A7:E9:BA:4A:6F:1E:99:E4:FE:1B:EE:0C:EF:A4:DF:03:19 Fingerprint (SHA1): B3:38:1C:B0:2C:65:B2:51:62:75:39:EA:7E:AF:23:21:EA:7D:41:02 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6225: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6226: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025604 (0x1eefb3c4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:03:19 2015 Not After : Tue May 19 07:03:19 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d7:b0:48:63:7b:1e:f6:b0:4b:7b:69:eb:96:37:44:dd: d3:0f:2b:e1:0b:6f:07:cc:05:11:f6:b5:41:cc:60:85: b7:6c:4d:35:ed:b5:36:5c:1f:59:0a:80:16:ad:86:bf: fc:c3:46:b0:5e:fc:a0:87:d1:45:44:78:61:4c:fe:c6: c3:5c:39:16:4d:43:67:a2:99:4c:4b:2f:f5:91:95:cb: df:63:86:fe:a9:1e:0e:dd:87:12:d5:35:30:a6:86:8b: 28:1a:69:ac:16:4b:4a:8b:79:a6:c2:3b:18:ba:d4:8b: 64:55:7a:bb:58:f9:73:0c:8c:42:0b:0a:f2:9c:27:e3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c9:69:6c:1b:48:c8:71:22:2a:b8:42:58:e1:02:69:a0: 60:23:4b:aa:9d:2b:de:3d:99:aa:5a:50:f8:8f:69:f3: 14:f3:04:85:de:a7:17:09:d1:d4:dd:1d:1d:96:eb:0d: 20:85:fa:6c:4d:51:11:a4:0b:ef:67:7e:d0:75:ef:22: fe:05:10:73:5d:4d:d5:83:f8:a3:75:c9:aa:84:84:fe: 64:b4:d6:c8:c9:f0:cc:17:ec:07:27:02:4d:45:dc:cb: e3:e9:41:7c:05:4e:f0:22:d0:f6:ea:c8:97:be:c4:93: 39:51:91:f5:2a:20:ef:82:5c:69:33:2d:76:4c:fd:7a Fingerprint (SHA-256): 38:7D:BC:E3:6E:7E:A9:2F:98:59:DB:16:A4:D9:57:4B:42:3A:46:83:97:E8:99:4E:1C:04:93:B8:7A:98:43:C7 Fingerprint (SHA1): 43:12:23:55:95:EE:6A:9B:60:F7:4C:D0:15:E2:E9:DC:6F:4E:D3:F6 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6227: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6228: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025606 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6229: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6230: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6231: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6232: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025607 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6233: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6234: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6235: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6236: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025608 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6237: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6238: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6239: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6240: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519025609 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6241: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6242: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6243: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6244: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519025610 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6245: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6246: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6247: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6248: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6249: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6250: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #6251: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025606 (0x1eefb3c6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:03:33 2015 Not After : Tue May 19 07:03:33 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e9:76:fe:b6:39:e3:15:65:d6:f4:fd:73:cd:ba:6a:44: 21:54:2b:f1:b2:2a:b5:ff:cd:c6:63:9d:50:35:5a:92: 1f:b4:9a:f1:29:75:c3:a4:e0:ce:e5:e6:53:28:7f:30: f3:91:52:15:b1:77:62:c3:4b:64:7c:18:7b:28:a4:a2: 52:31:a0:5a:d7:40:a8:d9:10:3d:8b:52:bc:f9:66:a7: 8c:b8:0a:ea:18:e2:b9:27:06:da:5b:19:99:30:8a:27: 61:4a:02:29:bc:a7:f2:7d:32:68:37:52:81:75:41:e2: e4:fe:bc:20:0a:24:c8:2c:17:df:97:ee:59:8f:f7:e9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 52:a7:d7:e2:9e:b4:92:7f:68:d5:be:36:cb:17:98:11: 1e:5a:b1:28:5d:a0:3c:c7:b1:27:00:e0:84:41:79:5c: e8:c2:75:95:c5:8c:04:b8:aa:b3:9b:b2:89:44:72:0e: dc:67:f7:f8:ca:fd:1b:80:73:7b:d4:ab:5c:15:0e:eb: 15:a6:f2:0b:97:80:b0:8b:a3:c8:7b:4a:a9:a6:27:3e: bd:b6:77:0e:3f:d6:c0:35:04:0d:24:71:00:17:cc:a0: 3c:78:6f:a4:10:0d:a9:b8:8c:f6:04:c5:3f:56:33:c6: bb:c6:75:ab:4f:7d:5c:3a:a2:e2:b6:8c:c5:90:73:67 Fingerprint (SHA-256): 9F:1E:6A:40:2B:3C:D6:E0:17:6F:57:89:11:A1:F8:88:0F:BD:30:39:16:82:C8:76:AC:6E:AF:CF:A1:99:FB:5F Fingerprint (SHA1): 25:3C:4F:B0:81:AB:AF:C5:DE:FA:60:8C:B4:88:A9:39:3F:7C:BA:FC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6252: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6253: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025607 (0x1eefb3c7) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:03:37 2015 Not After : Tue May 19 07:03:37 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ac:22:15:95:49:28:c3:45:61:c3:3c:59:29:e2:ab:5f: 5e:23:a4:ec:07:14:9c:c1:06:26:7b:61:f9:f5:54:fb: f7:56:97:ad:87:dd:bd:eb:0a:a9:f6:94:b5:b4:99:46: f6:bc:39:41:49:52:86:46:41:6d:7d:17:bd:e4:d8:54: 0e:b0:4b:d8:b9:2c:33:d6:df:57:f7:89:19:21:b7:b8: 0a:9e:b1:7f:5a:aa:31:e4:e3:96:84:62:0a:21:3c:94: 77:7b:94:36:8c:d7:bf:03:45:50:03:a2:9e:08:5e:c9: 2e:97:7a:71:dc:6c:3c:c6:58:da:ea:11:49:e5:4e:3d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:08:4f:ef:26:67:b3:da:bb:18:40:d4:f2:ef:fb:69: a7:ba:94:5b:99:bb:96:5f:bd:2b:15:56:71:62:ea:27: 64:3d:60:60:37:97:c5:e4:74:07:eb:6b:ca:2e:e3:ab: cf:ce:5d:5f:c3:58:63:38:62:a2:11:bf:72:ee:d0:ab: 99:f0:f7:da:92:17:98:09:3f:02:1c:66:99:da:0b:19: 56:58:8f:62:e1:87:d7:f4:88:df:87:2a:35:5a:3a:7d: 48:f8:7b:53:6b:42:3c:bd:f5:b8:09:30:cd:6e:ca:b8: d1:4f:70:97:ca:35:3d:4c:92:cb:24:bb:13:a4:c3:5f Fingerprint (SHA-256): 97:27:04:AB:AA:1C:2D:85:D9:70:E6:31:AF:10:B8:E6:EB:49:C8:FC:41:6B:1F:D8:42:6B:E1:5F:FC:DA:FA:C1 Fingerprint (SHA1): E0:FE:E1:78:D3:17:DF:D3:95:1A:E9:DD:D7:77:3F:E0:B3:2D:DA:CC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6254: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6255: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6256: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025608 (0x1eefb3c8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:03:40 2015 Not After : Tue May 19 07:03:40 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a6:55:43:e0:37:5e:6e:bb:81:3b:30:86:ec:a9:fd:da: 19:46:9a:24:2b:e2:f6:73:91:c3:ec:bc:38:35:d9:05: 7f:9b:dc:9a:7c:02:30:11:1b:f0:01:93:14:ae:e0:2a: 1b:f1:7d:34:1b:2e:fe:26:9c:b7:6e:27:5f:e6:f5:f7: 39:6e:a7:3a:3b:4d:3a:7c:8f:d7:85:12:81:fa:c6:35: 2e:34:a8:b8:4d:76:70:50:25:ba:83:ce:aa:fd:b9:7e: 1c:9e:b0:3d:b8:9d:81:bc:ef:23:68:fc:53:a5:1c:5a: 10:1c:74:8d:22:9e:19:1c:69:6f:f5:92:dd:8e:8c:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:f6:f1:a9:2a:f5:e7:24:74:54:05:58:68:41:d4:bd: 3b:87:c5:2a:b0:d4:bd:e7:d4:3a:0e:6b:e6:9e:10:70: a1:5d:a4:89:2e:78:eb:4e:4b:5a:80:81:79:e9:c4:35: 0e:cd:bc:7c:c7:ce:f8:7c:59:ba:6a:aa:3e:2a:46:d4: 7b:45:90:e7:f4:7f:04:d2:99:b8:17:9e:62:6f:08:0d: dc:bd:89:a1:81:9d:6f:bf:2e:e9:29:8a:cb:ab:be:f1: 6a:a2:92:2e:e5:be:04:57:14:c4:1a:cb:be:4d:42:57: 61:ec:b5:94:27:af:f0:d8:d6:67:cb:5a:2e:61:a1:a7 Fingerprint (SHA-256): A6:A2:91:96:B7:8D:9A:F4:4A:49:02:96:8B:C8:D7:49:22:41:21:2B:0B:D6:8A:8E:45:3B:DB:AC:FF:70:14:EC Fingerprint (SHA1): 9D:41:50:5E:A7:5E:01:F1:DF:9A:F0:82:0C:CC:6F:B0:B2:12:AE:F1 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #6257: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6258: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025611 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6259: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6260: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6261: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6262: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025612 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6263: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6264: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6265: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6266: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025613 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519025520.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6267: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6268: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6269: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6270: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025614 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6271: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6272: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #6273: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025611 (0x1eefb3cb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:03:58 2015 Not After : Tue May 19 07:03:58 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:c5:66:0a:27:e3:a9:b4:83:8b:2c:22:52:28:c4:b2: d3:09:d4:0e:ab:71:fa:5b:cd:17:27:16:6a:7e:42:8f: 9e:f5:bd:9d:36:5e:1c:f0:05:46:3d:d4:45:5c:68:6e: 73:06:f1:04:b6:3d:4e:47:55:73:0d:84:c3:98:c1:cd: 8c:d7:70:32:2e:59:a4:23:34:3e:05:da:f8:1f:29:61: a9:21:07:82:ab:b6:5b:09:e8:44:d3:e7:ec:3d:40:1f: f5:31:f9:59:6f:f8:8a:20:11:d1:de:07:c7:b7:2d:4c: 49:db:27:a4:77:c3:2e:fa:45:59:6d:70:e4:0c:10:a7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 24:ab:c5:3c:4e:e5:28:93:e8:90:0a:13:f7:c8:69:c3: 0d:0d:78:e5:42:4a:f8:ea:a5:3d:78:15:e3:19:25:39: 3e:00:0d:a9:78:9e:76:95:d1:34:64:af:23:55:e3:ef: 1e:0c:b7:f3:62:82:ac:c0:d7:85:ec:da:82:bc:8f:2c: f6:ac:43:8a:3e:a2:c5:82:5c:37:21:9a:6f:fa:6d:53: 6c:3c:b6:87:c5:c7:75:c2:03:a7:9d:5b:f2:b5:5b:ce: 49:4f:93:7a:c9:1b:6f:dd:93:c7:39:23:58:3c:cf:b8: 8d:bb:80:a9:84:93:7d:d3:d5:16:ff:b9:37:4e:6a:c9 Fingerprint (SHA-256): 3D:E0:EF:71:F1:3D:8C:FD:43:43:59:F6:FB:69:5A:84:95:AE:9A:49:18:33:98:56:C6:0E:99:B5:1F:59:07:12 Fingerprint (SHA1): 16:A1:D7:24:1B:E5:17:8E:9B:15:30:F3:71:FE:28:A1:37:A2:63:33 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6274: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6275: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025615 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6276: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6277: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6278: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025616 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6279: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6280: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6281: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6282: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025617 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6283: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6284: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025618 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6285: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6286: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6287: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6288: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6289: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025619 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519025521.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6290: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6291: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6292: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6293: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025620 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6294: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6295: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6296: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025615 (0x1eefb3cf) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:04:14 2015 Not After : Tue May 19 07:04:14 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cd:0f:a7:15:d0:e0:d1:1e:88:d7:0c:10:22:4d:58:e5: 62:83:71:28:8f:d3:63:41:1c:f6:a3:ec:7d:f4:26:4f: 1c:6a:51:2d:f2:31:44:72:de:01:84:5e:9b:28:2b:5b: 23:a9:a8:c5:66:cb:e0:39:b8:e5:44:40:2e:e5:cb:dc: 97:65:84:c9:ff:7f:4e:c7:eb:3b:a9:0d:cd:04:9a:c9: 71:ba:c2:00:d0:16:ee:20:b6:c8:ba:af:a9:ae:48:35: 00:56:2e:a9:fc:6c:7a:3b:55:e9:33:95:c8:e9:bd:f6: 8f:49:c9:3d:45:f3:47:7f:af:4c:b6:e5:c3:74:2a:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 26:ee:9f:d6:f3:f0:31:a9:7a:39:d8:87:ee:c3:d6:76: 2e:41:31:64:62:69:29:3f:2c:80:26:b9:4a:63:ec:cf: d6:99:13:ad:3d:5a:19:34:3d:cb:7d:a4:74:e5:27:69: 62:2d:e6:b6:00:72:0e:55:e5:63:54:7d:98:b5:8f:02: 77:6c:62:af:40:69:a2:f3:4b:d7:59:c1:b0:07:4c:ee: dc:02:82:17:bb:72:88:4a:99:bf:1d:32:6f:23:c5:be: 67:f8:a9:58:86:c8:7c:4f:fe:7d:69:5d:e2:22:ff:38: b9:2f:a8:a8:11:04:fc:a8:9a:65:66:68:14:c4:2d:0f Fingerprint (SHA-256): 85:54:01:24:6C:F9:03:97:4E:FB:3C:10:B0:F2:15:4F:DF:B9:40:F9:2D:31:8E:77:B4:4A:CF:DA:11:21:9A:FA Fingerprint (SHA1): 28:DC:D8:4A:2E:31:A9:EC:15:AE:04:9C:20:59:94:2D:A5:5D:B6:20 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6297: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025616 (0x1eefb3d0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:18 2015 Not After : Tue May 19 07:04:18 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:b4:14:62:c1:77:35:c4:6c:fe:ca:95:35:24:42:a4: 7c:1f:9e:de:56:51:71:b1:44:06:a0:22:20:78:3f:2a: 8f:0f:b9:34:f2:79:dc:41:bb:9e:1a:32:f8:39:7a:09: c8:4f:77:53:5c:4e:a9:f9:cb:b3:bb:c0:3e:04:16:ee: 6d:69:2f:0c:75:7d:49:5f:21:c3:30:fd:ef:0c:03:54: e1:5d:7b:53:41:56:cb:8d:ee:28:3d:a0:0a:7e:32:c4: 82:4e:9d:09:9d:08:c6:21:83:de:a6:cf:5d:0a:6a:fb: 2c:12:a7:b2:01:ad:f8:d7:22:1e:ae:bc:87:f2:43:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:d4:26:3d:3f:b2:77:bd:0c:2c:9f:cd:31:3d:3b:66: a0:1c:b4:60:63:16:81:6a:79:99:24:c3:62:79:6b:be: 25:c9:c2:b4:90:29:f1:bd:0c:e9:7d:b8:19:f5:64:f6: 1f:dd:fb:8a:e9:bc:81:9e:c8:fc:b4:35:80:b9:7a:2d: bc:d7:ec:f4:65:5f:1e:f7:81:00:58:63:b2:a6:91:38: 45:93:aa:86:fb:64:90:ad:76:bd:af:6d:62:16:c9:76: 8a:9c:61:43:09:0b:df:65:43:fe:aa:10:96:e4:ce:4b: 0f:bd:45:9b:f2:13:cf:69:3e:a7:25:b5:25:58:82:d4 Fingerprint (SHA-256): A6:50:9D:1C:68:FF:60:17:3B:18:EA:83:54:51:A3:C5:F5:E5:34:FF:98:A7:9E:6C:54:D4:06:8B:7B:C3:27:D3 Fingerprint (SHA1): C7:A8:E0:7C:00:93:C5:A3:7F:1A:75:6C:DB:10:6E:CF:21:65:51:02 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6298: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025616 (0x1eefb3d0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:18 2015 Not After : Tue May 19 07:04:18 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:b4:14:62:c1:77:35:c4:6c:fe:ca:95:35:24:42:a4: 7c:1f:9e:de:56:51:71:b1:44:06:a0:22:20:78:3f:2a: 8f:0f:b9:34:f2:79:dc:41:bb:9e:1a:32:f8:39:7a:09: c8:4f:77:53:5c:4e:a9:f9:cb:b3:bb:c0:3e:04:16:ee: 6d:69:2f:0c:75:7d:49:5f:21:c3:30:fd:ef:0c:03:54: e1:5d:7b:53:41:56:cb:8d:ee:28:3d:a0:0a:7e:32:c4: 82:4e:9d:09:9d:08:c6:21:83:de:a6:cf:5d:0a:6a:fb: 2c:12:a7:b2:01:ad:f8:d7:22:1e:ae:bc:87:f2:43:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2c:d4:26:3d:3f:b2:77:bd:0c:2c:9f:cd:31:3d:3b:66: a0:1c:b4:60:63:16:81:6a:79:99:24:c3:62:79:6b:be: 25:c9:c2:b4:90:29:f1:bd:0c:e9:7d:b8:19:f5:64:f6: 1f:dd:fb:8a:e9:bc:81:9e:c8:fc:b4:35:80:b9:7a:2d: bc:d7:ec:f4:65:5f:1e:f7:81:00:58:63:b2:a6:91:38: 45:93:aa:86:fb:64:90:ad:76:bd:af:6d:62:16:c9:76: 8a:9c:61:43:09:0b:df:65:43:fe:aa:10:96:e4:ce:4b: 0f:bd:45:9b:f2:13:cf:69:3e:a7:25:b5:25:58:82:d4 Fingerprint (SHA-256): A6:50:9D:1C:68:FF:60:17:3B:18:EA:83:54:51:A3:C5:F5:E5:34:FF:98:A7:9E:6C:54:D4:06:8B:7B:C3:27:D3 Fingerprint (SHA1): C7:A8:E0:7C:00:93:C5:A3:7F:1A:75:6C:DB:10:6E:CF:21:65:51:02 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6299: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6300: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025621 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6301: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6302: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6303: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025622 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6304: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6305: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6306: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6307: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025623 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6308: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6309: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025624 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6310: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6311: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6312: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6313: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6314: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025625 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519025522.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6315: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6316: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6317: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6318: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025626 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6319: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6320: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6321: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6322: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519025627 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519025523.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6323: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6324: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6325: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6326: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025628 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6327: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6328: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6329: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025621 (0x1eefb3d5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:04:38 2015 Not After : Tue May 19 07:04:38 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:ef:ac:1b:29:38:a3:1c:b5:ba:c1:ac:bb:e4:1a:7b: fc:d2:87:42:c4:a6:2f:64:17:50:f6:21:8e:fc:21:06: 7d:50:59:d6:38:60:a3:e4:68:78:6f:a0:4c:3e:92:6c: d1:29:79:4a:a8:70:6e:7e:50:25:cd:e9:0c:63:97:b8: a0:45:04:ea:2c:23:e1:c7:dc:c5:d6:f1:6a:0e:76:d0: 8b:f2:5b:af:36:a6:96:03:f6:0f:f7:7e:8e:85:6e:b1: 6d:17:3e:45:6d:bf:80:28:fe:5c:9f:12:81:34:29:ab: 5b:f1:45:80:46:9f:23:c8:d9:c9:ec:0c:e2:c0:a4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c3:0c:8e:64:a4:15:94:b2:46:da:41:c9:c8:3b:b2:d2: c5:ec:4f:42:28:bb:ef:72:54:fa:a6:0c:d1:99:99:a0: 88:7b:96:5c:85:3b:c2:ad:19:00:01:34:77:43:63:4a: 0d:b5:98:94:6c:6f:19:77:c0:1d:f7:eb:bf:64:b5:01: 79:4a:00:80:c4:bd:33:39:60:4f:b0:3c:3e:e7:fa:b8: ea:2f:45:8e:5a:b0:9e:82:9e:13:87:3d:7d:f5:fc:1e: a0:17:24:e9:29:f3:aa:56:68:40:0f:de:0c:44:ef:be: 79:54:da:64:56:e1:e3:35:a3:f3:ee:44:51:ba:b0:41 Fingerprint (SHA-256): 8C:D8:EA:A7:E7:73:97:D1:1F:73:74:86:79:A7:10:09:0C:88:64:60:C6:5F:2F:26:85:A3:92:9E:9C:4C:4B:21 Fingerprint (SHA1): 85:0C:78:A0:98:25:F6:14:07:49:9E:9B:66:6A:8F:D8:6B:2B:D2:46 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6330: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025622 (0x1eefb3d6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:41 2015 Not After : Tue May 19 07:04:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:35:3c:83:7e:15:15:a5:2b:57:34:a4:89:76:19:cd: ea:76:d9:52:b4:0e:f8:01:d0:cf:d1:f1:f9:5b:d4:39: a9:e1:f4:3d:f8:6c:61:fa:be:70:ff:be:af:8a:c6:29: 06:d8:c4:0b:4b:40:df:98:dc:47:1c:83:25:78:dc:df: 28:82:54:53:ea:87:d4:9d:1b:31:c2:51:8d:5a:30:6a: 76:20:2b:ac:19:d7:67:17:6a:62:8f:3b:2d:0d:5a:55: 9d:f2:28:b2:ca:f5:12:b1:62:f2:86:f9:92:2d:22:3b: c5:15:f5:d0:b3:8c:7e:0b:b5:b6:2d:2a:b6:83:c1:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:97:be:14:2d:a7:65:29:3a:0a:99:c1:da:06:66:b6: 4c:d6:3c:04:b5:88:79:89:fe:0b:61:1f:0d:d8:82:b7: 93:fb:64:93:ca:c6:8f:ad:58:7f:9a:20:89:66:5a:f5: 07:b8:cc:15:d0:dc:39:2a:a8:8a:21:6c:7d:ab:7e:a8: 17:7d:02:29:e7:5d:cc:dc:df:69:02:3f:ea:13:12:3b: c8:f2:dd:9e:a4:f1:3f:56:f0:ee:91:57:bf:99:75:eb: 0e:e5:1b:16:93:46:7e:b9:dd:3f:d6:1f:e9:df:a4:25: 3f:9d:e1:54:26:53:af:c2:6f:ce:58:fe:9f:de:d7:9e Fingerprint (SHA-256): B2:1A:3A:D8:5D:F9:27:69:FA:32:4A:8E:FF:2C:4A:CE:AF:FE:3F:2C:C9:D0:F9:6C:AF:21:7D:1C:4B:B7:63:9A Fingerprint (SHA1): 1B:7E:1D:B5:7F:DC:BE:16:69:6B:F0:45:1F:0F:AB:E8:39:E5:C4:B0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6331: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025622 (0x1eefb3d6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:41 2015 Not After : Tue May 19 07:04:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:35:3c:83:7e:15:15:a5:2b:57:34:a4:89:76:19:cd: ea:76:d9:52:b4:0e:f8:01:d0:cf:d1:f1:f9:5b:d4:39: a9:e1:f4:3d:f8:6c:61:fa:be:70:ff:be:af:8a:c6:29: 06:d8:c4:0b:4b:40:df:98:dc:47:1c:83:25:78:dc:df: 28:82:54:53:ea:87:d4:9d:1b:31:c2:51:8d:5a:30:6a: 76:20:2b:ac:19:d7:67:17:6a:62:8f:3b:2d:0d:5a:55: 9d:f2:28:b2:ca:f5:12:b1:62:f2:86:f9:92:2d:22:3b: c5:15:f5:d0:b3:8c:7e:0b:b5:b6:2d:2a:b6:83:c1:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:97:be:14:2d:a7:65:29:3a:0a:99:c1:da:06:66:b6: 4c:d6:3c:04:b5:88:79:89:fe:0b:61:1f:0d:d8:82:b7: 93:fb:64:93:ca:c6:8f:ad:58:7f:9a:20:89:66:5a:f5: 07:b8:cc:15:d0:dc:39:2a:a8:8a:21:6c:7d:ab:7e:a8: 17:7d:02:29:e7:5d:cc:dc:df:69:02:3f:ea:13:12:3b: c8:f2:dd:9e:a4:f1:3f:56:f0:ee:91:57:bf:99:75:eb: 0e:e5:1b:16:93:46:7e:b9:dd:3f:d6:1f:e9:df:a4:25: 3f:9d:e1:54:26:53:af:c2:6f:ce:58:fe:9f:de:d7:9e Fingerprint (SHA-256): B2:1A:3A:D8:5D:F9:27:69:FA:32:4A:8E:FF:2C:4A:CE:AF:FE:3F:2C:C9:D0:F9:6C:AF:21:7D:1C:4B:B7:63:9A Fingerprint (SHA1): 1B:7E:1D:B5:7F:DC:BE:16:69:6B:F0:45:1F:0F:AB:E8:39:E5:C4:B0 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6332: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #6333: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025621 (0x1eefb3d5) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:04:38 2015 Not After : Tue May 19 07:04:38 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:ef:ac:1b:29:38:a3:1c:b5:ba:c1:ac:bb:e4:1a:7b: fc:d2:87:42:c4:a6:2f:64:17:50:f6:21:8e:fc:21:06: 7d:50:59:d6:38:60:a3:e4:68:78:6f:a0:4c:3e:92:6c: d1:29:79:4a:a8:70:6e:7e:50:25:cd:e9:0c:63:97:b8: a0:45:04:ea:2c:23:e1:c7:dc:c5:d6:f1:6a:0e:76:d0: 8b:f2:5b:af:36:a6:96:03:f6:0f:f7:7e:8e:85:6e:b1: 6d:17:3e:45:6d:bf:80:28:fe:5c:9f:12:81:34:29:ab: 5b:f1:45:80:46:9f:23:c8:d9:c9:ec:0c:e2:c0:a4:81 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c3:0c:8e:64:a4:15:94:b2:46:da:41:c9:c8:3b:b2:d2: c5:ec:4f:42:28:bb:ef:72:54:fa:a6:0c:d1:99:99:a0: 88:7b:96:5c:85:3b:c2:ad:19:00:01:34:77:43:63:4a: 0d:b5:98:94:6c:6f:19:77:c0:1d:f7:eb:bf:64:b5:01: 79:4a:00:80:c4:bd:33:39:60:4f:b0:3c:3e:e7:fa:b8: ea:2f:45:8e:5a:b0:9e:82:9e:13:87:3d:7d:f5:fc:1e: a0:17:24:e9:29:f3:aa:56:68:40:0f:de:0c:44:ef:be: 79:54:da:64:56:e1:e3:35:a3:f3:ee:44:51:ba:b0:41 Fingerprint (SHA-256): 8C:D8:EA:A7:E7:73:97:D1:1F:73:74:86:79:A7:10:09:0C:88:64:60:C6:5F:2F:26:85:A3:92:9E:9C:4C:4B:21 Fingerprint (SHA1): 85:0C:78:A0:98:25:F6:14:07:49:9E:9B:66:6A:8F:D8:6B:2B:D2:46 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6334: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025622 (0x1eefb3d6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:41 2015 Not After : Tue May 19 07:04:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:35:3c:83:7e:15:15:a5:2b:57:34:a4:89:76:19:cd: ea:76:d9:52:b4:0e:f8:01:d0:cf:d1:f1:f9:5b:d4:39: a9:e1:f4:3d:f8:6c:61:fa:be:70:ff:be:af:8a:c6:29: 06:d8:c4:0b:4b:40:df:98:dc:47:1c:83:25:78:dc:df: 28:82:54:53:ea:87:d4:9d:1b:31:c2:51:8d:5a:30:6a: 76:20:2b:ac:19:d7:67:17:6a:62:8f:3b:2d:0d:5a:55: 9d:f2:28:b2:ca:f5:12:b1:62:f2:86:f9:92:2d:22:3b: c5:15:f5:d0:b3:8c:7e:0b:b5:b6:2d:2a:b6:83:c1:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:97:be:14:2d:a7:65:29:3a:0a:99:c1:da:06:66:b6: 4c:d6:3c:04:b5:88:79:89:fe:0b:61:1f:0d:d8:82:b7: 93:fb:64:93:ca:c6:8f:ad:58:7f:9a:20:89:66:5a:f5: 07:b8:cc:15:d0:dc:39:2a:a8:8a:21:6c:7d:ab:7e:a8: 17:7d:02:29:e7:5d:cc:dc:df:69:02:3f:ea:13:12:3b: c8:f2:dd:9e:a4:f1:3f:56:f0:ee:91:57:bf:99:75:eb: 0e:e5:1b:16:93:46:7e:b9:dd:3f:d6:1f:e9:df:a4:25: 3f:9d:e1:54:26:53:af:c2:6f:ce:58:fe:9f:de:d7:9e Fingerprint (SHA-256): B2:1A:3A:D8:5D:F9:27:69:FA:32:4A:8E:FF:2C:4A:CE:AF:FE:3F:2C:C9:D0:F9:6C:AF:21:7D:1C:4B:B7:63:9A Fingerprint (SHA1): 1B:7E:1D:B5:7F:DC:BE:16:69:6B:F0:45:1F:0F:AB:E8:39:E5:C4:B0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6335: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025622 (0x1eefb3d6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:04:41 2015 Not After : Tue May 19 07:04:41 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: cc:35:3c:83:7e:15:15:a5:2b:57:34:a4:89:76:19:cd: ea:76:d9:52:b4:0e:f8:01:d0:cf:d1:f1:f9:5b:d4:39: a9:e1:f4:3d:f8:6c:61:fa:be:70:ff:be:af:8a:c6:29: 06:d8:c4:0b:4b:40:df:98:dc:47:1c:83:25:78:dc:df: 28:82:54:53:ea:87:d4:9d:1b:31:c2:51:8d:5a:30:6a: 76:20:2b:ac:19:d7:67:17:6a:62:8f:3b:2d:0d:5a:55: 9d:f2:28:b2:ca:f5:12:b1:62:f2:86:f9:92:2d:22:3b: c5:15:f5:d0:b3:8c:7e:0b:b5:b6:2d:2a:b6:83:c1:6d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:97:be:14:2d:a7:65:29:3a:0a:99:c1:da:06:66:b6: 4c:d6:3c:04:b5:88:79:89:fe:0b:61:1f:0d:d8:82:b7: 93:fb:64:93:ca:c6:8f:ad:58:7f:9a:20:89:66:5a:f5: 07:b8:cc:15:d0:dc:39:2a:a8:8a:21:6c:7d:ab:7e:a8: 17:7d:02:29:e7:5d:cc:dc:df:69:02:3f:ea:13:12:3b: c8:f2:dd:9e:a4:f1:3f:56:f0:ee:91:57:bf:99:75:eb: 0e:e5:1b:16:93:46:7e:b9:dd:3f:d6:1f:e9:df:a4:25: 3f:9d:e1:54:26:53:af:c2:6f:ce:58:fe:9f:de:d7:9e Fingerprint (SHA-256): B2:1A:3A:D8:5D:F9:27:69:FA:32:4A:8E:FF:2C:4A:CE:AF:FE:3F:2C:C9:D0:F9:6C:AF:21:7D:1C:4B:B7:63:9A Fingerprint (SHA1): 1B:7E:1D:B5:7F:DC:BE:16:69:6B:F0:45:1F:0F:AB:E8:39:E5:C4:B0 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6336: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6337: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025629 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6338: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6339: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6340: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025630 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6341: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6342: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #6343: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6344: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519025631 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6345: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6346: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #6347: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6348: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519025632 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6349: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6350: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6351: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6352: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519025633 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6353: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6354: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519025634 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #6355: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6356: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #6357: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6358: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6359: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025635 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6360: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6361: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6362: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6363: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519025636 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6364: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6365: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6366: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6367: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025637 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6368: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6369: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6370: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6371: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025638 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6372: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6373: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025629 (0x1eefb3dd) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:05:12 2015 Not After : Tue May 19 07:05:12 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a0:b2:45:90:a7:59:43:3a:f3:34:7e:5b:c8:98:94:08: 38:f2:c5:15:e7:67:ef:3a:71:79:4d:ee:3d:c3:10:db: 4e:39:72:cd:dc:53:a4:ff:de:2d:2c:ff:d0:eb:74:d7: 4d:47:01:3e:d2:4d:86:9e:21:df:75:bd:32:29:58:c7: a9:6a:1d:f6:ad:be:8a:83:5f:61:b4:e9:5c:8a:20:92: fa:cb:69:a9:fd:f9:95:4b:d2:be:72:c9:df:c2:1a:ea: eb:38:01:86:55:79:64:20:cf:db:c2:96:04:ad:8e:a2: 3e:69:b2:97:0a:9f:dd:b3:75:24:da:26:25:01:42:6f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 76:cb:e2:94:80:3f:38:f6:9f:c7:d3:1d:c7:18:3d:ba: 17:c7:fd:4c:79:e8:69:30:a2:d3:7c:02:63:8b:0e:83: 28:18:df:d5:27:d2:27:1d:75:01:68:c4:b3:cc:d1:6b: c1:9f:20:ce:0f:21:e7:7e:e9:28:a9:08:52:4c:6f:25: 3e:62:69:67:3c:29:02:2c:8a:0b:f0:d4:68:03:79:3e: 61:46:e1:11:5c:30:70:88:ec:bc:55:f8:46:62:40:6b: 94:a1:3c:28:79:a5:b1:b3:6c:21:35:a3:7e:84:e7:d8: 01:82:44:fa:b8:53:9c:c7:89:f7:64:c1:e9:80:1a:d3 Fingerprint (SHA-256): FE:36:03:76:FA:F9:BA:35:BB:4D:22:52:F9:5C:9E:2A:9B:F9:97:47:4E:F0:E2:2C:EF:B7:62:E6:E6:9C:94:F9 Fingerprint (SHA1): FE:3D:61:AC:12:42:23:FD:A4:04:9C:60:41:CA:FC:AF:36:CE:7A:2B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #6375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6380: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6381: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6382: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6383: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025630 (0x1eefb3de) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:05:16 2015 Not After : Tue May 19 07:05:16 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 9d:0c:75:e8:a6:cd:ff:0d:0f:0e:94:cf:69:18:41:63: 3f:08:fd:15:f5:91:12:c6:7f:e5:51:a3:96:9c:9d:6b: 47:3c:5e:5d:d2:96:46:b3:9f:b0:5e:e8:19:c4:73:ec: 68:15:c1:b8:a7:91:c6:26:27:94:a5:96:da:02:0c:a1: 0a:75:6f:35:c6:3e:8a:a5:98:88:3a:7e:4f:f4:96:a1: ea:a7:95:50:88:95:ce:c1:8a:3c:0b:a6:6e:a0:29:6a: 8f:2c:a0:77:82:e9:b1:58:9e:35:e9:a1:a2:b1:50:f3: 53:96:37:d8:f5:d9:b6:27:bd:ca:8c:ae:0d:18:90:2f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 83:76:58:5f:79:cf:db:dc:71:36:af:b4:15:05:8e:9a: c3:26:1b:cb:36:1a:7c:4a:a9:1c:6b:3d:ae:67:ad:bb: 3c:61:0c:d2:51:ef:2e:6f:91:a0:66:d2:cf:c6:50:d1: 63:fd:af:95:8e:e0:ce:6a:c6:d5:39:27:ce:03:51:c6: d4:eb:88:d9:8b:a0:9d:21:69:4b:92:6b:69:ed:97:33: f5:2e:83:8d:3b:c7:ac:c6:eb:d5:0b:e6:1b:ee:c3:20: c3:69:9e:68:1d:05:03:e3:02:b2:d5:eb:91:fa:6b:3d: 04:2d:16:c2:f8:bb:b3:08:53:05:0e:ea:a4:23:d0:fe Fingerprint (SHA-256): C3:8B:89:D3:97:0F:ED:8B:7F:75:92:FA:F2:8F:92:05:2A:4D:72:F7:E5:EA:1D:A4:71:36:50:1B:40:82:CB:20 Fingerprint (SHA1): 7E:0B:71:CA:71:83:AD:38:3E:74:9D:5E:29:69:AA:8C:64:CA:74:6F Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #6384: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6385: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6386: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6387: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6388: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6389: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6390: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #6391: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #6392: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #6393: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #6394: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #6395: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #6396: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #6397: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #6398: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #6399: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #6400: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #6401: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6402: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025639 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6403: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6404: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6405: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6406: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025640 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6407: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6408: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6409: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6410: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025641 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6411: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6412: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6413: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6414: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519025642 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6415: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6416: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6417: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6418: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025643 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6419: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6420: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6421: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6422: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519025644 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6423: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6424: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6425: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6426: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519025645 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6427: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6428: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #6429: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6430: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519025646 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6431: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6432: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6433: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6434: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519025647 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6435: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6436: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6437: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025639 (0x1eefb3e7) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:04 2015 Not After : Tue May 19 07:06:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 0c:a9:6e:e6:69:82:1a:0c:ca:e4:b5:8c:a9:26:72:dc: 46:56:ed:37:01:49:a7:a2:9e:33:4b:f8:c0:d2:b5:83: f1:83:01:ce:9a:33:45:47:80:f4:96:21:16:c5:06:75: d6:2a:5a:d6:d1:1a:24:90:9f:4e:db:21:53:47:f9:90: 0d:1e:04:e9:b3:de:0b:36:4b:ff:c0:ae:ea:38:6f:35: ed:d5:1f:cd:61:6f:98:d1:34:ab:b6:61:ff:64:9b:82: 23:3f:a2:77:fb:34:ef:a6:96:4e:11:db:75:a4:a1:af: 1e:96:37:58:65:36:34:ee:7a:97:f0:37:63:05:71:bb Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:0b:ae:e3:5d:8a:7c:bd:fe:58:8c:ba:6d: 3d:99:88:9d:14:14:4d:3d:02:14:49:df:47:9d:ba:27: 24:51:12:c4:a6:dd:a2:d8:ad:61:f3:2b:d2:f1 Fingerprint (SHA-256): F7:37:8F:97:56:C9:29:D0:3B:97:F3:C5:BE:D4:29:FB:96:90:14:95:02:7E:54:63:82:F8:CE:71:AD:18:DE:E4 Fingerprint (SHA1): A7:2C:48:FB:DE:9E:47:72:A2:58:76:C4:66:E4:C3:A4:C8:AC:5E:7B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6438: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025639 (0x1eefb3e7) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:04 2015 Not After : Tue May 19 07:06:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 0c:a9:6e:e6:69:82:1a:0c:ca:e4:b5:8c:a9:26:72:dc: 46:56:ed:37:01:49:a7:a2:9e:33:4b:f8:c0:d2:b5:83: f1:83:01:ce:9a:33:45:47:80:f4:96:21:16:c5:06:75: d6:2a:5a:d6:d1:1a:24:90:9f:4e:db:21:53:47:f9:90: 0d:1e:04:e9:b3:de:0b:36:4b:ff:c0:ae:ea:38:6f:35: ed:d5:1f:cd:61:6f:98:d1:34:ab:b6:61:ff:64:9b:82: 23:3f:a2:77:fb:34:ef:a6:96:4e:11:db:75:a4:a1:af: 1e:96:37:58:65:36:34:ee:7a:97:f0:37:63:05:71:bb Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:0b:ae:e3:5d:8a:7c:bd:fe:58:8c:ba:6d: 3d:99:88:9d:14:14:4d:3d:02:14:49:df:47:9d:ba:27: 24:51:12:c4:a6:dd:a2:d8:ad:61:f3:2b:d2:f1 Fingerprint (SHA-256): F7:37:8F:97:56:C9:29:D0:3B:97:F3:C5:BE:D4:29:FB:96:90:14:95:02:7E:54:63:82:F8:CE:71:AD:18:DE:E4 Fingerprint (SHA1): A7:2C:48:FB:DE:9E:47:72:A2:58:76:C4:66:E4:C3:A4:C8:AC:5E:7B Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6439: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025639 (0x1eefb3e7) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:04 2015 Not After : Tue May 19 07:06:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 0c:a9:6e:e6:69:82:1a:0c:ca:e4:b5:8c:a9:26:72:dc: 46:56:ed:37:01:49:a7:a2:9e:33:4b:f8:c0:d2:b5:83: f1:83:01:ce:9a:33:45:47:80:f4:96:21:16:c5:06:75: d6:2a:5a:d6:d1:1a:24:90:9f:4e:db:21:53:47:f9:90: 0d:1e:04:e9:b3:de:0b:36:4b:ff:c0:ae:ea:38:6f:35: ed:d5:1f:cd:61:6f:98:d1:34:ab:b6:61:ff:64:9b:82: 23:3f:a2:77:fb:34:ef:a6:96:4e:11:db:75:a4:a1:af: 1e:96:37:58:65:36:34:ee:7a:97:f0:37:63:05:71:bb Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:0b:ae:e3:5d:8a:7c:bd:fe:58:8c:ba:6d: 3d:99:88:9d:14:14:4d:3d:02:14:49:df:47:9d:ba:27: 24:51:12:c4:a6:dd:a2:d8:ad:61:f3:2b:d2:f1 Fingerprint (SHA-256): F7:37:8F:97:56:C9:29:D0:3B:97:F3:C5:BE:D4:29:FB:96:90:14:95:02:7E:54:63:82:F8:CE:71:AD:18:DE:E4 Fingerprint (SHA1): A7:2C:48:FB:DE:9E:47:72:A2:58:76:C4:66:E4:C3:A4:C8:AC:5E:7B Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #6440: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025639 (0x1eefb3e7) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:04 2015 Not After : Tue May 19 07:06:04 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 0c:a9:6e:e6:69:82:1a:0c:ca:e4:b5:8c:a9:26:72:dc: 46:56:ed:37:01:49:a7:a2:9e:33:4b:f8:c0:d2:b5:83: f1:83:01:ce:9a:33:45:47:80:f4:96:21:16:c5:06:75: d6:2a:5a:d6:d1:1a:24:90:9f:4e:db:21:53:47:f9:90: 0d:1e:04:e9:b3:de:0b:36:4b:ff:c0:ae:ea:38:6f:35: ed:d5:1f:cd:61:6f:98:d1:34:ab:b6:61:ff:64:9b:82: 23:3f:a2:77:fb:34:ef:a6:96:4e:11:db:75:a4:a1:af: 1e:96:37:58:65:36:34:ee:7a:97:f0:37:63:05:71:bb Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2c:02:14:0b:ae:e3:5d:8a:7c:bd:fe:58:8c:ba:6d: 3d:99:88:9d:14:14:4d:3d:02:14:49:df:47:9d:ba:27: 24:51:12:c4:a6:dd:a2:d8:ad:61:f3:2b:d2:f1 Fingerprint (SHA-256): F7:37:8F:97:56:C9:29:D0:3B:97:F3:C5:BE:D4:29:FB:96:90:14:95:02:7E:54:63:82:F8:CE:71:AD:18:DE:E4 Fingerprint (SHA1): A7:2C:48:FB:DE:9E:47:72:A2:58:76:C4:66:E4:C3:A4:C8:AC:5E:7B Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #6441: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6442: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6443: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6444: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #6445: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6446: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6447: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6448: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6449: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6450: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6451: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6452: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #6453: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6454: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6455: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6456: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #6457: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6458: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6459: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6460: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6461: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6462: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6463: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6464: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #6465: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6466: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6467: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6468: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519070703Z nextupdate=20160519070703Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 07:07:03 2015 Next Update: Thu May 19 07:07:03 2016 CRL Extensions: chains.sh: #6469: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519070704Z nextupdate=20160519070704Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:07:04 2015 Next Update: Thu May 19 07:07:04 2016 CRL Extensions: chains.sh: #6470: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519070704Z nextupdate=20160519070704Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:07:04 2015 Next Update: Thu May 19 07:07:04 2016 CRL Extensions: chains.sh: #6471: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519070705Z nextupdate=20160519070705Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 07:07:05 2015 Next Update: Thu May 19 07:07:05 2016 CRL Extensions: chains.sh: #6472: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519070706Z addcert 14 20150519070706Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:07:06 2015 Next Update: Thu May 19 07:07:04 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 07:07:06 2015 CRL Extensions: chains.sh: #6473: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519070707Z addcert 15 20150519070707Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:07:07 2015 Next Update: Thu May 19 07:07:04 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 07:07:07 2015 CRL Extensions: chains.sh: #6474: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6475: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6476: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #6477: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #6478: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #6479: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #6480: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #6481: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #6482: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #6483: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:37 2015 Not After : Tue May 19 07:06:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:fb:3c:4a:d8:fe:32:95:33:52:40:bf:81:84:a4:74: e6:c7:4c:1a:b6:29:d2:2e:88:c5:75:8c:ac:7f:38:a2: fc:77:70:c1:0b:ca:08:3a:4b:3f:fe:0b:eb:16:ce:7b: a4:22:40:b6:00:96:7c:d5:84:cf:3d:31:f5:52:45:a1: b2:1f:64:66:39:df:53:f8:bd:5a:e2:7c:e8:11:46:c3: 65:2b:f9:44:e6:50:2d:79:7e:da:b7:59:2c:73:fd:85: bb:30:1f:67:7f:6d:c3:bd:80:48:a2:1b:2e:d4:28:3a: 92:0a:01:ff:9e:97:b3:e2:d2:07:da:b2:3b:28:24:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:0c:6b:16:64:7f:a4:c7:18:6f:cf:7a:29:9d:7e:48: 30:73:18:2f:dc:bd:ba:cb:e8:ce:45:f2:11:2c:cd:16: 38:cd:a8:9f:c2:56:96:e2:08:3c:36:50:0f:45:e7:06: 26:fa:3e:d5:6a:9e:b9:7c:40:a8:de:46:b3:ed:ab:cc: 08:30:4f:1d:99:1d:10:85:9e:14:40:ec:9f:38:0e:80: da:71:d4:91:ba:2b:9e:2c:c8:39:eb:97:aa:da:c8:54: c3:55:36:d1:a9:09:5c:5d:db:62:35:28:4e:ca:fd:6d: 7c:5d:b5:41:03:4e:cd:1c:0b:97:b4:48:ea:f7:e4:4a Fingerprint (SHA-256): 1D:74:0B:60:31:67:25:1C:76:45:49:2D:B7:A7:D0:EF:40:4A:D9:81:B0:6E:31:58:35:6D:1B:3D:2B:BB:C0:68 Fingerprint (SHA1): 29:A6:4E:CD:A1:66:C1:12:FE:A3:DF:A2:F2:DA:4A:F7:21:1F:9B:B9 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6484: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6485: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:06:37 2015 Not After : Tue May 19 07:06:37 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b0:fb:3c:4a:d8:fe:32:95:33:52:40:bf:81:84:a4:74: e6:c7:4c:1a:b6:29:d2:2e:88:c5:75:8c:ac:7f:38:a2: fc:77:70:c1:0b:ca:08:3a:4b:3f:fe:0b:eb:16:ce:7b: a4:22:40:b6:00:96:7c:d5:84:cf:3d:31:f5:52:45:a1: b2:1f:64:66:39:df:53:f8:bd:5a:e2:7c:e8:11:46:c3: 65:2b:f9:44:e6:50:2d:79:7e:da:b7:59:2c:73:fd:85: bb:30:1f:67:7f:6d:c3:bd:80:48:a2:1b:2e:d4:28:3a: 92:0a:01:ff:9e:97:b3:e2:d2:07:da:b2:3b:28:24:cb Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2f:0c:6b:16:64:7f:a4:c7:18:6f:cf:7a:29:9d:7e:48: 30:73:18:2f:dc:bd:ba:cb:e8:ce:45:f2:11:2c:cd:16: 38:cd:a8:9f:c2:56:96:e2:08:3c:36:50:0f:45:e7:06: 26:fa:3e:d5:6a:9e:b9:7c:40:a8:de:46:b3:ed:ab:cc: 08:30:4f:1d:99:1d:10:85:9e:14:40:ec:9f:38:0e:80: da:71:d4:91:ba:2b:9e:2c:c8:39:eb:97:aa:da:c8:54: c3:55:36:d1:a9:09:5c:5d:db:62:35:28:4e:ca:fd:6d: 7c:5d:b5:41:03:4e:cd:1c:0b:97:b4:48:ea:f7:e4:4a Fingerprint (SHA-256): 1D:74:0B:60:31:67:25:1C:76:45:49:2D:B7:A7:D0:EF:40:4A:D9:81:B0:6E:31:58:35:6D:1B:3D:2B:BB:C0:68 Fingerprint (SHA1): 29:A6:4E:CD:A1:66:C1:12:FE:A3:DF:A2:F2:DA:4A:F7:21:1F:9B:B9 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6486: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6487: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6488: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025648 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6489: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6490: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #6491: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6492: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519025649 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6493: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6494: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6495: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025539.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6496: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025524.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6497: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6498: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #6499: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025539.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6500: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519025650 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6501: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6502: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6503: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025539.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6504: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025525.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6505: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6506: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #6507: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6508: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519025651 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6509: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6510: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6511: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025539.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6512: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025526.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6513: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6514: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6515: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025539.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #6516: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025527.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #6517: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6518: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519070747Z nextupdate=20160519070747Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 07:07:47 2015 Next Update: Thu May 19 07:07:47 2016 CRL Extensions: chains.sh: #6519: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519070748Z nextupdate=20160519070748Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:07:48 2015 Next Update: Thu May 19 07:07:48 2016 CRL Extensions: chains.sh: #6520: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519070749Z nextupdate=20160519070749Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:07:49 2015 Next Update: Thu May 19 07:07:49 2016 CRL Extensions: chains.sh: #6521: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519070749Z nextupdate=20160519070749Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 07:07:49 2015 Next Update: Thu May 19 07:07:49 2016 CRL Extensions: chains.sh: #6522: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519070750Z addcert 20 20150519070750Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:07:50 2015 Next Update: Thu May 19 07:07:48 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 07:07:50 2015 CRL Extensions: chains.sh: #6523: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519070751Z addcert 40 20150519070751Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:07:51 2015 Next Update: Thu May 19 07:07:48 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 07:07:50 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 07:07:51 2015 CRL Extensions: chains.sh: #6524: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6525: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6526: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #6527: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025648 (0x1eefb3f0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:07:19 2015 Not After : Tue May 19 07:07:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:56:23:92:52:e3:ba:b2:69:00:3c:eb:ba:d6:ff:26: 34:da:6a:d5:5e:d9:1a:73:5d:11:0d:5c:52:ed:57:4a: cf:8f:55:97:9c:5c:5f:f8:87:84:b5:5a:fb:97:65:bb: 11:31:90:16:45:49:10:e6:54:21:0f:b8:3f:71:e2:5d: d3:90:78:33:97:1b:db:ed:40:79:3b:fa:cc:f2:99:62: 51:a1:1d:37:8c:12:fe:91:35:3e:c3:70:9c:bd:f1:a0: 5c:8e:83:0f:9d:c0:e1:d7:68:7a:6f:aa:66:91:ba:ba: 12:65:8c:e1:c2:82:9e:58:f6:28:fd:ef:92:18:4a:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8e:45:82:24:64:3a:67:5c:95:de:b1:9f:35:92:8f:99: 0b:80:d7:58:1f:91:e2:1f:38:5b:e2:bd:41:5a:a9:71: c1:2f:d5:62:d2:1a:9d:27:90:c2:29:b5:75:18:c0:be: d1:be:ff:4f:64:6c:1f:dd:df:ff:ef:ef:79:39:c2:41: b6:a5:e2:14:8e:7c:3f:c3:92:d6:a6:1a:8d:4d:a5:a5: 0d:4c:4e:c0:1b:06:4a:d5:5c:f7:5d:c7:03:d6:12:b4: e1:4a:b7:d7:57:a4:b9:56:46:6c:a7:33:2e:d5:74:59: 62:73:03:0b:ac:7c:ed:18:fc:17:cd:3f:c2:0e:ee:52 Fingerprint (SHA-256): 56:9E:C7:57:4B:8C:F4:11:FD:EB:58:08:52:DF:A9:E9:09:29:77:7C:D4:11:2B:43:36:1A:87:BC:4E:1C:2D:37 Fingerprint (SHA1): AA:7F:69:60:65:07:74:8C:D3:CA:F3:9F:60:34:1B:6D:A0:4E:6C:7E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6528: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6529: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025648 (0x1eefb3f0) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:07:19 2015 Not After : Tue May 19 07:07:19 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:56:23:92:52:e3:ba:b2:69:00:3c:eb:ba:d6:ff:26: 34:da:6a:d5:5e:d9:1a:73:5d:11:0d:5c:52:ed:57:4a: cf:8f:55:97:9c:5c:5f:f8:87:84:b5:5a:fb:97:65:bb: 11:31:90:16:45:49:10:e6:54:21:0f:b8:3f:71:e2:5d: d3:90:78:33:97:1b:db:ed:40:79:3b:fa:cc:f2:99:62: 51:a1:1d:37:8c:12:fe:91:35:3e:c3:70:9c:bd:f1:a0: 5c:8e:83:0f:9d:c0:e1:d7:68:7a:6f:aa:66:91:ba:ba: 12:65:8c:e1:c2:82:9e:58:f6:28:fd:ef:92:18:4a:8d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8e:45:82:24:64:3a:67:5c:95:de:b1:9f:35:92:8f:99: 0b:80:d7:58:1f:91:e2:1f:38:5b:e2:bd:41:5a:a9:71: c1:2f:d5:62:d2:1a:9d:27:90:c2:29:b5:75:18:c0:be: d1:be:ff:4f:64:6c:1f:dd:df:ff:ef:ef:79:39:c2:41: b6:a5:e2:14:8e:7c:3f:c3:92:d6:a6:1a:8d:4d:a5:a5: 0d:4c:4e:c0:1b:06:4a:d5:5c:f7:5d:c7:03:d6:12:b4: e1:4a:b7:d7:57:a4:b9:56:46:6c:a7:33:2e:d5:74:59: 62:73:03:0b:ac:7c:ed:18:fc:17:cd:3f:c2:0e:ee:52 Fingerprint (SHA-256): 56:9E:C7:57:4B:8C:F4:11:FD:EB:58:08:52:DF:A9:E9:09:29:77:7C:D4:11:2B:43:36:1A:87:BC:4E:1C:2D:37 Fingerprint (SHA1): AA:7F:69:60:65:07:74:8C:D3:CA:F3:9F:60:34:1B:6D:A0:4E:6C:7E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #6530: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #6531: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6532: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025652 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6533: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6534: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6535: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6536: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025653 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6537: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6538: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6539: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6540: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025654 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6541: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6542: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6543: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6544: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519025655 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6545: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6546: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #6547: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025656 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6548: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #6549: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #6550: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6551: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519025657 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6552: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6553: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6554: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6555: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519025658 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6556: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6557: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #6558: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #6559: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #6560: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025652 (0x1eefb3f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:07:59 2015 Not After : Tue May 19 07:07:59 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:c2:67:b6:9f:15:02:a0:db:ac:f9:8f:22:fe:95: ff:55:e9:d9:8c:4b:10:14:f5:c6:5c:69:84:94:ac:7c: a8:20:c0:fe:7d:77:63:c8:79:d3:72:36:fd:73:36:77: 39:21:62:a7:a3:dc:9d:62:d0:27:81:b3:dc:96:59:75: 59:0a:80:6d:20:37:3c:16:d0:d7:55:1c:32:de:28:09: 6a:94:d7:18:72:85:c8:1c:82:c9:f2:0e:55:cc:f8:d7: a5:99:bc:cb:20:5b:2e:c4:7b:2f:11:33:ee:40:51:65: 94:a9:8b:85:a2:a8:38:fb:ac:e9:a7:f4:9b:3c:e1:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:55:d5:28:25:00:8d:6d:c6:62:d0:90:c1:64:ee:ae: 15:8a:da:1a:12:55:59:be:5d:6f:08:23:02:a9:b0:8e: d9:ef:71:01:ae:7e:13:e8:35:30:c7:b7:55:5a:19:38: 67:d1:64:f4:06:2d:7f:f9:ab:83:d3:0f:0d:ee:0c:c6: b8:6a:08:02:b6:d6:01:10:17:db:29:92:f4:11:01:0c: 77:a9:51:18:c3:ca:7f:47:9d:73:3b:aa:ff:5f:b8:a6: ae:c4:e3:eb:61:0b:42:4e:9a:9c:88:70:b6:82:8b:33: 86:8a:33:0d:64:68:27:84:7a:3d:08:aa:12:a9:4d:ce Fingerprint (SHA-256): FB:00:9C:6C:AA:AA:A0:17:E9:D8:06:99:D0:A1:F8:32:2D:F6:95:D9:27:3E:38:42:1C:01:DE:5D:1D:43:9B:63 Fingerprint (SHA1): 20:1D:8C:46:86:A7:BA:49:12:DE:D4:64:95:4A:CD:7B:73:2A:A5:05 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6561: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025654 (0x1eefb3f6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:08:06 2015 Not After : Tue May 19 07:08:06 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:55:e6:af:75:96:34:5a:45:71:e8:d8:f0:b7:f9:8f: 01:68:ea:c2:4d:e5:a3:a0:74:e0:87:e8:e9:75:ca:07: db:6c:f3:a5:ea:5b:0d:af:44:3b:fb:49:fd:46:87:2c: 5a:a7:e1:f2:fc:02:36:07:34:5b:5b:01:eb:18:04:4a: e2:dc:07:05:38:ab:23:33:1e:06:ed:0d:f4:31:d9:c8: 90:9e:cf:9f:6b:bb:bb:7f:c5:3e:fd:aa:1f:b7:e6:ee: 29:e1:1e:03:ce:af:60:7d:55:44:00:83:f5:95:7f:f1: cf:6e:76:f6:aa:47:67:55:9b:9f:6c:9e:9d:1e:7e:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 29:43:c8:e4:50:62:4d:d3:92:73:3b:67:0d:3a:3b:91: 36:e2:1d:7e:98:87:c1:07:09:3b:20:a3:ef:37:79:f5: ef:b5:c0:cf:19:88:f4:d9:13:98:31:51:bf:9f:1c:bf: 61:00:f6:26:a8:3b:a8:e7:32:0b:e3:e5:cf:fe:c4:90: fb:e9:04:4b:8c:5a:69:82:b7:1f:9f:5b:ee:63:98:b8: 15:bf:7d:6b:a2:ba:6b:6c:f4:a8:8b:64:3b:76:5a:2b: e8:8b:0c:a1:dc:54:f1:6a:33:4e:f4:f4:45:88:de:bb: f6:0a:07:bd:3e:16:b3:f4:e5:33:a4:0e:b4:ab:7b:de Fingerprint (SHA-256): 8F:E1:44:25:7F:C9:AF:C1:F0:18:F7:44:FE:E1:1E:3A:14:50:84:A5:12:1A:BA:67:C6:9D:93:22:3D:69:D5:B5 Fingerprint (SHA1): D3:D1:AF:30:CF:50:7E:7C:19:4A:FD:9A:36:99:66:C7:B5:B0:02:8A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #6562: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025652 (0x1eefb3f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:07:59 2015 Not After : Tue May 19 07:07:59 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:c2:67:b6:9f:15:02:a0:db:ac:f9:8f:22:fe:95: ff:55:e9:d9:8c:4b:10:14:f5:c6:5c:69:84:94:ac:7c: a8:20:c0:fe:7d:77:63:c8:79:d3:72:36:fd:73:36:77: 39:21:62:a7:a3:dc:9d:62:d0:27:81:b3:dc:96:59:75: 59:0a:80:6d:20:37:3c:16:d0:d7:55:1c:32:de:28:09: 6a:94:d7:18:72:85:c8:1c:82:c9:f2:0e:55:cc:f8:d7: a5:99:bc:cb:20:5b:2e:c4:7b:2f:11:33:ee:40:51:65: 94:a9:8b:85:a2:a8:38:fb:ac:e9:a7:f4:9b:3c:e1:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:55:d5:28:25:00:8d:6d:c6:62:d0:90:c1:64:ee:ae: 15:8a:da:1a:12:55:59:be:5d:6f:08:23:02:a9:b0:8e: d9:ef:71:01:ae:7e:13:e8:35:30:c7:b7:55:5a:19:38: 67:d1:64:f4:06:2d:7f:f9:ab:83:d3:0f:0d:ee:0c:c6: b8:6a:08:02:b6:d6:01:10:17:db:29:92:f4:11:01:0c: 77:a9:51:18:c3:ca:7f:47:9d:73:3b:aa:ff:5f:b8:a6: ae:c4:e3:eb:61:0b:42:4e:9a:9c:88:70:b6:82:8b:33: 86:8a:33:0d:64:68:27:84:7a:3d:08:aa:12:a9:4d:ce Fingerprint (SHA-256): FB:00:9C:6C:AA:AA:A0:17:E9:D8:06:99:D0:A1:F8:32:2D:F6:95:D9:27:3E:38:42:1C:01:DE:5D:1D:43:9B:63 Fingerprint (SHA1): 20:1D:8C:46:86:A7:BA:49:12:DE:D4:64:95:4A:CD:7B:73:2A:A5:05 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6563: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #6564: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025652 (0x1eefb3f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:07:59 2015 Not After : Tue May 19 07:07:59 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:c2:67:b6:9f:15:02:a0:db:ac:f9:8f:22:fe:95: ff:55:e9:d9:8c:4b:10:14:f5:c6:5c:69:84:94:ac:7c: a8:20:c0:fe:7d:77:63:c8:79:d3:72:36:fd:73:36:77: 39:21:62:a7:a3:dc:9d:62:d0:27:81:b3:dc:96:59:75: 59:0a:80:6d:20:37:3c:16:d0:d7:55:1c:32:de:28:09: 6a:94:d7:18:72:85:c8:1c:82:c9:f2:0e:55:cc:f8:d7: a5:99:bc:cb:20:5b:2e:c4:7b:2f:11:33:ee:40:51:65: 94:a9:8b:85:a2:a8:38:fb:ac:e9:a7:f4:9b:3c:e1:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:55:d5:28:25:00:8d:6d:c6:62:d0:90:c1:64:ee:ae: 15:8a:da:1a:12:55:59:be:5d:6f:08:23:02:a9:b0:8e: d9:ef:71:01:ae:7e:13:e8:35:30:c7:b7:55:5a:19:38: 67:d1:64:f4:06:2d:7f:f9:ab:83:d3:0f:0d:ee:0c:c6: b8:6a:08:02:b6:d6:01:10:17:db:29:92:f4:11:01:0c: 77:a9:51:18:c3:ca:7f:47:9d:73:3b:aa:ff:5f:b8:a6: ae:c4:e3:eb:61:0b:42:4e:9a:9c:88:70:b6:82:8b:33: 86:8a:33:0d:64:68:27:84:7a:3d:08:aa:12:a9:4d:ce Fingerprint (SHA-256): FB:00:9C:6C:AA:AA:A0:17:E9:D8:06:99:D0:A1:F8:32:2D:F6:95:D9:27:3E:38:42:1C:01:DE:5D:1D:43:9B:63 Fingerprint (SHA1): 20:1D:8C:46:86:A7:BA:49:12:DE:D4:64:95:4A:CD:7B:73:2A:A5:05 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6565: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025654 (0x1eefb3f6) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:08:06 2015 Not After : Tue May 19 07:08:06 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b7:55:e6:af:75:96:34:5a:45:71:e8:d8:f0:b7:f9:8f: 01:68:ea:c2:4d:e5:a3:a0:74:e0:87:e8:e9:75:ca:07: db:6c:f3:a5:ea:5b:0d:af:44:3b:fb:49:fd:46:87:2c: 5a:a7:e1:f2:fc:02:36:07:34:5b:5b:01:eb:18:04:4a: e2:dc:07:05:38:ab:23:33:1e:06:ed:0d:f4:31:d9:c8: 90:9e:cf:9f:6b:bb:bb:7f:c5:3e:fd:aa:1f:b7:e6:ee: 29:e1:1e:03:ce:af:60:7d:55:44:00:83:f5:95:7f:f1: cf:6e:76:f6:aa:47:67:55:9b:9f:6c:9e:9d:1e:7e:8f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 29:43:c8:e4:50:62:4d:d3:92:73:3b:67:0d:3a:3b:91: 36:e2:1d:7e:98:87:c1:07:09:3b:20:a3:ef:37:79:f5: ef:b5:c0:cf:19:88:f4:d9:13:98:31:51:bf:9f:1c:bf: 61:00:f6:26:a8:3b:a8:e7:32:0b:e3:e5:cf:fe:c4:90: fb:e9:04:4b:8c:5a:69:82:b7:1f:9f:5b:ee:63:98:b8: 15:bf:7d:6b:a2:ba:6b:6c:f4:a8:8b:64:3b:76:5a:2b: e8:8b:0c:a1:dc:54:f1:6a:33:4e:f4:f4:45:88:de:bb: f6:0a:07:bd:3e:16:b3:f4:e5:33:a4:0e:b4:ab:7b:de Fingerprint (SHA-256): 8F:E1:44:25:7F:C9:AF:C1:F0:18:F7:44:FE:E1:1E:3A:14:50:84:A5:12:1A:BA:67:C6:9D:93:22:3D:69:D5:B5 Fingerprint (SHA1): D3:D1:AF:30:CF:50:7E:7C:19:4A:FD:9A:36:99:66:C7:B5:B0:02:8A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #6566: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #6567: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #6568: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #6569: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025652 (0x1eefb3f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:07:59 2015 Not After : Tue May 19 07:07:59 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:c2:67:b6:9f:15:02:a0:db:ac:f9:8f:22:fe:95: ff:55:e9:d9:8c:4b:10:14:f5:c6:5c:69:84:94:ac:7c: a8:20:c0:fe:7d:77:63:c8:79:d3:72:36:fd:73:36:77: 39:21:62:a7:a3:dc:9d:62:d0:27:81:b3:dc:96:59:75: 59:0a:80:6d:20:37:3c:16:d0:d7:55:1c:32:de:28:09: 6a:94:d7:18:72:85:c8:1c:82:c9:f2:0e:55:cc:f8:d7: a5:99:bc:cb:20:5b:2e:c4:7b:2f:11:33:ee:40:51:65: 94:a9:8b:85:a2:a8:38:fb:ac:e9:a7:f4:9b:3c:e1:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:55:d5:28:25:00:8d:6d:c6:62:d0:90:c1:64:ee:ae: 15:8a:da:1a:12:55:59:be:5d:6f:08:23:02:a9:b0:8e: d9:ef:71:01:ae:7e:13:e8:35:30:c7:b7:55:5a:19:38: 67:d1:64:f4:06:2d:7f:f9:ab:83:d3:0f:0d:ee:0c:c6: b8:6a:08:02:b6:d6:01:10:17:db:29:92:f4:11:01:0c: 77:a9:51:18:c3:ca:7f:47:9d:73:3b:aa:ff:5f:b8:a6: ae:c4:e3:eb:61:0b:42:4e:9a:9c:88:70:b6:82:8b:33: 86:8a:33:0d:64:68:27:84:7a:3d:08:aa:12:a9:4d:ce Fingerprint (SHA-256): FB:00:9C:6C:AA:AA:A0:17:E9:D8:06:99:D0:A1:F8:32:2D:F6:95:D9:27:3E:38:42:1C:01:DE:5D:1D:43:9B:63 Fingerprint (SHA1): 20:1D:8C:46:86:A7:BA:49:12:DE:D4:64:95:4A:CD:7B:73:2A:A5:05 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6570: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025656 (0x1eefb3f8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 07:08:13 2015 Not After : Tue May 19 07:08:13 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a7:19:a6:90:af:7a:d4:e7:8b:49:ef:bc:51:92:7a:fa: cc:e9:ec:14:f1:9c:10:6d:56:1e:e8:62:0a:bd:8a:50: be:07:60:91:b5:00:9e:9a:7c:a8:ae:df:cd:61:b3:77: 0c:79:ee:3c:59:24:93:76:24:c4:0d:03:2d:3d:42:24: 9d:96:74:9c:39:93:51:33:5e:e0:2d:a3:c8:13:2d:ae: fe:60:69:4c:d4:e6:28:b7:bd:a5:91:3e:86:69:b1:67: 4b:0d:06:20:47:33:18:f2:04:51:fe:87:36:8e:75:20: 78:a1:06:da:8a:51:fb:61:05:97:04:df:58:06:1e:ab Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0e:50:b4:ae:84:e8:b2:28:7a:f4:1c:1b:13:39:36:a5: 9d:9d:99:c6:8b:16:a7:e1:8e:36:0d:19:c4:56:21:4e: 9b:e5:a5:19:5d:1b:e4:22:44:ae:5a:d1:40:1a:e6:ef: d8:2c:c7:02:54:6c:76:1c:18:5b:4f:76:1a:d6:aa:af: 1a:58:0b:9a:e8:8d:f3:b0:ef:eb:db:1a:70:44:0a:36: c8:f6:d1:8b:5c:71:f0:75:d3:4c:47:80:c3:36:29:bf: 92:78:f7:0b:b3:96:ba:8d:c0:cb:5e:04:93:81:3e:e3: d3:8a:fc:e0:8d:c1:b0:69:bb:68:64:e2:13:83:28:2f Fingerprint (SHA-256): 81:BD:A2:B5:33:59:64:F2:2A:78:07:42:76:5D:AB:A7:F2:A6:D8:9C:53:66:86:E4:05:B6:A7:61:AF:66:56:2C Fingerprint (SHA1): 96:35:1E:71:AB:B6:86:12:F4:A8:C7:33:20:CD:7F:4E:3A:EB:D5:E3 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #6571: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025652 (0x1eefb3f4) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:07:59 2015 Not After : Tue May 19 07:07:59 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:5e:c2:67:b6:9f:15:02:a0:db:ac:f9:8f:22:fe:95: ff:55:e9:d9:8c:4b:10:14:f5:c6:5c:69:84:94:ac:7c: a8:20:c0:fe:7d:77:63:c8:79:d3:72:36:fd:73:36:77: 39:21:62:a7:a3:dc:9d:62:d0:27:81:b3:dc:96:59:75: 59:0a:80:6d:20:37:3c:16:d0:d7:55:1c:32:de:28:09: 6a:94:d7:18:72:85:c8:1c:82:c9:f2:0e:55:cc:f8:d7: a5:99:bc:cb:20:5b:2e:c4:7b:2f:11:33:ee:40:51:65: 94:a9:8b:85:a2:a8:38:fb:ac:e9:a7:f4:9b:3c:e1:23 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 58:55:d5:28:25:00:8d:6d:c6:62:d0:90:c1:64:ee:ae: 15:8a:da:1a:12:55:59:be:5d:6f:08:23:02:a9:b0:8e: d9:ef:71:01:ae:7e:13:e8:35:30:c7:b7:55:5a:19:38: 67:d1:64:f4:06:2d:7f:f9:ab:83:d3:0f:0d:ee:0c:c6: b8:6a:08:02:b6:d6:01:10:17:db:29:92:f4:11:01:0c: 77:a9:51:18:c3:ca:7f:47:9d:73:3b:aa:ff:5f:b8:a6: ae:c4:e3:eb:61:0b:42:4e:9a:9c:88:70:b6:82:8b:33: 86:8a:33:0d:64:68:27:84:7a:3d:08:aa:12:a9:4d:ce Fingerprint (SHA-256): FB:00:9C:6C:AA:AA:A0:17:E9:D8:06:99:D0:A1:F8:32:2D:F6:95:D9:27:3E:38:42:1C:01:DE:5D:1D:43:9B:63 Fingerprint (SHA1): 20:1D:8C:46:86:A7:BA:49:12:DE:D4:64:95:4A:CD:7B:73:2A:A5:05 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6572: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #6573: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #6574: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #6575: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #6576: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #6577: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025657 (0x1eefb3f9) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 07:08:17 2015 Not After : Tue May 19 07:08:17 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:ea:4c:57:c8:13:be:bb:4f:1a:6a:16:8a:14:7f:d9: 97:f7:e9:ed:13:f6:d1:a8:fd:10:c7:7a:dc:62:09:34: 10:84:61:8b:fa:c3:cf:11:5b:fb:bd:5f:4d:0f:ef:8d: 60:7c:79:e3:72:7b:1b:5c:1e:29:6c:ed:c2:e6:2e:f7: a3:20:6f:61:da:58:82:dc:b5:9c:55:73:a2:7d:80:82: b4:e8:61:e6:cc:ec:19:77:52:12:60:0c:5c:00:68:e6: f3:f6:d8:ec:7f:49:d6:9e:f8:d9:3c:aa:e1:7f:28:7c: bf:94:41:44:77:35:55:2e:55:af:bf:df:b4:b2:30:a1 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5f:d1:88:18:a7:c6:19:55:06:c7:0f:cd:a0:6b:0d:41: 61:64:fe:8b:ea:13:46:bb:48:65:e8:e2:87:c1:36:26: aa:d7:eb:ed:c9:7b:25:d6:02:fe:1a:b6:a8:af:98:9a: d1:43:24:5e:ce:1a:53:07:71:90:a6:f3:43:20:ba:9f: 52:a8:1a:13:33:c3:ab:6a:87:b3:ed:d8:a4:43:c8:69: 40:42:88:22:ba:59:2f:2c:9c:e9:4a:21:f6:5d:9e:dd: 06:10:ec:0f:e7:73:1c:52:31:fa:e3:a5:3d:8e:7a:82: cb:ed:ec:0c:86:b9:02:a3:84:8f:dc:cf:83:95:10:61 Fingerprint (SHA-256): FC:A6:AD:1D:14:3C:63:60:8F:29:6D:FC:E0:45:07:A5:FE:BE:DF:41:04:BE:BA:41:03:8C:1C:C8:8E:41:D0:FD Fingerprint (SHA1): B9:E9:B0:D8:B2:31:6B:17:47:60:35:3B:E7:5B:6D:AE:25:A7:9B:E8 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #6578: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #6579: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #6580: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #6581: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #6582: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6583: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6584: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #6585: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6586: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6587: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #6588: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6589: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6590: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6591: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6592: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #6593: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6594: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6595: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6596: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #6597: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6598: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #6599: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #6600: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #6601: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 29758 at Tue May 19 03:08:53 EDT 2015 kill -USR1 29758 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 29758 killed at Tue May 19 03:08:54 EDT 2015 httpserv starting at Tue May 19 03:08:54 EDT 2015 httpserv -D -p 9113 \ -A OCSPRoot -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \ -A OCSPCA2 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl -A OCSPCA3 -C /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \ -O get-unknown -d /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \ -i /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.900 & trying to connect to httpserv at Tue May 19 03:08:54 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed retrying to connect to httpserv at Tue May 19 03:08:59 EDT 2015 tstclnt -p 9113 -h localhost.localdomain -q -v tstclnt: error looking up host: PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed chains.sh: #6602: Waiting for Server - FAILED kill -0 13051 >/dev/null 2>/dev/null httpserv with PID 13051 found at Tue May 19 03:09:00 EDT 2015 httpserv with PID 13051 started at Tue May 19 03:09:00 EDT 2015 chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #6603: Bridge: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025659 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6604: Bridge: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #6605: Bridge: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #6606: Bridge: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025660 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6607: Bridge: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #6608: Bridge: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #6609: Bridge: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6610: Bridge: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025661 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6611: Bridge: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6612: Bridge: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025662 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6613: Bridge: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6614: Bridge: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #6615: Bridge: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6616: Bridge: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6617: Bridge: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserBridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 519025663 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6618: Bridge: Creating certficate UserBridge.der signed by Bridge - PASSED chains.sh: Importing certificate UserBridge.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6619: Bridge: Importing certificate UserBridge.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6620: Bridge: Creating DB AllDB - PASSED chains.sh: Importing certificate Army.der to AllDB database certutil -A -n Army -t "" -d AllDB -f AllDB/dbpasswd -i Army.der chains.sh: #6621: Bridge: Importing certificate Army.der to AllDB database - PASSED chains.sh: Importing certificate Navy.der to AllDB database certutil -A -n Navy -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der chains.sh: #6622: Bridge: Importing certificate Navy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025660 (0x1eefb3fc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:09:07 2015 Not After : Tue May 19 07:09:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:52:2e:d1:5c:c1:ec:fb:65:0d:29:96:2c:cf:d4:4d: 4d:22:66:f3:a6:5d:4b:0b:88:65:6b:e7:b4:e6:52:e0: 12:6e:25:0d:22:74:09:40:09:7a:32:cb:77:3a:7c:4b: fe:8f:aa:86:27:ff:43:b5:35:6a:49:05:20:ab:f6:92: f0:b9:c4:d0:47:37:ce:e2:e0:aa:4c:78:e5:be:c7:43: 96:6a:c9:96:71:28:bb:3c:33:fa:2a:22:7f:5d:5e:3f: 76:8f:7a:a1:35:ed:87:67:f6:06:3b:30:13:8c:98:1c: f9:a5:81:bf:00:5e:38:e5:14:d8:b7:eb:9b:29:a7:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:6d:0a:01:98:5e:45:b9:fc:b9:74:5b:56:f3:da:29: f4:27:f2:2f:af:b7:ff:98:20:2d:70:95:3c:a5:37:b8: 90:3e:0a:24:0b:d8:7b:98:8f:bd:a2:46:81:2e:67:e0: 0d:24:d1:f8:4d:27:ef:a0:89:7a:24:6e:96:ae:9f:d9: 97:42:00:00:5c:ff:d0:57:a4:39:5c:82:0a:83:0b:54: 64:ef:2d:35:55:f4:d8:44:e5:df:2f:4d:3e:aa:32:07: bc:6f:62:fc:a3:1d:21:cc:86:e3:b1:f1:c6:8e:39:1e: fb:d0:64:ca:b0:90:8a:53:41:22:93:c0:8d:ca:0f:6b Fingerprint (SHA-256): 62:B8:CC:A3:67:05:23:18:F0:41:A3:07:74:93:5F:46:BC:6E:34:CE:C7:1A:0F:DA:C4:01:E9:E8:74:1D:A8:A3 Fingerprint (SHA1): 74:E0:A8:D7:10:0C:F7:C1:6C:72:1E:32:2B:B3:61:D5:5F:78:45:AE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6623: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeArmy.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025659 (0x1eefb3fb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:09:03 2015 Not After : Tue May 19 07:09:03 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e1:48:c9:52:de:f9:c5:0f:1d:fd:38:32:33:5e:44: 01:7e:ce:0a:22:ad:6e:f1:1c:82:d1:74:88:e3:33:5b: 4b:aa:22:82:c7:9e:af:bb:99:33:6f:ce:51:9b:a2:ce: a4:5e:6b:5f:6e:0c:06:9f:0b:09:54:d7:cc:a0:bd:e2: 76:d3:23:a8:c7:a8:21:15:f0:26:84:23:2b:30:87:68: 8d:5e:e8:d4:d4:f7:f6:58:fe:e4:8e:90:d4:f2:e0:f6: 7f:56:8d:fe:c6:ea:9f:c0:41:25:c2:37:d1:77:51:c9: fb:ea:b4:51:06:5f:cb:bc:3b:2c:5b:8d:24:3d:09:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:e1:cb:5b:3e:c9:a5:a1:0f:ff:ce:26:9a:54:54:32: b0:37:d3:0c:d9:fd:81:0b:32:07:f4:ef:a9:c6:34:60: f1:b8:b9:95:60:52:39:56:b0:b9:cd:73:9c:80:cd:71: 37:58:0c:a7:b9:e7:7a:8d:a5:d4:39:82:f3:60:fd:0a: 59:e6:7b:ff:a3:30:65:3d:58:c5:70:85:21:da:b9:59: 0c:96:a5:cb:c6:d4:6b:52:64:ff:5a:cd:e3:80:fa:ab: 85:87:94:ab:2f:c2:7a:3d:ae:28:84:96:03:49:13:bd: 29:83:4b:67:84:ed:c5:c2:96:d5:c9:38:da:49:a0:e9 Fingerprint (SHA-256): D2:EA:39:44:79:C8:A8:B4:DB:7A:95:EC:FD:7F:21:08:C3:1A:81:03:E8:DB:A0:23:D0:A3:2A:A3:CE:12:A9:53 Fingerprint (SHA1): E7:50:CD:CE:78:CD:A9:F1:14:0B:23:54:EA:C9:E7:48:4A:21:F2:AC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6624: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der BridgeNavy.der -t Army Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Navy [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6625: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Importing certificate BridgeArmy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der chains.sh: #6626: Bridge: Importing certificate BridgeArmy.der to AllDB database - PASSED chains.sh: Importing certificate BridgeNavy.der to AllDB database certutil -A -n Bridge -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der chains.sh: #6627: Bridge: Importing certificate BridgeNavy.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army vfychain -d AllDB -pp -vv UserBridge.der -t Army Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025659 (0x1eefb3fb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:09:03 2015 Not After : Tue May 19 07:09:03 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e1:48:c9:52:de:f9:c5:0f:1d:fd:38:32:33:5e:44: 01:7e:ce:0a:22:ad:6e:f1:1c:82:d1:74:88:e3:33:5b: 4b:aa:22:82:c7:9e:af:bb:99:33:6f:ce:51:9b:a2:ce: a4:5e:6b:5f:6e:0c:06:9f:0b:09:54:d7:cc:a0:bd:e2: 76:d3:23:a8:c7:a8:21:15:f0:26:84:23:2b:30:87:68: 8d:5e:e8:d4:d4:f7:f6:58:fe:e4:8e:90:d4:f2:e0:f6: 7f:56:8d:fe:c6:ea:9f:c0:41:25:c2:37:d1:77:51:c9: fb:ea:b4:51:06:5f:cb:bc:3b:2c:5b:8d:24:3d:09:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:e1:cb:5b:3e:c9:a5:a1:0f:ff:ce:26:9a:54:54:32: b0:37:d3:0c:d9:fd:81:0b:32:07:f4:ef:a9:c6:34:60: f1:b8:b9:95:60:52:39:56:b0:b9:cd:73:9c:80:cd:71: 37:58:0c:a7:b9:e7:7a:8d:a5:d4:39:82:f3:60:fd:0a: 59:e6:7b:ff:a3:30:65:3d:58:c5:70:85:21:da:b9:59: 0c:96:a5:cb:c6:d4:6b:52:64:ff:5a:cd:e3:80:fa:ab: 85:87:94:ab:2f:c2:7a:3d:ae:28:84:96:03:49:13:bd: 29:83:4b:67:84:ed:c5:c2:96:d5:c9:38:da:49:a0:e9 Fingerprint (SHA-256): D2:EA:39:44:79:C8:A8:B4:DB:7A:95:EC:FD:7F:21:08:C3:1A:81:03:E8:DB:A0:23:D0:A3:2A:A3:CE:12:A9:53 Fingerprint (SHA1): E7:50:CD:CE:78:CD:A9:F1:14:0B:23:54:EA:C9:E7:48:4A:21:F2:AC Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6628: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Army - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy vfychain -d AllDB -pp -vv UserBridge.der -t Navy Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025660 (0x1eefb3fc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:09:07 2015 Not After : Tue May 19 07:09:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:52:2e:d1:5c:c1:ec:fb:65:0d:29:96:2c:cf:d4:4d: 4d:22:66:f3:a6:5d:4b:0b:88:65:6b:e7:b4:e6:52:e0: 12:6e:25:0d:22:74:09:40:09:7a:32:cb:77:3a:7c:4b: fe:8f:aa:86:27:ff:43:b5:35:6a:49:05:20:ab:f6:92: f0:b9:c4:d0:47:37:ce:e2:e0:aa:4c:78:e5:be:c7:43: 96:6a:c9:96:71:28:bb:3c:33:fa:2a:22:7f:5d:5e:3f: 76:8f:7a:a1:35:ed:87:67:f6:06:3b:30:13:8c:98:1c: f9:a5:81:bf:00:5e:38:e5:14:d8:b7:eb:9b:29:a7:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:6d:0a:01:98:5e:45:b9:fc:b9:74:5b:56:f3:da:29: f4:27:f2:2f:af:b7:ff:98:20:2d:70:95:3c:a5:37:b8: 90:3e:0a:24:0b:d8:7b:98:8f:bd:a2:46:81:2e:67:e0: 0d:24:d1:f8:4d:27:ef:a0:89:7a:24:6e:96:ae:9f:d9: 97:42:00:00:5c:ff:d0:57:a4:39:5c:82:0a:83:0b:54: 64:ef:2d:35:55:f4:d8:44:e5:df:2f:4d:3e:aa:32:07: bc:6f:62:fc:a3:1d:21:cc:86:e3:b1:f1:c6:8e:39:1e: fb:d0:64:ca:b0:90:8a:53:41:22:93:c0:8d:ca:0f:6b Fingerprint (SHA-256): 62:B8:CC:A3:67:05:23:18:F0:41:A3:07:74:93:5F:46:BC:6E:34:CE:C7:1A:0F:DA:C4:01:E9:E8:74:1D:A8:A3 Fingerprint (SHA1): 74:E0:A8:D7:10:0C:F7:C1:6C:72:1E:32:2B:B3:61:D5:5F:78:45:AE Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6629: Bridge: Verifying certificate(s) UserBridge.der with flags -d AllDB -pp -t Navy - PASSED chains.sh: Creating DB ArmyOnlyDB certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd chains.sh: #6630: Bridge: Creating DB ArmyOnlyDB - PASSED chains.sh: Importing certificate Army.der to ArmyOnlyDB database certutil -A -n Army -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der chains.sh: #6631: Bridge: Importing certificate Army.der to ArmyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6632: Bridge: Verifying certificate(s) UserBridge.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@navy [Certificate Authority]: Email Address(es): bridge@navy ERROR -8179: Peer's Certificate issuer is not recognized. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6633: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Navy ROOT CA,O=Navy,C=US Returned value is 1, expected result is fail chains.sh: #6634: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der Navy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025660 (0x1eefb3fc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:09:07 2015 Not After : Tue May 19 07:09:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:52:2e:d1:5c:c1:ec:fb:65:0d:29:96:2c:cf:d4:4d: 4d:22:66:f3:a6:5d:4b:0b:88:65:6b:e7:b4:e6:52:e0: 12:6e:25:0d:22:74:09:40:09:7a:32:cb:77:3a:7c:4b: fe:8f:aa:86:27:ff:43:b5:35:6a:49:05:20:ab:f6:92: f0:b9:c4:d0:47:37:ce:e2:e0:aa:4c:78:e5:be:c7:43: 96:6a:c9:96:71:28:bb:3c:33:fa:2a:22:7f:5d:5e:3f: 76:8f:7a:a1:35:ed:87:67:f6:06:3b:30:13:8c:98:1c: f9:a5:81:bf:00:5e:38:e5:14:d8:b7:eb:9b:29:a7:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:6d:0a:01:98:5e:45:b9:fc:b9:74:5b:56:f3:da:29: f4:27:f2:2f:af:b7:ff:98:20:2d:70:95:3c:a5:37:b8: 90:3e:0a:24:0b:d8:7b:98:8f:bd:a2:46:81:2e:67:e0: 0d:24:d1:f8:4d:27:ef:a0:89:7a:24:6e:96:ae:9f:d9: 97:42:00:00:5c:ff:d0:57:a4:39:5c:82:0a:83:0b:54: 64:ef:2d:35:55:f4:d8:44:e5:df:2f:4d:3e:aa:32:07: bc:6f:62:fc:a3:1d:21:cc:86:e3:b1:f1:c6:8e:39:1e: fb:d0:64:ca:b0:90:8a:53:41:22:93:c0:8d:ca:0f:6b Fingerprint (SHA-256): 62:B8:CC:A3:67:05:23:18:F0:41:A3:07:74:93:5F:46:BC:6E:34:CE:C7:1A:0F:DA:C4:01:E9:E8:74:1D:A8:A3 Fingerprint (SHA1): 74:E0:A8:D7:10:0C:F7:C1:6C:72:1E:32:2B:B3:61:D5:5F:78:45:AE Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6635: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der vfychain -d ArmyOnlyDB -pp -vv UserBridge.der BridgeNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025660 (0x1eefb3fc) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:09:07 2015 Not After : Tue May 19 07:09:07 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a2:52:2e:d1:5c:c1:ec:fb:65:0d:29:96:2c:cf:d4:4d: 4d:22:66:f3:a6:5d:4b:0b:88:65:6b:e7:b4:e6:52:e0: 12:6e:25:0d:22:74:09:40:09:7a:32:cb:77:3a:7c:4b: fe:8f:aa:86:27:ff:43:b5:35:6a:49:05:20:ab:f6:92: f0:b9:c4:d0:47:37:ce:e2:e0:aa:4c:78:e5:be:c7:43: 96:6a:c9:96:71:28:bb:3c:33:fa:2a:22:7f:5d:5e:3f: 76:8f:7a:a1:35:ed:87:67:f6:06:3b:30:13:8c:98:1c: f9:a5:81:bf:00:5e:38:e5:14:d8:b7:eb:9b:29:a7:f5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 43:6d:0a:01:98:5e:45:b9:fc:b9:74:5b:56:f3:da:29: f4:27:f2:2f:af:b7:ff:98:20:2d:70:95:3c:a5:37:b8: 90:3e:0a:24:0b:d8:7b:98:8f:bd:a2:46:81:2e:67:e0: 0d:24:d1:f8:4d:27:ef:a0:89:7a:24:6e:96:ae:9f:d9: 97:42:00:00:5c:ff:d0:57:a4:39:5c:82:0a:83:0b:54: 64:ef:2d:35:55:f4:d8:44:e5:df:2f:4d:3e:aa:32:07: bc:6f:62:fc:a3:1d:21:cc:86:e3:b1:f1:c6:8e:39:1e: fb:d0:64:ca:b0:90:8a:53:41:22:93:c0:8d:ca:0f:6b Fingerprint (SHA-256): 62:B8:CC:A3:67:05:23:18:F0:41:A3:07:74:93:5F:46:BC:6E:34:CE:C7:1A:0F:DA:C4:01:E9:E8:74:1D:A8:A3 Fingerprint (SHA1): 74:E0:A8:D7:10:0C:F7:C1:6C:72:1E:32:2B:B3:61:D5:5F:78:45:AE Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6636: Bridge: Verifying certificate(s) UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp -t Navy.der - PASSED chains.sh: Creating DB NavyOnlyDB certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd chains.sh: #6637: Bridge: Creating DB NavyOnlyDB - PASSED chains.sh: Importing certificate Navy.der to NavyOnlyDB database certutil -A -n Navy -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der chains.sh: #6638: Bridge: Importing certificate Navy.der to NavyOnlyDB database - PASSED chains.sh: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=User EE,O=User,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #6639: Bridge: Verifying certificate(s) UserBridge.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. bridge@army [Certificate Authority]: Email Address(es): bridge@army ERROR -8179: Peer's Certificate issuer is not recognized. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #6640: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user. CN=Army ROOT CA,O=Army,C=US Returned value is 1, expected result is fail chains.sh: #6641: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der Army.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025659 (0x1eefb3fb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:09:03 2015 Not After : Tue May 19 07:09:03 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e1:48:c9:52:de:f9:c5:0f:1d:fd:38:32:33:5e:44: 01:7e:ce:0a:22:ad:6e:f1:1c:82:d1:74:88:e3:33:5b: 4b:aa:22:82:c7:9e:af:bb:99:33:6f:ce:51:9b:a2:ce: a4:5e:6b:5f:6e:0c:06:9f:0b:09:54:d7:cc:a0:bd:e2: 76:d3:23:a8:c7:a8:21:15:f0:26:84:23:2b:30:87:68: 8d:5e:e8:d4:d4:f7:f6:58:fe:e4:8e:90:d4:f2:e0:f6: 7f:56:8d:fe:c6:ea:9f:c0:41:25:c2:37:d1:77:51:c9: fb:ea:b4:51:06:5f:cb:bc:3b:2c:5b:8d:24:3d:09:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:e1:cb:5b:3e:c9:a5:a1:0f:ff:ce:26:9a:54:54:32: b0:37:d3:0c:d9:fd:81:0b:32:07:f4:ef:a9:c6:34:60: f1:b8:b9:95:60:52:39:56:b0:b9:cd:73:9c:80:cd:71: 37:58:0c:a7:b9:e7:7a:8d:a5:d4:39:82:f3:60:fd:0a: 59:e6:7b:ff:a3:30:65:3d:58:c5:70:85:21:da:b9:59: 0c:96:a5:cb:c6:d4:6b:52:64:ff:5a:cd:e3:80:fa:ab: 85:87:94:ab:2f:c2:7a:3d:ae:28:84:96:03:49:13:bd: 29:83:4b:67:84:ed:c5:c2:96:d5:c9:38:da:49:a0:e9 Fingerprint (SHA-256): D2:EA:39:44:79:C8:A8:B4:DB:7A:95:EC:FD:7F:21:08:C3:1A:81:03:E8:DB:A0:23:D0:A3:2A:A3:CE:12:A9:53 Fingerprint (SHA1): E7:50:CD:CE:78:CD:A9:F1:14:0B:23:54:EA:C9:E7:48:4A:21:F2:AC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6642: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der vfychain -d NavyOnlyDB -pp -vv UserBridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025659 (0x1eefb3fb) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:09:03 2015 Not After : Tue May 19 07:09:03 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:e1:48:c9:52:de:f9:c5:0f:1d:fd:38:32:33:5e:44: 01:7e:ce:0a:22:ad:6e:f1:1c:82:d1:74:88:e3:33:5b: 4b:aa:22:82:c7:9e:af:bb:99:33:6f:ce:51:9b:a2:ce: a4:5e:6b:5f:6e:0c:06:9f:0b:09:54:d7:cc:a0:bd:e2: 76:d3:23:a8:c7:a8:21:15:f0:26:84:23:2b:30:87:68: 8d:5e:e8:d4:d4:f7:f6:58:fe:e4:8e:90:d4:f2:e0:f6: 7f:56:8d:fe:c6:ea:9f:c0:41:25:c2:37:d1:77:51:c9: fb:ea:b4:51:06:5f:cb:bc:3b:2c:5b:8d:24:3d:09:2d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 67:e1:cb:5b:3e:c9:a5:a1:0f:ff:ce:26:9a:54:54:32: b0:37:d3:0c:d9:fd:81:0b:32:07:f4:ef:a9:c6:34:60: f1:b8:b9:95:60:52:39:56:b0:b9:cd:73:9c:80:cd:71: 37:58:0c:a7:b9:e7:7a:8d:a5:d4:39:82:f3:60:fd:0a: 59:e6:7b:ff:a3:30:65:3d:58:c5:70:85:21:da:b9:59: 0c:96:a5:cb:c6:d4:6b:52:64:ff:5a:cd:e3:80:fa:ab: 85:87:94:ab:2f:c2:7a:3d:ae:28:84:96:03:49:13:bd: 29:83:4b:67:84:ed:c5:c2:96:d5:c9:38:da:49:a0:e9 Fingerprint (SHA-256): D2:EA:39:44:79:C8:A8:B4:DB:7A:95:EC:FD:7F:21:08:C3:1A:81:03:E8:DB:A0:23:D0:A3:2A:A3:CE:12:A9:53 Fingerprint (SHA1): E7:50:CD:CE:78:CD:A9:F1:14:0B:23:54:EA:C9:E7:48:4A:21:F2:AC Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #6643: Bridge: Verifying certificate(s) UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp -t Army.der - PASSED chains.sh: Creating DB Root1DB certutil -N -d Root1DB -f Root1DB/dbpasswd chains.sh: #6644: MegaBridge_3_2: Creating DB Root1DB - PASSED chains.sh: Creating Root CA Root1 certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1 -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025664 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6645: MegaBridge_3_2: Creating Root CA Root1 - PASSED chains.sh: Exporting Root CA Root1.der certutil -L -d Root1DB -r -n Root1 -o Root1.der chains.sh: #6646: MegaBridge_3_2: Exporting Root CA Root1.der - PASSED chains.sh: Creating DB Root2DB certutil -N -d Root2DB -f Root2DB/dbpasswd chains.sh: #6647: MegaBridge_3_2: Creating DB Root2DB - PASSED chains.sh: Creating Root CA Root2 certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2 -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025665 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6648: MegaBridge_3_2: Creating Root CA Root2 - PASSED chains.sh: Exporting Root CA Root2.der certutil -L -d Root2DB -r -n Root2 -o Root2.der chains.sh: #6649: MegaBridge_3_2: Exporting Root CA Root2.der - PASSED chains.sh: Creating DB Root3DB certutil -N -d Root3DB -f Root3DB/dbpasswd chains.sh: #6650: MegaBridge_3_2: Creating DB Root3DB - PASSED chains.sh: Creating Root CA Root3 certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3 -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025666 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6651: MegaBridge_3_2: Creating Root CA Root3 - PASSED chains.sh: Exporting Root CA Root3.der certutil -L -d Root3DB -r -n Root3 -o Root3.der chains.sh: #6652: MegaBridge_3_2: Exporting Root CA Root3.der - PASSED chains.sh: Creating DB Root4DB certutil -N -d Root4DB -f Root4DB/dbpasswd chains.sh: #6653: MegaBridge_3_2: Creating DB Root4DB - PASSED chains.sh: Creating Root CA Root4 certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4 -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025667 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6654: MegaBridge_3_2: Creating Root CA Root4 - PASSED chains.sh: Exporting Root CA Root4.der certutil -L -d Root4DB -r -n Root4 -o Root4.der chains.sh: #6655: MegaBridge_3_2: Exporting Root CA Root4.der - PASSED chains.sh: Creating DB Root5DB certutil -N -d Root5DB -f Root5DB/dbpasswd chains.sh: #6656: MegaBridge_3_2: Creating DB Root5DB - PASSED chains.sh: Creating Root CA Root5 certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5 -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025668 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6657: MegaBridge_3_2: Creating Root CA Root5 - PASSED chains.sh: Exporting Root CA Root5.der certutil -L -d Root5DB -r -n Root5 -o Root5.der chains.sh: #6658: MegaBridge_3_2: Exporting Root CA Root5.der - PASSED chains.sh: Creating DB Root6DB certutil -N -d Root6DB -f Root6DB/dbpasswd chains.sh: #6659: MegaBridge_3_2: Creating DB Root6DB - PASSED chains.sh: Creating Root CA Root6 certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6 -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025669 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6660: MegaBridge_3_2: Creating Root CA Root6 - PASSED chains.sh: Exporting Root CA Root6.der certutil -L -d Root6DB -r -n Root6 -o Root6.der chains.sh: #6661: MegaBridge_3_2: Exporting Root CA Root6.der - PASSED chains.sh: Creating DB Root7DB certutil -N -d Root7DB -f Root7DB/dbpasswd chains.sh: #6662: MegaBridge_3_2: Creating DB Root7DB - PASSED chains.sh: Creating Root CA Root7 certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7 -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025670 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6663: MegaBridge_3_2: Creating Root CA Root7 - PASSED chains.sh: Exporting Root CA Root7.der certutil -L -d Root7DB -r -n Root7 -o Root7.der chains.sh: #6664: MegaBridge_3_2: Exporting Root CA Root7.der - PASSED chains.sh: Creating DB Root8DB certutil -N -d Root8DB -f Root8DB/dbpasswd chains.sh: #6665: MegaBridge_3_2: Creating DB Root8DB - PASSED chains.sh: Creating Root CA Root8 certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8 -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025671 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6666: MegaBridge_3_2: Creating Root CA Root8 - PASSED chains.sh: Exporting Root CA Root8.der certutil -L -d Root8DB -r -n Root8 -o Root8.der chains.sh: #6667: MegaBridge_3_2: Exporting Root CA Root8.der - PASSED chains.sh: Creating DB Root9DB certutil -N -d Root9DB -f Root9DB/dbpasswd chains.sh: #6668: MegaBridge_3_2: Creating DB Root9DB - PASSED chains.sh: Creating Root CA Root9 certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9 -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025672 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6669: MegaBridge_3_2: Creating Root CA Root9 - PASSED chains.sh: Exporting Root CA Root9.der certutil -L -d Root9DB -r -n Root9 -o Root9.der chains.sh: #6670: MegaBridge_3_2: Exporting Root CA Root9.der - PASSED chains.sh: Creating DB Bridge11DB certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd chains.sh: #6671: MegaBridge_3_2: Creating DB Bridge11DB - PASSED chains.sh: Creating Bridge certifiate request Bridge11Req.der certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US" -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6672: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der - PASSED chains.sh: Creating certficate Bridge11Root1.der signed by Root1 certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 519025673 -7 Bridge11@Root1 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6673: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1 - PASSED chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6674: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root2.der signed by Root2 certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 519025674 -7 Bridge11@Root2 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6675: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2 - PASSED chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6676: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database - PASSED chains.sh: Creating certficate Bridge11Root3.der signed by Root3 certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 519025675 -7 Bridge11@Root3 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6677: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3 - PASSED chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6678: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database - PASSED chains.sh: Generating PKCS7 package from Bridge11DB database cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7 chains.sh: #6679: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database - PASSED chains.sh: Creating DB Bridge12DB certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd chains.sh: #6680: MegaBridge_3_2: Creating DB Bridge12DB - PASSED chains.sh: Creating Bridge certifiate request Bridge12Req.der certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US" -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6681: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der - PASSED chains.sh: Creating certficate Bridge12Root4.der signed by Root4 certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 519025676 -7 Bridge12@Root4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6682: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4 - PASSED chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6683: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root5.der signed by Root5 certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 519025677 -7 Bridge12@Root5 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6684: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5 - PASSED chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6685: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database - PASSED chains.sh: Creating certficate Bridge12Root6.der signed by Root6 certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 519025678 -7 Bridge12@Root6 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6686: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6 - PASSED chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6687: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database - PASSED chains.sh: Generating PKCS7 package from Bridge12DB database cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7 chains.sh: #6688: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database - PASSED chains.sh: Creating DB Bridge13DB certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd chains.sh: #6689: MegaBridge_3_2: Creating DB Bridge13DB - PASSED chains.sh: Creating Bridge certifiate request Bridge13Req.der certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US" -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6690: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der - PASSED chains.sh: Creating certficate Bridge13Root7.der signed by Root7 certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 519025679 -7 Bridge13@Root7 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6691: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7 - PASSED chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6692: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root8.der signed by Root8 certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 519025680 -7 Bridge13@Root8 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6693: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8 - PASSED chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6694: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database - PASSED chains.sh: Creating certficate Bridge13Root9.der signed by Root9 certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 519025681 -7 Bridge13@Root9 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6695: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9 - PASSED chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6696: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database - PASSED chains.sh: Generating PKCS7 package from Bridge13DB database cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7 chains.sh: #6697: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database - PASSED chains.sh: Creating DB Bridge21DB certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd chains.sh: #6698: MegaBridge_3_2: Creating DB Bridge21DB - PASSED chains.sh: Creating Bridge certifiate request Bridge21Req.der certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US" -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6699: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der - PASSED chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11 certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 519025682 -7 Bridge21@Bridge11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6700: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11 - PASSED chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6701: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12 certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 519025683 -7 Bridge21@Bridge12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6702: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12 - PASSED chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6703: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database - PASSED chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13 certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 519025684 -7 Bridge21@Bridge13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6704: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13 - PASSED chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6705: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database - PASSED chains.sh: Generating PKCS7 package from Bridge21DB database cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7 chains.sh: #6706: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6707: MegaBridge_3_2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6708: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21 certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 519025685 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6709: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21 - PASSED chains.sh: Importing certificate CA1Bridge21.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6710: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6711: MegaBridge_3_2: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6712: MegaBridge_3_2: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025686 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6713: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6714: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der -t Root1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025664 (0x1eefb400) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root1 ROOT CA,O=Root1,C=US" Validity: Not Before: Tue May 19 07:09:39 2015 Not After : Tue May 19 07:09:39 2065 Subject: "CN=Root1 ROOT CA,O=Root1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:f4:1a:9b:62:71:36:62:cf:22:81:f4:54:32:01:a9: 56:ee:ee:f9:2d:1e:65:4c:e4:33:7d:4a:a4:c3:77:fc: 89:cb:1b:44:82:2d:0b:16:0e:b2:21:da:8e:34:3e:53: a3:b2:87:1f:a5:60:f4:d8:ce:58:bd:13:4f:c4:c9:58: b8:5d:c7:57:48:c3:80:8f:29:c7:c3:d6:b6:15:6a:a0: dd:47:5a:cd:02:d6:9a:be:11:07:00:fc:6f:aa:65:8d: 0a:76:8e:eb:b3:61:3b:e5:50:09:41:0a:28:8b:84:c7: c8:0c:3d:d0:7a:eb:9d:60:aa:0b:49:b4:89:d1:11:4d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 59:8d:43:e1:35:cc:7d:f9:aa:d0:1d:26:b1:89:09:56: 49:b3:66:3f:d4:ac:df:d6:3e:68:cb:1f:28:ee:d4:42: 84:c3:be:d5:a7:63:7f:8b:d4:d1:f5:b5:5b:01:61:90: 15:56:b3:e9:67:c5:9d:c1:04:94:6d:16:9f:08:57:12: 47:86:ca:01:17:0f:0b:57:36:2a:7c:b8:9c:e2:7a:5c: 17:43:9a:0c:f2:d7:05:75:7f:f6:a3:f9:d8:43:bd:8b: 35:cf:6d:95:98:7d:bd:40:b5:1b:6f:4c:9d:09:76:6d: 4c:fb:6e:b3:f0:da:8a:0e:31:fc:2f:cf:c0:6b:ff:d9 Fingerprint (SHA-256): BD:0A:85:D8:13:D2:51:66:4B:E1:5D:41:CF:C8:AF:6D:B4:12:55:0B:9B:3F:0C:F4:84:D2:AF:7F:32:37:AF:97 Fingerprint (SHA1): 36:F3:13:8B:7A:F8:DA:A5:72:91:07:C4:CF:FA:43:BA:7E:F3:1D:8E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6715: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp -t Root1.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der -t Root2.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025665 (0x1eefb401) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root2 ROOT CA,O=Root2,C=US" Validity: Not Before: Tue May 19 07:09:42 2015 Not After : Tue May 19 07:09:42 2065 Subject: "CN=Root2 ROOT CA,O=Root2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:cc:ba:2a:d7:56:0e:d4:6a:94:73:54:6f:6b:10:60: 7b:f3:31:68:f8:93:59:c4:a3:0d:41:a9:f2:bb:b4:ac: a3:57:50:8b:4c:0e:c3:8f:e8:41:da:c4:f7:d7:b6:76: 5f:92:94:8f:70:19:8d:9c:64:b3:cb:d9:dd:58:1f:99: 39:f2:5d:51:31:c1:3c:e5:bb:8d:69:e2:b6:87:09:76: ac:45:be:ca:66:ca:f1:49:5f:b5:53:db:6e:a9:09:d1: 4d:0c:4a:a1:b4:b2:77:e4:a5:f9:14:3c:e2:fd:fa:21: b7:1f:89:f9:7c:15:35:06:72:9d:4b:fc:66:eb:ec:69 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 14:f2:0a:8c:74:1a:ad:35:44:ff:96:0e:93:30:c6:91: e7:71:3a:cf:10:87:af:a1:ef:ca:d7:7f:ea:b2:62:8f: 00:22:e2:2c:83:2e:01:38:cb:92:ee:d1:e1:ed:5a:45: ef:7e:65:ca:f6:b2:1b:ac:11:43:b4:a0:99:74:b1:13: 9c:18:f0:f1:47:a1:7e:b6:30:a7:7f:0a:0a:6a:67:be: 0a:7e:60:da:51:71:d4:24:1b:2c:4d:08:71:e7:58:59: 9d:3c:ad:6d:eb:f4:ab:d7:6a:a5:5b:f5:1a:fc:2a:00: ee:4b:4e:a1:57:fb:da:b6:9a:5f:81:ff:a9:76:ea:71 Fingerprint (SHA-256): 8C:B9:22:2C:CA:4F:F0:EB:24:09:3F:23:6C:B1:30:D1:0A:A6:EB:3B:0C:3F:04:AE:A6:01:3B:EE:F7:55:FE:D1 Fingerprint (SHA1): B9:4B:9D:CE:F8:CE:BC:39:75:32:4F:AF:90:62:9E:2F:5D:50:4B:4A Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6716: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp -t Root2.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der -t Root3.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025666 (0x1eefb402) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root3 ROOT CA,O=Root3,C=US" Validity: Not Before: Tue May 19 07:09:45 2015 Not After : Tue May 19 07:09:45 2065 Subject: "CN=Root3 ROOT CA,O=Root3,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e6:8c:1a:7c:04:60:99:cc:b4:d0:7e:6f:30:40:b6:f5: a9:d8:a1:ac:da:0f:67:a4:00:3c:20:ff:f6:fb:73:e2: 04:eb:f9:ee:fa:6a:76:23:6e:a9:9a:c8:f2:93:35:45: 44:cb:fe:ce:09:e3:34:20:1a:29:a6:01:08:0a:f2:25: 60:18:de:62:13:36:77:79:24:c6:10:ae:4b:9b:83:66: 0f:1a:bb:85:b8:b5:f9:4b:d6:b8:81:7a:ee:40:c7:df: 38:19:86:99:43:9d:2d:37:46:b7:33:f9:34:fd:10:7e: 07:4c:68:a8:cd:20:74:b3:d6:3c:ff:0d:77:0b:9e:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 91:6e:ca:cb:de:11:17:d5:3c:00:0f:07:cc:00:81:ab: 39:5a:c1:ca:d2:9a:40:12:e4:c5:d1:64:7a:62:71:f2: d2:fe:cc:ee:38:79:14:f4:e0:74:4b:67:90:94:51:0c: 90:7c:1b:20:92:61:2e:76:a9:2b:04:78:69:35:88:66: 32:31:ee:74:43:13:85:82:6c:90:0e:11:35:d7:c9:05: 8a:a9:04:e2:ce:e0:97:ed:b2:cf:b8:01:78:29:4a:b2: f3:26:80:c0:a1:fe:b7:e1:e7:21:b2:5b:bf:03:fd:c1: a2:b9:d6:d1:1e:b1:67:24:6f:85:34:cc:ed:be:37:67 Fingerprint (SHA-256): A9:FA:83:62:E3:4D:29:B0:B5:60:CE:A5:1B:F4:E4:9A:D9:52:D6:76:CB:31:36:46:AA:6C:2C:BC:D1:E2:96:A8 Fingerprint (SHA1): 78:6D:C4:47:FC:03:91:17:D5:9C:B7:C0:6C:A1:E5:9D:21:04:C6:53 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US" Returned value is 0, expected result is pass chains.sh: #6717: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp -t Root3.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der -t Root4.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025667 (0x1eefb403) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root4 ROOT CA,O=Root4,C=US" Validity: Not Before: Tue May 19 07:09:48 2015 Not After : Tue May 19 07:09:48 2065 Subject: "CN=Root4 ROOT CA,O=Root4,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:8e:6f:0c:55:a0:39:24:f3:99:75:7a:8a:47:8e:65: 75:01:c2:34:4f:11:78:1f:0d:9b:56:2e:7e:20:1c:be: cc:f2:ea:09:ca:f6:bb:ff:83:f4:8c:8b:2c:d3:2f:10: 1a:82:39:0d:a5:bf:d5:6e:64:34:1f:f2:a1:cb:7d:25: ed:91:82:65:14:7f:1b:6f:e0:2a:14:f2:84:a7:1c:35: d0:be:d5:dc:2b:ca:32:b6:e6:4b:70:3d:c1:b9:96:d8: b4:cd:9d:38:a4:5d:93:c9:d4:f7:1d:9f:85:ae:83:9d: 99:01:67:34:4e:fa:10:64:e1:b6:7f:49:22:46:73:fd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 06:cd:4e:b3:5b:23:79:3d:2e:8f:a7:1a:cf:d9:28:cc: 4c:32:e7:3a:18:e3:be:37:27:27:26:88:2a:bb:d8:80: 0e:23:48:36:17:0b:92:22:bc:64:6e:39:84:d8:30:58: 48:82:1b:56:62:db:f4:fc:d5:47:61:e5:9f:eb:e1:9b: 13:c9:b5:8a:17:ca:ce:89:17:06:17:5f:b7:7a:d8:6b: b6:c8:8c:2a:34:f6:c7:a4:25:54:3c:96:c2:64:3d:0e: 5d:cf:6b:6e:1b:00:a2:02:e1:f2:1b:3e:53:0b:52:0d: c2:1d:a1:d1:59:b4:2b:9c:23:f8:15:e4:a0:de:61:58 Fingerprint (SHA-256): FE:34:28:88:E5:56:E2:16:EE:BD:ED:67:73:C3:5D:E7:78:4A:28:A3:5A:71:01:FB:9E:86:2D:2C:1F:02:5B:04 Fingerprint (SHA1): CB:18:A0:1B:A0:BF:55:29:CE:02:8A:11:5C:13:CA:90:F0:D3:F5:94 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6718: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp -t Root4.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der -t Root5.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025668 (0x1eefb404) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root5 ROOT CA,O=Root5,C=US" Validity: Not Before: Tue May 19 07:09:51 2015 Not After : Tue May 19 07:09:51 2065 Subject: "CN=Root5 ROOT CA,O=Root5,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:10:de:cf:cb:0c:bd:af:53:09:01:7d:8f:16:6d:54: 71:79:01:e4:31:39:50:c9:20:66:b1:d9:fc:c8:39:77: 26:82:d9:89:01:9f:c3:67:7e:82:f2:d8:4f:2b:9b:59: d4:3f:7f:34:9d:bd:76:84:c7:4a:a7:5e:82:d0:02:1b: bb:6a:74:50:52:1f:47:da:ca:27:26:75:08:01:ce:80: 49:cd:6a:4c:09:a7:7e:57:63:77:3b:40:76:7a:1e:2b: 89:71:e2:e6:89:8a:a2:97:6d:bc:1d:77:2c:4c:76:fb: dd:16:eb:25:f2:2d:dc:88:d3:35:41:50:1d:5e:6b:03 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: bd:76:4c:e8:8f:ac:08:30:ad:e2:6b:b1:d5:3c:c0:93: cc:79:09:6c:8e:21:62:05:c0:97:c2:99:62:5d:a8:14: 8f:61:7b:b4:74:34:fb:b6:68:11:7a:41:5f:17:a7:2b: 33:ad:c5:17:29:aa:33:76:81:e3:b7:d7:5f:00:43:82: 96:51:96:bc:d3:ce:9c:04:67:5a:6a:0a:05:5e:19:bc: 2d:a8:b4:29:bc:ab:ed:0a:c9:6f:a6:ac:eb:37:80:45: 74:42:ed:d2:4d:9a:46:19:1e:e1:59:93:1d:62:8b:d3: 17:1b:e2:58:27:41:b1:c2:17:fb:d5:3c:25:82:f9:da Fingerprint (SHA-256): 05:DB:CA:F7:C7:EB:C0:FE:01:00:37:D0:18:65:F1:09:0B:B6:13:C9:43:07:66:76:C2:16:D6:6F:95:8D:4E:1B Fingerprint (SHA1): FE:DC:23:73:93:55:46:EE:9E:98:7A:D2:E5:74:AF:4B:76:3C:EA:4D Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6719: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp -t Root5.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der -t Root6.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025669 (0x1eefb405) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root6 ROOT CA,O=Root6,C=US" Validity: Not Before: Tue May 19 07:09:54 2015 Not After : Tue May 19 07:09:54 2065 Subject: "CN=Root6 ROOT CA,O=Root6,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:78:b6:c2:6b:30:01:4e:10:32:06:aa:e5:3f:99:45: 31:fa:3a:11:24:a7:13:7a:a1:31:b1:3e:52:20:81:e6: a2:09:25:4d:44:d9:73:7f:87:fe:98:6c:23:3c:15:bd: c4:ed:3d:ac:8e:d6:23:af:b3:4e:f7:27:9a:a3:cd:5c: 83:6e:25:e5:20:f7:18:5d:80:dd:09:18:bc:d2:8e:17: b3:d0:f1:54:01:ea:2c:60:12:62:73:5d:45:32:bb:24: cd:ef:fc:f3:fd:5e:f4:60:02:b6:dc:a2:b1:b9:8a:23: bb:c9:b3:ec:43:95:94:3b:ac:51:f0:4c:80:b8:72:59 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 18:c0:d2:85:23:52:e4:1a:84:a1:51:fb:ed:ea:38:3c: d0:46:af:f6:03:93:03:eb:f2:cc:15:30:dc:11:98:47: 00:85:5b:f9:a1:34:d0:b6:54:64:95:60:58:74:36:c1: 54:f1:1a:94:9c:5f:cf:19:d1:33:36:1f:e5:8b:03:9a: 07:b2:16:1e:91:01:f9:4d:0c:f2:58:68:ad:f7:3d:cc: 8a:81:79:ff:2a:9d:cf:c6:8d:80:f5:40:af:5a:db:df: cd:21:89:bb:d3:a4:26:be:20:39:e0:5a:a6:c5:31:26: 38:7d:1b:79:04:7c:75:75:68:6a:97:aa:8b:9f:9d:41 Fingerprint (SHA-256): 83:33:1F:FE:E7:E2:46:E5:A2:68:01:8E:90:9E:98:64:EF:5B:0A:9B:DE:0B:C8:C6:39:12:D1:BC:75:61:F0:07 Fingerprint (SHA1): D6:74:12:75:0E:EF:3F:FC:31:5A:6F:BB:EC:51:0F:1C:B4:48:6C:8E Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US" Returned value is 0, expected result is pass chains.sh: #6720: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp -t Root6.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der -t Root7.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025670 (0x1eefb406) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root7 ROOT CA,O=Root7,C=US" Validity: Not Before: Tue May 19 07:09:57 2015 Not After : Tue May 19 07:09:57 2065 Subject: "CN=Root7 ROOT CA,O=Root7,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c1:0f:de:be:7c:e4:7a:35:c7:94:84:d1:15:69:55:a9: b4:c3:ca:2e:38:5f:08:ef:0e:b6:ff:71:fa:ff:13:5d: 19:84:2f:d9:fb:22:33:7c:82:3b:b5:0b:49:ef:78:84: 9b:48:72:a5:d1:fd:ae:ab:bf:73:b4:55:ac:f9:96:e8: 7c:88:69:18:a9:ef:1a:1b:00:ad:99:14:da:e0:20:bd: c2:64:7d:6c:eb:7a:16:ec:63:5e:0d:7c:ef:45:b2:f8: c9:12:65:2e:87:76:65:be:61:5c:3b:82:06:c4:19:95: 35:24:bc:56:85:75:f2:dd:7b:c8:93:e0:a0:90:8c:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 60:b5:e8:63:b8:bc:ef:d9:7d:17:fc:4e:ba:64:c9:d9: eb:ed:12:56:10:38:55:2d:de:6f:97:dd:fc:46:9a:ff: f0:bb:28:68:3a:4b:3d:41:eb:7f:5e:9b:c4:3b:b8:e8: 77:bd:0c:de:d0:c4:c5:75:c3:55:c4:f1:1e:2a:1d:1b: 88:52:d0:7f:91:80:1c:a6:fa:81:0e:b1:ca:e2:c9:3b: a0:fc:b6:f6:4b:8e:4b:c3:3c:9c:aa:5b:18:cc:ab:e6: 78:e1:e9:10:2b:15:e7:d5:2c:42:82:a0:25:b7:d4:ea: 4b:a8:70:f4:6f:6d:87:f8:cf:52:ba:af:1d:0b:79:cd Fingerprint (SHA-256): C0:6E:34:4E:39:C7:D7:20:21:47:5D:68:AF:2A:90:0E:18:84:37:E7:32:9C:EC:5B:A3:C8:9F:CD:7F:2E:7B:E7 Fingerprint (SHA1): AD:C4:50:1B:87:E8:D2:22:07:2B:20:F2:BA:8A:E3:E3:CF:7F:F2:E5 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6721: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp -t Root7.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der -t Root8.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025671 (0x1eefb407) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root8 ROOT CA,O=Root8,C=US" Validity: Not Before: Tue May 19 07:10:01 2015 Not After : Tue May 19 07:10:01 2065 Subject: "CN=Root8 ROOT CA,O=Root8,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d7:13:c9:ad:30:c9:5b:67:ca:1e:26:55:f4:20:94:e4: 0d:ca:24:16:d5:08:92:6f:48:00:cc:20:83:66:3d:db: 4b:f0:83:32:a1:84:4e:17:e6:b7:d0:70:c0:09:78:00: e0:be:56:ab:66:e4:3f:dc:99:64:f9:db:2b:28:60:25: 2c:f7:bc:1c:7b:09:82:3b:96:a4:3d:be:d5:cb:db:a1: 4b:14:da:e1:49:b3:22:f5:a0:8a:b1:f4:3d:c8:27:6f: 60:bb:aa:32:f5:b4:0b:34:0c:de:c0:d7:2d:ef:23:e1: 94:29:e0:b4:be:0a:33:d0:42:8c:78:71:ce:74:ec:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 5f:43:76:c7:58:54:ed:d6:7b:27:55:a0:72:34:00:e6: d8:7b:c2:13:81:f2:4f:75:d9:e9:f7:0e:e8:23:35:27: a9:02:7f:74:8f:49:8e:79:d6:1d:27:9f:9d:51:9d:2e: 8e:c8:15:cd:6c:d1:38:99:86:59:87:c5:bc:b9:a2:8c: 19:55:1b:5c:e4:4f:3a:46:a0:02:de:61:46:18:ff:db: 99:85:4b:9a:0b:94:63:b0:dd:d3:95:6b:9e:f3:dc:07: 9e:84:c0:74:6c:69:2d:58:8b:19:1b:49:e0:31:38:05: 64:8f:59:b9:a0:d4:12:78:95:a1:cc:c8:0f:88:23:1d Fingerprint (SHA-256): FB:54:69:50:FE:21:05:11:C8:44:D3:2C:2E:65:FF:0A:C4:62:33:FD:41:4E:51:3C:F8:DB:A4:00:3D:AE:A0:4D Fingerprint (SHA1): A3:7F:1D:0C:EB:4E:8C:44:C8:D2:5D:AF:1D:E3:A9:2E:5A:8A:17:0B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6722: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp -t Root8.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der -t Root9.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025672 (0x1eefb408) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root9 ROOT CA,O=Root9,C=US" Validity: Not Before: Tue May 19 07:10:05 2015 Not After : Tue May 19 07:10:05 2065 Subject: "CN=Root9 ROOT CA,O=Root9,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:3e:0e:45:79:5a:21:83:6b:e9:54:af:c1:d0:72:3d: d4:d6:36:9d:aa:19:94:a1:09:27:66:49:2b:ea:5e:99: e5:f8:ad:8b:5d:16:a8:c3:ae:08:04:9f:f1:98:76:ba: 4d:6f:0f:ac:bb:26:50:fd:b9:79:a0:4c:29:3c:bc:71: e0:73:b5:e6:71:a9:73:5c:33:d8:4d:a7:b5:27:32:66: fc:14:62:9b:38:30:88:11:49:10:6f:11:ad:46:9e:14: f7:a6:f0:a0:dd:39:f5:dc:95:bd:95:34:da:fb:16:00: 2c:2b:a3:1b:6b:d5:7b:98:54:f7:6a:c7:af:ad:bf:95 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8a:4f:0e:fb:19:f2:ab:b9:7b:f5:21:69:0a:13:ab:f1: d5:d2:b9:a0:25:3c:e9:0f:2d:d7:b0:9f:28:34:73:f3: 6f:a6:75:e1:aa:d6:01:73:e1:5f:0f:a6:84:08:f6:4a: 4f:b0:4e:70:96:00:f0:93:09:ad:f9:40:c2:dc:26:1d: 32:d5:ed:a3:ea:1c:a3:29:7e:07:67:28:a3:90:e2:7f: 52:0e:63:4f:6d:c3:23:7f:2b:69:5e:25:87:4d:a1:53: 7b:fa:a4:25:3c:4e:f0:15:ff:23:1a:52:52:82:b6:c9: 57:1b:06:16:56:99:22:96:9e:32:1b:3e:39:aa:0e:f9 Fingerprint (SHA-256): 41:09:35:C9:D6:5F:DF:0E:03:02:56:D6:48:E9:23:3E:60:8E:56:38:86:E8:CE:D0:A3:FB:0A:C6:3D:5A:61:C8 Fingerprint (SHA1): F8:AA:24:6C:03:A5:F1:4A:A8:E4:57:1B:3C:A9:D5:FF:5E:63:FF:C1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US" Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US" Returned value is 0, expected result is pass chains.sh: #6723: MegaBridge_3_2: Verifying certificate(s) EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp -t Root9.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6724: Extension: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025687 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6725: Extension: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6726: Extension: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6727: Extension: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6728: Extension: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025688 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6729: Extension: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6730: Extension: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6731: Extension: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6732: Extension: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025689 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6733: Extension: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6734: Extension: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #6735: Extension: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6736: Extension: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025690 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6737: Extension: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6738: Extension: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6739: Extension: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025687 (0x1eefb417) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:10:51 2015 Not After : Tue May 19 07:10:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:2f:24:9e:ca:ef:59:ba:bd:0b:ea:4b:0b:c0:49:99: 4d:24:6f:bb:3a:32:f8:bb:9d:2e:dd:84:52:a0:9e:6d: a2:a4:65:6e:b5:06:68:cf:62:32:b0:de:12:eb:b1:a0: 09:56:26:d7:4e:12:15:49:ed:b3:1c:60:21:0a:a8:e7: ee:14:f1:66:4b:9e:13:78:da:1d:98:b1:e1:db:00:a6: 86:a8:ea:81:a6:61:32:95:e7:7d:67:46:1d:aa:c2:a6: e8:e6:f0:e4:61:12:c4:25:3d:a7:84:18:7a:d9:f7:47: 62:b0:2e:2b:58:fd:c4:8d:d3:fa:23:e4:16:67:6e:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:8e:1b:7d:75:d7:56:05:28:88:ff:12:74:b3:18:38: 5c:2a:9b:c3:77:a0:17:19:c9:65:47:76:9a:95:0f:d3: 9a:a5:da:36:2a:33:6c:cb:b2:f3:10:f7:2d:e1:4f:09: 30:dd:b2:be:16:97:6a:a6:cb:88:32:68:d3:00:0f:6e: 73:1d:15:d9:6e:63:0e:c4:2c:db:d9:62:b3:c8:af:11: 77:33:ec:e7:4c:ac:10:3d:23:a4:ae:86:fa:df:32:3c: 60:43:04:a7:92:70:56:4d:8a:2e:c8:ce:a9:cc:0a:2f: f7:c2:d4:9c:63:6a:67:84:cb:27:51:b7:99:04:57:4c Fingerprint (SHA-256): 60:C9:A2:F3:55:DA:68:17:BF:33:5A:CD:CA:B0:B5:E3:36:A3:1C:05:9B:9F:87:65:56:0B:F3:D4:C0:8B:81:C8 Fingerprint (SHA1): DE:3B:6D:8C:41:36:C9:02:80:C1:44:A5:56:C1:C4:92:01:4A:55:C3 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6740: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6741: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025688 (0x1eefb418) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:10:55 2015 Not After : Tue May 19 07:10:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:08:4a:34:f3:85:b1:60:f5:24:51:a5:72:6a:28:fa: 44:b7:36:c0:66:60:82:f4:dc:58:5a:14:d4:67:54:9b: e5:ca:b4:c0:1f:5f:5f:5d:d6:05:4b:a8:58:8a:b1:87: 0c:81:14:92:3c:71:30:83:21:54:30:bb:35:98:f5:35: ce:e1:8c:29:d7:d2:ee:3e:e7:ec:95:74:5c:03:9f:6f: 77:9f:80:40:d7:5b:b6:fd:70:02:d3:46:8c:0a:a5:f8: 44:ea:de:a3:21:c4:81:df:83:fc:18:f3:c7:72:9a:48: 17:23:34:0a:ed:01:53:4e:ea:3a:78:f2:ab:cf:0e:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:f5:76:02:e8:31:f5:4b:fb:b4:72:6d:7d:c4:a3:06: 46:7a:ca:88:e0:ff:af:f1:28:a6:cf:f9:39:43:58:4f: 14:0f:44:47:b9:2f:96:71:e5:8e:9a:ae:f3:d4:21:7a: df:73:45:24:fb:39:0a:39:27:3f:6f:b0:49:e0:85:02: b2:bb:59:91:34:39:c6:dd:63:00:51:1d:64:53:f7:72: 62:7e:34:90:57:d5:db:85:88:47:00:6a:d1:63:87:9a: 01:de:68:35:65:92:eb:95:16:af:7b:c1:7d:3d:43:7c: ba:4c:f0:6a:42:09:82:0f:23:89:c9:26:9a:54:71:46 Fingerprint (SHA-256): 92:1D:68:81:80:0A:CB:93:B5:49:26:E0:8D:4F:1E:DA:7A:AF:86:B1:75:95:EB:57:8C:7D:19:92:C9:FA:F3:31 Fingerprint (SHA1): 3B:F1:06:3E:F0:E7:83:66:30:ED:59:28:7C:36:C0:CF:A6:65:3D:77 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6742: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6743: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025689 (0x1eefb419) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:10:58 2015 Not After : Tue May 19 07:10:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:5e:aa:73:eb:a8:38:50:47:14:fc:0c:24:a4:67:5f: 0e:34:76:31:90:a5:96:7a:59:72:6d:3d:a1:72:c8:67: b4:78:44:cf:13:49:c3:f0:04:36:70:0a:1a:70:de:4f: 91:90:e6:da:12:41:00:a0:9e:ac:5a:63:5b:7a:d1:c6: 60:fc:be:d7:61:33:f2:57:5e:64:45:19:55:17:fa:fc: 24:a5:54:e1:2b:14:d2:98:5a:98:3b:69:ab:12:93:dd: 5b:72:ef:eb:4c:e6:58:98:9c:8d:4c:a8:6f:1a:0c:e3: c2:78:fd:9e:26:c0:0b:7c:94:6e:c9:d6:2f:7c:60:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:43:ef:bf:20:85:15:85:ab:4c:0f:40:ef:4a:11:94: 5c:7c:cc:fa:87:f6:01:25:af:a5:c7:35:60:0b:d9:0e: f6:ff:bb:fb:55:a3:ed:35:d8:23:f1:e4:97:5b:79:e1: 3a:50:23:ca:49:da:46:88:86:65:e7:31:62:72:d6:77: e3:87:c5:ab:b5:60:c7:ae:81:3e:99:33:3a:6c:3f:9b: 83:44:d2:19:30:c2:30:96:21:b8:06:78:47:83:fb:cd: 33:e8:1c:09:ec:84:d4:11:ad:ba:bb:f9:a2:91:04:ac: 2e:c5:6c:17:af:af:39:2e:19:b2:f8:f4:6c:39:19:5f Fingerprint (SHA-256): 4D:6A:D1:79:3D:8A:70:0B:2E:F5:28:38:0A:4A:09:E0:52:32:0F:35:41:F6:72:65:98:70:60:39:01:DA:B9:4C Fingerprint (SHA1): 81:4F:F9:D9:12:AA:EE:7E:E9:35:C5:1E:8F:C0:FD:B6:D6:20:3C:CB Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6744: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6745: Extension: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6746: Extension: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6747: Extension: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6748: Extension: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025687 (0x1eefb417) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:10:51 2015 Not After : Tue May 19 07:10:51 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b6:2f:24:9e:ca:ef:59:ba:bd:0b:ea:4b:0b:c0:49:99: 4d:24:6f:bb:3a:32:f8:bb:9d:2e:dd:84:52:a0:9e:6d: a2:a4:65:6e:b5:06:68:cf:62:32:b0:de:12:eb:b1:a0: 09:56:26:d7:4e:12:15:49:ed:b3:1c:60:21:0a:a8:e7: ee:14:f1:66:4b:9e:13:78:da:1d:98:b1:e1:db:00:a6: 86:a8:ea:81:a6:61:32:95:e7:7d:67:46:1d:aa:c2:a6: e8:e6:f0:e4:61:12:c4:25:3d:a7:84:18:7a:d9:f7:47: 62:b0:2e:2b:58:fd:c4:8d:d3:fa:23:e4:16:67:6e:61 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 57:8e:1b:7d:75:d7:56:05:28:88:ff:12:74:b3:18:38: 5c:2a:9b:c3:77:a0:17:19:c9:65:47:76:9a:95:0f:d3: 9a:a5:da:36:2a:33:6c:cb:b2:f3:10:f7:2d:e1:4f:09: 30:dd:b2:be:16:97:6a:a6:cb:88:32:68:d3:00:0f:6e: 73:1d:15:d9:6e:63:0e:c4:2c:db:d9:62:b3:c8:af:11: 77:33:ec:e7:4c:ac:10:3d:23:a4:ae:86:fa:df:32:3c: 60:43:04:a7:92:70:56:4d:8a:2e:c8:ce:a9:cc:0a:2f: f7:c2:d4:9c:63:6a:67:84:cb:27:51:b7:99:04:57:4c Fingerprint (SHA-256): 60:C9:A2:F3:55:DA:68:17:BF:33:5A:CD:CA:B0:B5:E3:36:A3:1C:05:9B:9F:87:65:56:0B:F3:D4:C0:8B:81:C8 Fingerprint (SHA1): DE:3B:6D:8C:41:36:C9:02:80:C1:44:A5:56:C1:C4:92:01:4A:55:C3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6749: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6750: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025688 (0x1eefb418) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:10:55 2015 Not After : Tue May 19 07:10:55 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:08:4a:34:f3:85:b1:60:f5:24:51:a5:72:6a:28:fa: 44:b7:36:c0:66:60:82:f4:dc:58:5a:14:d4:67:54:9b: e5:ca:b4:c0:1f:5f:5f:5d:d6:05:4b:a8:58:8a:b1:87: 0c:81:14:92:3c:71:30:83:21:54:30:bb:35:98:f5:35: ce:e1:8c:29:d7:d2:ee:3e:e7:ec:95:74:5c:03:9f:6f: 77:9f:80:40:d7:5b:b6:fd:70:02:d3:46:8c:0a:a5:f8: 44:ea:de:a3:21:c4:81:df:83:fc:18:f3:c7:72:9a:48: 17:23:34:0a:ed:01:53:4e:ea:3a:78:f2:ab:cf:0e:ad Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 92:f5:76:02:e8:31:f5:4b:fb:b4:72:6d:7d:c4:a3:06: 46:7a:ca:88:e0:ff:af:f1:28:a6:cf:f9:39:43:58:4f: 14:0f:44:47:b9:2f:96:71:e5:8e:9a:ae:f3:d4:21:7a: df:73:45:24:fb:39:0a:39:27:3f:6f:b0:49:e0:85:02: b2:bb:59:91:34:39:c6:dd:63:00:51:1d:64:53:f7:72: 62:7e:34:90:57:d5:db:85:88:47:00:6a:d1:63:87:9a: 01:de:68:35:65:92:eb:95:16:af:7b:c1:7d:3d:43:7c: ba:4c:f0:6a:42:09:82:0f:23:89:c9:26:9a:54:71:46 Fingerprint (SHA-256): 92:1D:68:81:80:0A:CB:93:B5:49:26:E0:8D:4F:1E:DA:7A:AF:86:B1:75:95:EB:57:8C:7D:19:92:C9:FA:F3:31 Fingerprint (SHA1): 3B:F1:06:3E:F0:E7:83:66:30:ED:59:28:7C:36:C0:CF:A6:65:3D:77 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6751: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6752: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025689 (0x1eefb419) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:10:58 2015 Not After : Tue May 19 07:10:58 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c7:5e:aa:73:eb:a8:38:50:47:14:fc:0c:24:a4:67:5f: 0e:34:76:31:90:a5:96:7a:59:72:6d:3d:a1:72:c8:67: b4:78:44:cf:13:49:c3:f0:04:36:70:0a:1a:70:de:4f: 91:90:e6:da:12:41:00:a0:9e:ac:5a:63:5b:7a:d1:c6: 60:fc:be:d7:61:33:f2:57:5e:64:45:19:55:17:fa:fc: 24:a5:54:e1:2b:14:d2:98:5a:98:3b:69:ab:12:93:dd: 5b:72:ef:eb:4c:e6:58:98:9c:8d:4c:a8:6f:1a:0c:e3: c2:78:fd:9e:26:c0:0b:7c:94:6e:c9:d6:2f:7c:60:d3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7f:43:ef:bf:20:85:15:85:ab:4c:0f:40:ef:4a:11:94: 5c:7c:cc:fa:87:f6:01:25:af:a5:c7:35:60:0b:d9:0e: f6:ff:bb:fb:55:a3:ed:35:d8:23:f1:e4:97:5b:79:e1: 3a:50:23:ca:49:da:46:88:86:65:e7:31:62:72:d6:77: e3:87:c5:ab:b5:60:c7:ae:81:3e:99:33:3a:6c:3f:9b: 83:44:d2:19:30:c2:30:96:21:b8:06:78:47:83:fb:cd: 33:e8:1c:09:ec:84:d4:11:ad:ba:bb:f9:a2:91:04:ac: 2e:c5:6c:17:af:af:39:2e:19:b2:f8:f4:6c:39:19:5f Fingerprint (SHA-256): 4D:6A:D1:79:3D:8A:70:0B:2E:F5:28:38:0A:4A:09:E0:52:32:0F:35:41:F6:72:65:98:70:60:39:01:DA:B9:4C Fingerprint (SHA1): 81:4F:F9:D9:12:AA:EE:7E:E9:35:C5:1E:8F:C0:FD:B6:D6:20:3C:CB Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #6753: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6754: Extension: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6755: Extension2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025691 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6756: Extension2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6757: Extension2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6758: Extension2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6759: Extension2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025692 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6760: Extension2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6761: Extension2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6762: Extension2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6763: Extension2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025693 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6764: Extension2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6765: Extension2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6766: Extension2: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6767: Extension2: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519025694 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6768: Extension2: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6769: Extension2: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6770: Extension2: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6771: Extension2: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519025695 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6772: Extension2: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6773: Extension2: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6774: Extension2: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025691 (0x1eefb41b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:16 2015 Not After : Tue May 19 07:11:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:80:91:a9:ba:31:d1:b4:fb:da:d8:12:d3:51:db:4c: 94:ce:42:e1:c9:c0:41:ec:aa:88:4e:f7:81:aa:ef:e9: 37:0a:cb:0e:7d:33:65:6e:ab:91:70:c5:ba:19:76:58: 22:de:04:b3:77:24:9b:71:4d:63:d1:54:4d:96:e3:2a: ce:8c:3e:61:5d:06:92:e9:99:9c:ee:62:86:30:36:c9: d3:ff:d3:59:ea:97:f8:8c:a9:d1:1a:2b:3b:b6:35:b7: bf:fe:10:bc:b8:d6:dc:78:d0:6e:c8:57:c2:54:ee:df: 38:0c:d0:21:90:07:b4:8c:6b:6a:28:90:17:5b:91:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:32:63:9c:7d:6d:16:da:ce:39:05:c2:ce:74:1b:91: c0:4b:1c:5f:f8:67:29:69:ca:be:f5:1a:40:75:05:92: 8e:41:19:1a:5b:ed:6f:83:33:57:f4:cf:63:31:34:c9: fd:ed:ef:90:80:b2:8f:cc:09:8a:7e:f0:5b:a6:94:38: 62:49:bf:76:9b:b2:13:dd:38:df:05:7b:be:cf:f7:a7: 29:7b:44:8a:9e:70:c1:18:bc:af:c8:84:39:7b:48:c3: 9d:7b:b8:ff:38:d0:df:01:b6:9d:75:05:89:b3:30:16: 18:d0:7f:64:9d:49:4b:00:a5:cc:94:dd:42:c2:8f:a7 Fingerprint (SHA-256): 0A:6F:EE:20:4E:FE:77:70:57:92:13:F1:87:A3:1C:B4:8B:27:3D:D2:54:EC:86:CE:3B:48:36:33:05:18:BF:84 Fingerprint (SHA1): 0E:AD:94:A7:D9:8A:92:61:1C:96:FD:91:6D:D8:A2:28:AA:87:FB:CF Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6775: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6776: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp -o OID.2.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025692 (0x1eefb41c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:20 2015 Not After : Tue May 19 07:11:20 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:e2:9d:a5:f8:e3:69:90:7a:c7:d6:ef:e5:47:b3:4d: cf:c4:b9:fc:3d:31:cc:ad:16:78:b9:e5:6d:09:ec:29: 94:de:1f:d3:2c:d6:c3:91:8d:85:57:28:bd:68:51:22: 05:51:95:84:b5:24:7a:66:ea:a9:7c:02:de:92:31:06: a7:62:44:82:23:63:8f:4e:68:1d:24:93:a2:f0:e3:bd: 9e:2c:3f:55:4a:60:69:64:fa:cf:ac:5d:78:66:6c:16: 10:f3:ea:24:bd:db:73:5c:2f:ce:b3:bc:de:15:7b:39: 7f:cb:0a:5a:5d:83:c0:01:e7:35:0d:3d:38:7b:89:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:6b:e8:87:95:27:2b:03:cb:08:d0:41:fd:e2:ae:5a: f1:3c:78:41:d6:0e:4f:7b:59:7a:37:25:1a:7e:ee:1b: bc:d4:71:2e:94:8b:6c:2a:b9:eb:40:3f:b8:04:53:cd: 2a:7d:46:e7:24:97:eb:27:da:f8:c4:a0:40:8f:ec:d9: 5e:68:9f:65:33:4c:c8:4f:57:86:48:a6:8f:24:92:6b: 1c:1c:17:cd:32:de:c7:d7:7f:47:dd:28:43:d0:d9:44: dc:c9:03:60:aa:40:68:63:62:a9:22:a3:07:fd:a8:91: 72:e9:57:26:56:07:32:21:57:5c:25:52:bb:49:14:78 Fingerprint (SHA-256): EE:DA:35:E4:B4:CB:DC:53:70:65:C5:42:B2:F3:3D:C5:9B:98:B1:88:DE:3B:D5:B8:83:86:9B:9B:5A:48:55:F4 Fingerprint (SHA1): 5B:0D:B4:CC:1B:7A:68:97:62:79:19:35:5B:C9:29:E2:5B:82:9E:F3 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6777: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.1.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der CA1Root.der -t CA1Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6778: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp -o OID.2.0 -t CA1Root.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025693 (0x1eefb41d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:11:24 2015 Not After : Tue May 19 07:11:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:40:f1:1b:d0:74:8c:ab:cc:b0:56:83:48:c2:e2:f7: bf:90:d2:47:de:a0:35:c7:67:70:8f:da:fc:2e:1b:b5: b4:7b:f3:49:60:62:30:8f:12:0a:85:b1:ea:4d:5e:19: 22:01:6b:a7:da:ab:5f:54:c0:aa:40:3c:45:65:08:3a: 3e:80:23:53:1c:3d:6e:e2:c7:50:67:8d:94:9f:90:b8: 01:e1:e6:ec:62:cc:9d:60:a4:e9:d4:b2:90:48:68:24: 2e:ed:6d:eb:35:ca:c7:56:bb:be:9f:ea:88:af:91:bd: 99:6f:40:8b:20:ac:98:93:11:c5:8a:29:ed:29:51:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:ba:3f:c3:3d:68:11:54:7a:a5:3c:2f:df:45:af:41: 2a:a5:16:c9:1a:f3:dc:8e:d6:38:e8:66:28:2e:3d:0f: 34:fe:9a:9e:22:55:91:5d:50:e9:2b:78:3b:15:11:61: 71:d9:cb:6f:5f:6f:45:eb:48:01:47:22:28:e8:f0:d3: 18:05:90:64:9c:4f:f1:27:91:db:44:11:28:e6:f6:68: b9:d9:64:0d:7c:69:00:58:58:8b:9d:72:bd:b4:d3:62: 1c:e5:24:c5:85:22:2b:10:99:17:0f:65:22:45:e7:36: ea:c9:85:54:d9:27:98:ae:6e:df:f8:0a:ce:cb:26:94 Fingerprint (SHA-256): 77:34:15:F5:8E:52:DA:8A:74:DC:9B:AD:9F:D5:3A:78:DD:B5:FC:FC:4B:A8:2E:74:44:1A:34:86:89:60:85:72 Fingerprint (SHA1): 4D:AC:09:59:95:CA:A1:5B:CC:1C:8F:6C:E8:A4:D0:80:8D:AA:69:28 Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #6779: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.1.0 -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der CA2CA1.der -t CA2CA1.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6780: Extension2: Verifying certificate(s) User1CA2.der CA2CA1.der with flags -d AllDB -pp -o OID.2.0 -t CA2CA1.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #6781: Extension2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #6782: Extension2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6783: Extension2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025691 (0x1eefb41b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:16 2015 Not After : Tue May 19 07:11:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:80:91:a9:ba:31:d1:b4:fb:da:d8:12:d3:51:db:4c: 94:ce:42:e1:c9:c0:41:ec:aa:88:4e:f7:81:aa:ef:e9: 37:0a:cb:0e:7d:33:65:6e:ab:91:70:c5:ba:19:76:58: 22:de:04:b3:77:24:9b:71:4d:63:d1:54:4d:96:e3:2a: ce:8c:3e:61:5d:06:92:e9:99:9c:ee:62:86:30:36:c9: d3:ff:d3:59:ea:97:f8:8c:a9:d1:1a:2b:3b:b6:35:b7: bf:fe:10:bc:b8:d6:dc:78:d0:6e:c8:57:c2:54:ee:df: 38:0c:d0:21:90:07:b4:8c:6b:6a:28:90:17:5b:91:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:32:63:9c:7d:6d:16:da:ce:39:05:c2:ce:74:1b:91: c0:4b:1c:5f:f8:67:29:69:ca:be:f5:1a:40:75:05:92: 8e:41:19:1a:5b:ed:6f:83:33:57:f4:cf:63:31:34:c9: fd:ed:ef:90:80:b2:8f:cc:09:8a:7e:f0:5b:a6:94:38: 62:49:bf:76:9b:b2:13:dd:38:df:05:7b:be:cf:f7:a7: 29:7b:44:8a:9e:70:c1:18:bc:af:c8:84:39:7b:48:c3: 9d:7b:b8:ff:38:d0:df:01:b6:9d:75:05:89:b3:30:16: 18:d0:7f:64:9d:49:4b:00:a5:cc:94:dd:42:c2:8f:a7 Fingerprint (SHA-256): 0A:6F:EE:20:4E:FE:77:70:57:92:13:F1:87:A3:1C:B4:8B:27:3D:D2:54:EC:86:CE:3B:48:36:33:05:18:BF:84 Fingerprint (SHA1): 0E:AD:94:A7:D9:8A:92:61:1C:96:FD:91:6D:D8:A2:28:AA:87:FB:CF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6784: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6785: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025692 (0x1eefb41c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:20 2015 Not After : Tue May 19 07:11:20 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:e2:9d:a5:f8:e3:69:90:7a:c7:d6:ef:e5:47:b3:4d: cf:c4:b9:fc:3d:31:cc:ad:16:78:b9:e5:6d:09:ec:29: 94:de:1f:d3:2c:d6:c3:91:8d:85:57:28:bd:68:51:22: 05:51:95:84:b5:24:7a:66:ea:a9:7c:02:de:92:31:06: a7:62:44:82:23:63:8f:4e:68:1d:24:93:a2:f0:e3:bd: 9e:2c:3f:55:4a:60:69:64:fa:cf:ac:5d:78:66:6c:16: 10:f3:ea:24:bd:db:73:5c:2f:ce:b3:bc:de:15:7b:39: 7f:cb:0a:5a:5d:83:c0:01:e7:35:0d:3d:38:7b:89:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:6b:e8:87:95:27:2b:03:cb:08:d0:41:fd:e2:ae:5a: f1:3c:78:41:d6:0e:4f:7b:59:7a:37:25:1a:7e:ee:1b: bc:d4:71:2e:94:8b:6c:2a:b9:eb:40:3f:b8:04:53:cd: 2a:7d:46:e7:24:97:eb:27:da:f8:c4:a0:40:8f:ec:d9: 5e:68:9f:65:33:4c:c8:4f:57:86:48:a6:8f:24:92:6b: 1c:1c:17:cd:32:de:c7:d7:7f:47:dd:28:43:d0:d9:44: dc:c9:03:60:aa:40:68:63:62:a9:22:a3:07:fd:a8:91: 72:e9:57:26:56:07:32:21:57:5c:25:52:bb:49:14:78 Fingerprint (SHA-256): EE:DA:35:E4:B4:CB:DC:53:70:65:C5:42:B2:F3:3D:C5:9B:98:B1:88:DE:3B:D5:B8:83:86:9B:9B:5A:48:55:F4 Fingerprint (SHA1): 5B:0D:B4:CC:1B:7A:68:97:62:79:19:35:5B:C9:29:E2:5B:82:9E:F3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6786: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6787: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025693 (0x1eefb41d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:11:24 2015 Not After : Tue May 19 07:11:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:40:f1:1b:d0:74:8c:ab:cc:b0:56:83:48:c2:e2:f7: bf:90:d2:47:de:a0:35:c7:67:70:8f:da:fc:2e:1b:b5: b4:7b:f3:49:60:62:30:8f:12:0a:85:b1:ea:4d:5e:19: 22:01:6b:a7:da:ab:5f:54:c0:aa:40:3c:45:65:08:3a: 3e:80:23:53:1c:3d:6e:e2:c7:50:67:8d:94:9f:90:b8: 01:e1:e6:ec:62:cc:9d:60:a4:e9:d4:b2:90:48:68:24: 2e:ed:6d:eb:35:ca:c7:56:bb:be:9f:ea:88:af:91:bd: 99:6f:40:8b:20:ac:98:93:11:c5:8a:29:ed:29:51:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:ba:3f:c3:3d:68:11:54:7a:a5:3c:2f:df:45:af:41: 2a:a5:16:c9:1a:f3:dc:8e:d6:38:e8:66:28:2e:3d:0f: 34:fe:9a:9e:22:55:91:5d:50:e9:2b:78:3b:15:11:61: 71:d9:cb:6f:5f:6f:45:eb:48:01:47:22:28:e8:f0:d3: 18:05:90:64:9c:4f:f1:27:91:db:44:11:28:e6:f6:68: b9:d9:64:0d:7c:69:00:58:58:8b:9d:72:bd:b4:d3:62: 1c:e5:24:c5:85:22:2b:10:99:17:0f:65:22:45:e7:36: ea:c9:85:54:d9:27:98:ae:6e:df:f8:0a:ce:cb:26:94 Fingerprint (SHA-256): 77:34:15:F5:8E:52:DA:8A:74:DC:9B:AD:9F:D5:3A:78:DD:B5:FC:FC:4B:A8:2E:74:44:1A:34:86:89:60:85:72 Fingerprint (SHA1): 4D:AC:09:59:95:CA:A1:5B:CC:1C:8F:6C:E8:A4:D0:80:8D:AA:69:28 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Returned value is 0, expected result is pass chains.sh: #6788: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6789: Extension2: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025691 (0x1eefb41b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:16 2015 Not After : Tue May 19 07:11:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:80:91:a9:ba:31:d1:b4:fb:da:d8:12:d3:51:db:4c: 94:ce:42:e1:c9:c0:41:ec:aa:88:4e:f7:81:aa:ef:e9: 37:0a:cb:0e:7d:33:65:6e:ab:91:70:c5:ba:19:76:58: 22:de:04:b3:77:24:9b:71:4d:63:d1:54:4d:96:e3:2a: ce:8c:3e:61:5d:06:92:e9:99:9c:ee:62:86:30:36:c9: d3:ff:d3:59:ea:97:f8:8c:a9:d1:1a:2b:3b:b6:35:b7: bf:fe:10:bc:b8:d6:dc:78:d0:6e:c8:57:c2:54:ee:df: 38:0c:d0:21:90:07:b4:8c:6b:6a:28:90:17:5b:91:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:32:63:9c:7d:6d:16:da:ce:39:05:c2:ce:74:1b:91: c0:4b:1c:5f:f8:67:29:69:ca:be:f5:1a:40:75:05:92: 8e:41:19:1a:5b:ed:6f:83:33:57:f4:cf:63:31:34:c9: fd:ed:ef:90:80:b2:8f:cc:09:8a:7e:f0:5b:a6:94:38: 62:49:bf:76:9b:b2:13:dd:38:df:05:7b:be:cf:f7:a7: 29:7b:44:8a:9e:70:c1:18:bc:af:c8:84:39:7b:48:c3: 9d:7b:b8:ff:38:d0:df:01:b6:9d:75:05:89:b3:30:16: 18:d0:7f:64:9d:49:4b:00:a5:cc:94:dd:42:c2:8f:a7 Fingerprint (SHA-256): 0A:6F:EE:20:4E:FE:77:70:57:92:13:F1:87:A3:1C:B4:8B:27:3D:D2:54:EC:86:CE:3B:48:36:33:05:18:BF:84 Fingerprint (SHA1): 0E:AD:94:A7:D9:8A:92:61:1C:96:FD:91:6D:D8:A2:28:AA:87:FB:CF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6790: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025691 (0x1eefb41b) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:16 2015 Not After : Tue May 19 07:11:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:80:91:a9:ba:31:d1:b4:fb:da:d8:12:d3:51:db:4c: 94:ce:42:e1:c9:c0:41:ec:aa:88:4e:f7:81:aa:ef:e9: 37:0a:cb:0e:7d:33:65:6e:ab:91:70:c5:ba:19:76:58: 22:de:04:b3:77:24:9b:71:4d:63:d1:54:4d:96:e3:2a: ce:8c:3e:61:5d:06:92:e9:99:9c:ee:62:86:30:36:c9: d3:ff:d3:59:ea:97:f8:8c:a9:d1:1a:2b:3b:b6:35:b7: bf:fe:10:bc:b8:d6:dc:78:d0:6e:c8:57:c2:54:ee:df: 38:0c:d0:21:90:07:b4:8c:6b:6a:28:90:17:5b:91:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 03:32:63:9c:7d:6d:16:da:ce:39:05:c2:ce:74:1b:91: c0:4b:1c:5f:f8:67:29:69:ca:be:f5:1a:40:75:05:92: 8e:41:19:1a:5b:ed:6f:83:33:57:f4:cf:63:31:34:c9: fd:ed:ef:90:80:b2:8f:cc:09:8a:7e:f0:5b:a6:94:38: 62:49:bf:76:9b:b2:13:dd:38:df:05:7b:be:cf:f7:a7: 29:7b:44:8a:9e:70:c1:18:bc:af:c8:84:39:7b:48:c3: 9d:7b:b8:ff:38:d0:df:01:b6:9d:75:05:89:b3:30:16: 18:d0:7f:64:9d:49:4b:00:a5:cc:94:dd:42:c2:8f:a7 Fingerprint (SHA-256): 0A:6F:EE:20:4E:FE:77:70:57:92:13:F1:87:A3:1C:B4:8B:27:3D:D2:54:EC:86:CE:3B:48:36:33:05:18:BF:84 Fingerprint (SHA1): 0E:AD:94:A7:D9:8A:92:61:1C:96:FD:91:6D:D8:A2:28:AA:87:FB:CF Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6791: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t Root - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025692 (0x1eefb41c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:20 2015 Not After : Tue May 19 07:11:20 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:e2:9d:a5:f8:e3:69:90:7a:c7:d6:ef:e5:47:b3:4d: cf:c4:b9:fc:3d:31:cc:ad:16:78:b9:e5:6d:09:ec:29: 94:de:1f:d3:2c:d6:c3:91:8d:85:57:28:bd:68:51:22: 05:51:95:84:b5:24:7a:66:ea:a9:7c:02:de:92:31:06: a7:62:44:82:23:63:8f:4e:68:1d:24:93:a2:f0:e3:bd: 9e:2c:3f:55:4a:60:69:64:fa:cf:ac:5d:78:66:6c:16: 10:f3:ea:24:bd:db:73:5c:2f:ce:b3:bc:de:15:7b:39: 7f:cb:0a:5a:5d:83:c0:01:e7:35:0d:3d:38:7b:89:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:6b:e8:87:95:27:2b:03:cb:08:d0:41:fd:e2:ae:5a: f1:3c:78:41:d6:0e:4f:7b:59:7a:37:25:1a:7e:ee:1b: bc:d4:71:2e:94:8b:6c:2a:b9:eb:40:3f:b8:04:53:cd: 2a:7d:46:e7:24:97:eb:27:da:f8:c4:a0:40:8f:ec:d9: 5e:68:9f:65:33:4c:c8:4f:57:86:48:a6:8f:24:92:6b: 1c:1c:17:cd:32:de:c7:d7:7f:47:dd:28:43:d0:d9:44: dc:c9:03:60:aa:40:68:63:62:a9:22:a3:07:fd:a8:91: 72:e9:57:26:56:07:32:21:57:5c:25:52:bb:49:14:78 Fingerprint (SHA-256): EE:DA:35:E4:B4:CB:DC:53:70:65:C5:42:B2:F3:3D:C5:9B:98:B1:88:DE:3B:D5:B8:83:86:9B:9B:5A:48:55:F4 Fingerprint (SHA1): 5B:0D:B4:CC:1B:7A:68:97:62:79:19:35:5B:C9:29:E2:5B:82:9E:F3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6792: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025692 (0x1eefb41c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:11:20 2015 Not After : Tue May 19 07:11:20 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ab:e2:9d:a5:f8:e3:69:90:7a:c7:d6:ef:e5:47:b3:4d: cf:c4:b9:fc:3d:31:cc:ad:16:78:b9:e5:6d:09:ec:29: 94:de:1f:d3:2c:d6:c3:91:8d:85:57:28:bd:68:51:22: 05:51:95:84:b5:24:7a:66:ea:a9:7c:02:de:92:31:06: a7:62:44:82:23:63:8f:4e:68:1d:24:93:a2:f0:e3:bd: 9e:2c:3f:55:4a:60:69:64:fa:cf:ac:5d:78:66:6c:16: 10:f3:ea:24:bd:db:73:5c:2f:ce:b3:bc:de:15:7b:39: 7f:cb:0a:5a:5d:83:c0:01:e7:35:0d:3d:38:7b:89:b3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:6b:e8:87:95:27:2b:03:cb:08:d0:41:fd:e2:ae:5a: f1:3c:78:41:d6:0e:4f:7b:59:7a:37:25:1a:7e:ee:1b: bc:d4:71:2e:94:8b:6c:2a:b9:eb:40:3f:b8:04:53:cd: 2a:7d:46:e7:24:97:eb:27:da:f8:c4:a0:40:8f:ec:d9: 5e:68:9f:65:33:4c:c8:4f:57:86:48:a6:8f:24:92:6b: 1c:1c:17:cd:32:de:c7:d7:7f:47:dd:28:43:d0:d9:44: dc:c9:03:60:aa:40:68:63:62:a9:22:a3:07:fd:a8:91: 72:e9:57:26:56:07:32:21:57:5c:25:52:bb:49:14:78 Fingerprint (SHA-256): EE:DA:35:E4:B4:CB:DC:53:70:65:C5:42:B2:F3:3D:C5:9B:98:B1:88:DE:3B:D5:B8:83:86:9B:9B:5A:48:55:F4 Fingerprint (SHA1): 5B:0D:B4:CC:1B:7A:68:97:62:79:19:35:5B:C9:29:E2:5B:82:9E:F3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #6793: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025693 (0x1eefb41d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:11:24 2015 Not After : Tue May 19 07:11:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:40:f1:1b:d0:74:8c:ab:cc:b0:56:83:48:c2:e2:f7: bf:90:d2:47:de:a0:35:c7:67:70:8f:da:fc:2e:1b:b5: b4:7b:f3:49:60:62:30:8f:12:0a:85:b1:ea:4d:5e:19: 22:01:6b:a7:da:ab:5f:54:c0:aa:40:3c:45:65:08:3a: 3e:80:23:53:1c:3d:6e:e2:c7:50:67:8d:94:9f:90:b8: 01:e1:e6:ec:62:cc:9d:60:a4:e9:d4:b2:90:48:68:24: 2e:ed:6d:eb:35:ca:c7:56:bb:be:9f:ea:88:af:91:bd: 99:6f:40:8b:20:ac:98:93:11:c5:8a:29:ed:29:51:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: OID.2.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:ba:3f:c3:3d:68:11:54:7a:a5:3c:2f:df:45:af:41: 2a:a5:16:c9:1a:f3:dc:8e:d6:38:e8:66:28:2e:3d:0f: 34:fe:9a:9e:22:55:91:5d:50:e9:2b:78:3b:15:11:61: 71:d9:cb:6f:5f:6f:45:eb:48:01:47:22:28:e8:f0:d3: 18:05:90:64:9c:4f:f1:27:91:db:44:11:28:e6:f6:68: b9:d9:64:0d:7c:69:00:58:58:8b:9d:72:bd:b4:d3:62: 1c:e5:24:c5:85:22:2b:10:99:17:0f:65:22:45:e7:36: ea:c9:85:54:d9:27:98:ae:6e:df:f8:0a:ce:cb:26:94 Fingerprint (SHA-256): 77:34:15:F5:8E:52:DA:8A:74:DC:9B:AD:9F:D5:3A:78:DD:B5:FC:FC:4B:A8:2E:74:44:1A:34:86:89:60:85:72 Fingerprint (SHA1): 4D:AC:09:59:95:CA:A1:5B:CC:1C:8F:6C:E8:A4:D0:80:8D:AA:69:28 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #6794: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025693 (0x1eefb41d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:11:24 2015 Not After : Tue May 19 07:11:24 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bc:40:f1:1b:d0:74:8c:ab:cc:b0:56:83:48:c2:e2:f7: bf:90:d2:47:de:a0:35:c7:67:70:8f:da:fc:2e:1b:b5: b4:7b:f3:49:60:62:30:8f:12:0a:85:b1:ea:4d:5e:19: 22:01:6b:a7:da:ab:5f:54:c0:aa:40:3c:45:65:08:3a: 3e:80:23:53:1c:3d:6e:e2:c7:50:67:8d:94:9f:90:b8: 01:e1:e6:ec:62:cc:9d:60:a4:e9:d4:b2:90:48:68:24: 2e:ed:6d:eb:35:ca:c7:56:bb:be:9f:ea:88:af:91:bd: 99:6f:40:8b:20:ac:98:93:11:c5:8a:29:ed:29:51:17 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4e:ba:3f:c3:3d:68:11:54:7a:a5:3c:2f:df:45:af:41: 2a:a5:16:c9:1a:f3:dc:8e:d6:38:e8:66:28:2e:3d:0f: 34:fe:9a:9e:22:55:91:5d:50:e9:2b:78:3b:15:11:61: 71:d9:cb:6f:5f:6f:45:eb:48:01:47:22:28:e8:f0:d3: 18:05:90:64:9c:4f:f1:27:91:db:44:11:28:e6:f6:68: b9:d9:64:0d:7c:69:00:58:58:8b:9d:72:bd:b4:d3:62: 1c:e5:24:c5:85:22:2b:10:99:17:0f:65:22:45:e7:36: ea:c9:85:54:d9:27:98:ae:6e:df:f8:0a:ce:cb:26:94 Fingerprint (SHA-256): 77:34:15:F5:8E:52:DA:8A:74:DC:9B:AD:9F:D5:3A:78:DD:B5:FC:FC:4B:A8:2E:74:44:1A:34:86:89:60:85:72 Fingerprint (SHA1): 4D:AC:09:59:95:CA:A1:5B:CC:1C:8F:6C:E8:A4:D0:80:8D:AA:69:28 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User2 EE,O=User2,C=US" Returned value is 0, expected result is pass chains.sh: #6795: Extension2: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t CA2 - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6796: AnyPolicy: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025696 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6797: AnyPolicy: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6798: AnyPolicy: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6799: AnyPolicy: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6800: AnyPolicy: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025697 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6801: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6802: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #6803: AnyPolicy: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6804: AnyPolicy: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025698 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n 0 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6805: AnyPolicy: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6806: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #6807: AnyPolicy: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6808: AnyPolicy: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 519025699 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6809: AnyPolicy: Creating certficate CA3CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA3CA1.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6810: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database - PASSED chains.sh: Creating DB User1DB certutil -N -d User1DB -f User1DB/dbpasswd chains.sh: #6811: AnyPolicy: Creating DB User1DB - PASSED chains.sh: Creating EE certifiate request User1Req.der certutil -s "CN=User1 EE, O=User1, C=US" -R -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6812: AnyPolicy: Creating EE certifiate request User1Req.der - PASSED chains.sh: Creating certficate User1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 519025700 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6813: AnyPolicy: Creating certficate User1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User1CA2.der to User1DB database certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6814: AnyPolicy: Importing certificate User1CA2.der to User1DB database - PASSED chains.sh: Creating DB User2DB certutil -N -d User2DB -f User2DB/dbpasswd chains.sh: #6815: AnyPolicy: Creating DB User2DB - PASSED chains.sh: Creating EE certifiate request User2Req.der certutil -s "CN=User2 EE, O=User2, C=US" -R -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6816: AnyPolicy: Creating EE certifiate request User2Req.der - PASSED chains.sh: Creating certficate User2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 519025701 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6817: AnyPolicy: Creating certficate User2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate User2CA2.der to User2DB database certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6818: AnyPolicy: Importing certificate User2CA2.der to User2DB database - PASSED chains.sh: Creating DB User3DB certutil -N -d User3DB -f User3DB/dbpasswd chains.sh: #6819: AnyPolicy: Creating DB User3DB - PASSED chains.sh: Creating EE certifiate request User3Req.der certutil -s "CN=User3 EE, O=User3, C=US" -R -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6820: AnyPolicy: Creating EE certifiate request User3Req.der - PASSED chains.sh: Creating certficate User3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 519025702 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6821: AnyPolicy: Creating certficate User3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate User3CA3.der to User3DB database certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6822: AnyPolicy: Importing certificate User3CA3.der to User3DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6823: AnyPolicy: Creating DB AllDB - PASSED chains.sh: Importing certificate RootCA.der to AllDB database certutil -A -n RootCA -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der chains.sh: #6824: AnyPolicy: Importing certificate RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der chains.sh: #6825: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #6826: AnyPolicy: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA1.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der chains.sh: #6827: AnyPolicy: Importing certificate CA3CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User1CA2.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025696 (0x1eefb420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:11:50 2015 Not After : Tue May 19 07:11:50 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:01:7c:6f:2a:c7:89:01:d3:83:60:da:47:ab:00:2f: 94:cd:a8:36:ac:3d:45:62:d4:59:6b:e1:df:e8:49:5d: 40:0e:10:45:c7:d2:05:5a:36:91:0f:94:fc:3e:23:0c: df:cb:5e:44:89:4b:92:20:c2:78:8a:5b:09:36:df:c9: e4:e3:76:1b:d3:02:89:8c:25:0a:7d:bc:ea:dc:cf:6c: 65:fa:df:7c:c1:6d:a7:59:c8:75:9b:bf:45:3c:59:0e: fb:7e:9c:99:3d:42:a7:df:5b:d1:f7:ed:15:67:80:c1: c8:73:3f:8f:38:bd:b1:d6:35:72:5d:da:f9:36:92:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b3:02:1b:44:dc:24:78:b7:d0:85:af:36:2e:e8:ec:51: c0:df:f6:9c:22:3a:94:bf:ae:b2:80:7d:58:36:bc:43: 1f:36:b2:70:60:f2:2b:82:c3:91:33:f1:05:3e:73:04: 9e:c1:0d:fd:1b:6d:f6:c2:99:02:a0:c6:9b:cc:a0:06: c6:b2:b0:c7:e1:1f:71:58:05:20:a1:b5:19:f2:3b:ef: 02:83:27:33:df:a4:62:c3:38:e4:d6:78:dd:0d:32:ab: 33:43:31:81:a5:d8:5e:a2:90:02:a6:9f:36:81:96:e0: 14:87:9c:0a:3f:6a:b2:43:4c:b0:08:67:56:69:b6:cf Fingerprint (SHA-256): 0F:B2:90:27:5C:EB:28:B9:DC:68:49:3F:D4:4E:57:A1:62:07:42:47:60:3D:68:E6:A0:88:A1:86:DE:A8:A9:A6 Fingerprint (SHA1): DE:1C:9B:5C:D7:DE:FE:18:83:60:18:DC:DF:5C:37:B7:86:85:61:D3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User1 EE,O=User1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6828: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User1CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6829: AnyPolicy: Verifying certificate(s) User1CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6830: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User2CA2.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6831: AnyPolicy: Verifying certificate(s) User2CA2.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.1.0 User3CA3.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025696 (0x1eefb420) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:11:50 2015 Not After : Tue May 19 07:11:50 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:01:7c:6f:2a:c7:89:01:d3:83:60:da:47:ab:00:2f: 94:cd:a8:36:ac:3d:45:62:d4:59:6b:e1:df:e8:49:5d: 40:0e:10:45:c7:d2:05:5a:36:91:0f:94:fc:3e:23:0c: df:cb:5e:44:89:4b:92:20:c2:78:8a:5b:09:36:df:c9: e4:e3:76:1b:d3:02:89:8c:25:0a:7d:bc:ea:dc:cf:6c: 65:fa:df:7c:c1:6d:a7:59:c8:75:9b:bf:45:3c:59:0e: fb:7e:9c:99:3d:42:a7:df:5b:d1:f7:ed:15:67:80:c1: c8:73:3f:8f:38:bd:b1:d6:35:72:5d:da:f9:36:92:11 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b3:02:1b:44:dc:24:78:b7:d0:85:af:36:2e:e8:ec:51: c0:df:f6:9c:22:3a:94:bf:ae:b2:80:7d:58:36:bc:43: 1f:36:b2:70:60:f2:2b:82:c3:91:33:f1:05:3e:73:04: 9e:c1:0d:fd:1b:6d:f6:c2:99:02:a0:c6:9b:cc:a0:06: c6:b2:b0:c7:e1:1f:71:58:05:20:a1:b5:19:f2:3b:ef: 02:83:27:33:df:a4:62:c3:38:e4:d6:78:dd:0d:32:ab: 33:43:31:81:a5:d8:5e:a2:90:02:a6:9f:36:81:96:e0: 14:87:9c:0a:3f:6a:b2:43:4c:b0:08:67:56:69:b6:cf Fingerprint (SHA-256): 0F:B2:90:27:5C:EB:28:B9:DC:68:49:3F:D4:4E:57:A1:62:07:42:47:60:3D:68:E6:A0:88:A1:86:DE:A8:A9:A6 Fingerprint (SHA1): DE:1C:9B:5C:D7:DE:FE:18:83:60:18:DC:DF:5C:37:B7:86:85:61:D3 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User3 EE,O=User3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6832: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.1.0 -t RootCA - PASSED chains.sh: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA vfychain -d AllDB -pp -vv -o OID.2.0 User3CA3.der -t RootCA Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. RootCA [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6833: AnyPolicy: Verifying certificate(s) User3CA3.der with flags -d AllDB -pp -o OID.2.0 -t RootCA - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #6834: AnyPolicyWithLevel: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025703 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6835: AnyPolicyWithLevel: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #6836: AnyPolicyWithLevel: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #6837: AnyPolicyWithLevel: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6838: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025704 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6839: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6840: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA12DB certutil -N -d CA12DB -f CA12DB/dbpasswd chains.sh: #6841: AnyPolicyWithLevel: Creating DB CA12DB - PASSED chains.sh: Creating Intermediate certifiate request CA12Req.der certutil -s "CN=CA12 Intermediate, O=CA12, C=US" -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6842: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der - PASSED chains.sh: Creating certficate CA12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 519025705 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6843: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA12CA1.der to CA12DB database certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6844: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database - PASSED chains.sh: Creating DB CA13DB certutil -N -d CA13DB -f CA13DB/dbpasswd chains.sh: #6845: AnyPolicyWithLevel: Creating DB CA13DB - PASSED chains.sh: Creating Intermediate certifiate request CA13Req.der certutil -s "CN=CA13 Intermediate, O=CA13, C=US" -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6846: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der - PASSED chains.sh: Creating certficate CA13CA12.der signed by CA12 certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 519025706 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6847: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12 - PASSED chains.sh: Importing certificate CA13CA12.der to CA13DB database certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6848: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #6849: AnyPolicyWithLevel: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6850: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA13.der signed by CA13 certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 519025707 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6851: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13 - PASSED chains.sh: Importing certificate EE1CA13.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6852: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database - PASSED chains.sh: Creating DB CA22DB certutil -N -d CA22DB -f CA22DB/dbpasswd chains.sh: #6853: AnyPolicyWithLevel: Creating DB CA22DB - PASSED chains.sh: Creating Intermediate certifiate request CA22Req.der certutil -s "CN=CA22 Intermediate, O=CA22, C=US" -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6854: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der - PASSED chains.sh: Creating certficate CA22CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 519025708 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6855: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA22CA1.der to CA22DB database certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6856: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database - PASSED chains.sh: Creating DB CA23DB certutil -N -d CA23DB -f CA23DB/dbpasswd chains.sh: #6857: AnyPolicyWithLevel: Creating DB CA23DB - PASSED chains.sh: Creating Intermediate certifiate request CA23Req.der certutil -s "CN=CA23 Intermediate, O=CA23, C=US" -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6858: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der - PASSED chains.sh: Creating certficate CA23CA22.der signed by CA22 certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 519025709 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6859: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22 - PASSED chains.sh: Importing certificate CA23CA22.der to CA23DB database certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6860: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #6861: AnyPolicyWithLevel: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6862: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA23.der signed by CA23 certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 519025710 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6863: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23 - PASSED chains.sh: Importing certificate EE2CA23.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6864: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database - PASSED chains.sh: Creating DB CA32DB certutil -N -d CA32DB -f CA32DB/dbpasswd chains.sh: #6865: AnyPolicyWithLevel: Creating DB CA32DB - PASSED chains.sh: Creating Intermediate certifiate request CA32Req.der certutil -s "CN=CA32 Intermediate, O=CA32, C=US" -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6866: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der - PASSED chains.sh: Creating certficate CA32CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 519025711 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 1 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6867: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA32CA1.der to CA32DB database certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6868: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database - PASSED chains.sh: Creating DB CA33DB certutil -N -d CA33DB -f CA33DB/dbpasswd chains.sh: #6869: AnyPolicyWithLevel: Creating DB CA33DB - PASSED chains.sh: Creating Intermediate certifiate request CA33Req.der certutil -s "CN=CA33 Intermediate, O=CA33, C=US" -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6870: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der - PASSED chains.sh: Creating certficate CA33CA32.der signed by CA32 certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 519025712 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6871: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32 - PASSED chains.sh: Importing certificate CA33CA32.der to CA33DB database certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6872: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #6873: AnyPolicyWithLevel: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6874: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA33.der signed by CA33 certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 519025713 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6875: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33 - PASSED chains.sh: Importing certificate EE3CA33.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6876: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database - PASSED chains.sh: Creating DB CA42DB certutil -N -d CA42DB -f CA42DB/dbpasswd chains.sh: #6877: AnyPolicyWithLevel: Creating DB CA42DB - PASSED chains.sh: Creating Intermediate certifiate request CA42Req.der certutil -s "CN=CA42 Intermediate, O=CA42, C=US" -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6878: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der - PASSED chains.sh: Creating certficate CA42CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 519025714 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6879: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA42CA1.der to CA42DB database certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6880: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database - PASSED chains.sh: Creating DB CA43DB certutil -N -d CA43DB -f CA43DB/dbpasswd chains.sh: #6881: AnyPolicyWithLevel: Creating DB CA43DB - PASSED chains.sh: Creating Intermediate certifiate request CA43Req.der certutil -s "CN=CA43 Intermediate, O=CA43, C=US" -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6882: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der - PASSED chains.sh: Creating certficate CA43CA42.der signed by CA42 certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 519025715 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6883: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42 - PASSED chains.sh: Importing certificate CA43CA42.der to CA43DB database certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6884: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #6885: AnyPolicyWithLevel: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6886: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA43.der signed by CA43 certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 519025716 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6887: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43 - PASSED chains.sh: Importing certificate EE4CA43.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6888: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database - PASSED chains.sh: Creating DB CA52DB certutil -N -d CA52DB -f CA52DB/dbpasswd chains.sh: #6889: AnyPolicyWithLevel: Creating DB CA52DB - PASSED chains.sh: Creating Intermediate certifiate request CA52Req.der certutil -s "CN=CA52 Intermediate, O=CA52, C=US" -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6890: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der - PASSED chains.sh: Creating certficate CA52CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 519025717 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n y OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6891: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA52CA1.der to CA52DB database certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6892: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database - PASSED chains.sh: Creating DB CA53DB certutil -N -d CA53DB -f CA53DB/dbpasswd chains.sh: #6893: AnyPolicyWithLevel: Creating DB CA53DB - PASSED chains.sh: Creating Intermediate certifiate request CA53Req.der certutil -s "CN=CA53 Intermediate, O=CA53, C=US" -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6894: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der - PASSED chains.sh: Creating certficate CA53CA52.der signed by CA52 certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 519025718 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6895: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52 - PASSED chains.sh: Importing certificate CA53CA52.der to CA53DB database certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6896: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database - PASSED chains.sh: Creating DB EE5DB certutil -N -d EE5DB -f EE5DB/dbpasswd chains.sh: #6897: AnyPolicyWithLevel: Creating DB EE5DB - PASSED chains.sh: Creating EE certifiate request EE5Req.der certutil -s "CN=EE5 EE, O=EE5, C=US" -R -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6898: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der - PASSED chains.sh: Creating certficate EE5CA53.der signed by CA53 certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 519025719 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6899: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53 - PASSED chains.sh: Importing certificate EE5CA53.der to EE5DB database certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6900: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database - PASSED chains.sh: Creating DB CA61DB certutil -N -d CA61DB -f CA61DB/dbpasswd chains.sh: #6901: AnyPolicyWithLevel: Creating DB CA61DB - PASSED chains.sh: Creating Intermediate certifiate request CA61Req.der certutil -s "CN=CA61 Intermediate, O=CA61, C=US" -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6902: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der - PASSED chains.sh: Creating certficate CA61RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 519025720 --extCP --extIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n 5 n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter the number of certs in the path permitted to use anyPolicy. (press Enter for 0) > Is this a critical extension [y/N]? chains.sh: #6903: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA61RootCA.der to CA61DB database certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6904: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database - PASSED chains.sh: Creating DB CA62DB certutil -N -d CA62DB -f CA62DB/dbpasswd chains.sh: #6905: AnyPolicyWithLevel: Creating DB CA62DB - PASSED chains.sh: Creating Intermediate certifiate request CA62Req.der certutil -s "CN=CA62 Intermediate, O=CA62, C=US" -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6906: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der - PASSED chains.sh: Creating certficate CA62CA61.der signed by CA61 certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 519025721 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6907: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61 - PASSED chains.sh: Importing certificate CA62CA61.der to CA62DB database certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6908: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database - PASSED chains.sh: Creating DB EE62DB certutil -N -d EE62DB -f EE62DB/dbpasswd chains.sh: #6909: AnyPolicyWithLevel: Creating DB EE62DB - PASSED chains.sh: Creating EE certifiate request EE62Req.der certutil -s "CN=EE62 EE, O=EE62, C=US" -R -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6910: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der - PASSED chains.sh: Creating certficate EE62CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 519025722 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6911: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62 - PASSED chains.sh: Importing certificate EE62CA62.der to EE62DB database certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6912: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database - PASSED chains.sh: Creating DB CA63DB certutil -N -d CA63DB -f CA63DB/dbpasswd chains.sh: #6913: AnyPolicyWithLevel: Creating DB CA63DB - PASSED chains.sh: Creating Intermediate certifiate request CA63Req.der certutil -s "CN=CA63 Intermediate, O=CA63, C=US" -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6914: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der - PASSED chains.sh: Creating certficate CA63CA62.der signed by CA62 certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 519025723 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6915: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62 - PASSED chains.sh: Importing certificate CA63CA62.der to CA63DB database certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6916: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database - PASSED chains.sh: Creating DB EE63DB certutil -N -d EE63DB -f EE63DB/dbpasswd chains.sh: #6917: AnyPolicyWithLevel: Creating DB EE63DB - PASSED chains.sh: Creating EE certifiate request EE63Req.der certutil -s "CN=EE63 EE, O=EE63, C=US" -R -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6918: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der - PASSED chains.sh: Creating certficate EE63CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 519025724 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6919: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63 - PASSED chains.sh: Importing certificate EE63CA63.der to EE63DB database certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6920: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database - PASSED chains.sh: Creating DB CA64DB certutil -N -d CA64DB -f CA64DB/dbpasswd chains.sh: #6921: AnyPolicyWithLevel: Creating DB CA64DB - PASSED chains.sh: Creating Intermediate certifiate request CA64Req.der certutil -s "CN=CA64 Intermediate, O=CA64, C=US" -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6922: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der - PASSED chains.sh: Creating certficate CA64CA63.der signed by CA63 certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 519025725 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6923: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63 - PASSED chains.sh: Importing certificate CA64CA63.der to CA64DB database certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6924: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database - PASSED chains.sh: Creating DB EE64DB certutil -N -d EE64DB -f EE64DB/dbpasswd chains.sh: #6925: AnyPolicyWithLevel: Creating DB EE64DB - PASSED chains.sh: Creating EE certifiate request EE64Req.der certutil -s "CN=EE64 EE, O=EE64, C=US" -R -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6926: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der - PASSED chains.sh: Creating certficate EE64CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 519025726 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6927: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64 - PASSED chains.sh: Importing certificate EE64CA64.der to EE64DB database certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6928: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database - PASSED chains.sh: Creating DB CA65DB certutil -N -d CA65DB -f CA65DB/dbpasswd chains.sh: #6929: AnyPolicyWithLevel: Creating DB CA65DB - PASSED chains.sh: Creating Intermediate certifiate request CA65Req.der certutil -s "CN=CA65 Intermediate, O=CA65, C=US" -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6930: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der - PASSED chains.sh: Creating certficate CA65CA64.der signed by CA64 certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 519025727 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6931: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64 - PASSED chains.sh: Importing certificate CA65CA64.der to CA65DB database certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6932: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database - PASSED chains.sh: Creating DB EE65DB certutil -N -d EE65DB -f EE65DB/dbpasswd chains.sh: #6933: AnyPolicyWithLevel: Creating DB EE65DB - PASSED chains.sh: Creating EE certifiate request EE65Req.der certutil -s "CN=EE65 EE, O=EE65, C=US" -R -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6934: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der - PASSED chains.sh: Creating certficate EE65CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 519025728 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6935: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65 - PASSED chains.sh: Importing certificate EE65CA65.der to EE65DB database certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6936: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database - PASSED chains.sh: Creating DB CA66DB certutil -N -d CA66DB -f CA66DB/dbpasswd chains.sh: #6937: AnyPolicyWithLevel: Creating DB CA66DB - PASSED chains.sh: Creating Intermediate certifiate request CA66Req.der certutil -s "CN=CA66 Intermediate, O=CA66, C=US" -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6938: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der - PASSED chains.sh: Creating certficate CA66CA65.der signed by CA65 certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 519025729 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6939: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65 - PASSED chains.sh: Importing certificate CA66CA65.der to CA66DB database certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6940: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database - PASSED chains.sh: Creating DB EE66DB certutil -N -d EE66DB -f EE66DB/dbpasswd chains.sh: #6941: AnyPolicyWithLevel: Creating DB EE66DB - PASSED chains.sh: Creating EE certifiate request EE66Req.der certutil -s "CN=EE66 EE, O=EE66, C=US" -R -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6942: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der - PASSED chains.sh: Creating certficate EE66CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 519025730 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6943: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66 - PASSED chains.sh: Importing certificate EE66CA66.der to EE66DB database certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6944: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database - PASSED chains.sh: Creating DB CA67DB certutil -N -d CA67DB -f CA67DB/dbpasswd chains.sh: #6945: AnyPolicyWithLevel: Creating DB CA67DB - PASSED chains.sh: Creating Intermediate certifiate request CA67Req.der certutil -s "CN=CA67 Intermediate, O=CA67, C=US" -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6946: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der - PASSED chains.sh: Creating certficate CA67CA66.der signed by CA66 certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 519025731 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === any 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6947: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66 - PASSED chains.sh: Importing certificate CA67CA66.der to CA67DB database certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6948: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database - PASSED chains.sh: Creating DB EE67DB certutil -N -d EE67DB -f EE67DB/dbpasswd chains.sh: #6949: AnyPolicyWithLevel: Creating DB EE67DB - PASSED chains.sh: Creating EE certifiate request EE67Req.der certutil -s "CN=EE67 EE, O=EE67, C=US" -R -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6950: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der - PASSED chains.sh: Creating certficate EE67CA67.der signed by CA67 certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 519025732 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6951: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67 - PASSED chains.sh: Importing certificate EE67CA67.der to EE67DB database certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6952: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #6953: AnyPolicyWithLevel: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6954: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6955: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US" Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6956: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6957: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6958: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6959: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US" Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6960: AnyPolicyWithLevel: Verifying certificate(s) EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6961: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6962: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6963: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US" Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6964: AnyPolicyWithLevel: Verifying certificate(s) EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6965: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6966: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US" Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6967: AnyPolicyWithLevel: Verifying certificate(s) EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6968: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6969: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.2.5.29.32.0 EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6970: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -o OID.2.5.29.32.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der vfychain -d AllDB -pp -vv EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US" Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US" Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #6971: AnyPolicyWithLevel: Verifying certificate(s) EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US" Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6972: AnyPolicyWithLevel: Verifying certificate(s) EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US" Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6973: AnyPolicyWithLevel: Verifying certificate(s) EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US" Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6974: AnyPolicyWithLevel: Verifying certificate(s) EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US" Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6975: AnyPolicyWithLevel: Verifying certificate(s) EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025703 (0x1eefb427) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:12:25 2015 Not After : Tue May 19 07:12:25 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a1:85:95:69:43:b2:f1:1c:13:bc:b8:3f:02:00:e7:b5: d6:38:91:10:3a:0a:ae:f2:95:72:76:c1:b2:6e:1e:85: 5b:79:b7:df:a0:ce:84:59:1b:c7:9a:9e:f1:1d:3c:eb: bf:48:86:38:95:88:96:01:5f:2b:1d:4a:43:d6:f5:20: 51:76:ef:9d:41:3f:0e:2a:fe:c3:41:af:7e:0a:d5:34: 6f:7e:c4:19:2b:73:d0:f0:b1:06:91:2e:2d:90:2a:b7: a1:d6:72:46:f1:55:b4:18:44:c1:b2:c8:51:a2:5a:41: 10:da:73:93:f0:8b:4a:ba:6c:e7:0f:71:ee:91:11:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 4c:e1:35:41:5a:0e:e2:e8:5e:d3:a9:eb:9e:3c:8a:b8: 45:ff:c7:c0:03:8f:0d:99:19:be:0b:3c:f2:e2:d8:72: b1:15:cd:32:cb:c9:51:97:ce:2b:3c:ee:ab:a5:d2:72: c1:35:22:a4:83:ed:d4:f3:f8:8e:ce:c5:33:70:0a:a3: 9e:ea:ca:7c:6c:01:17:7b:21:46:58:f8:f6:23:ef:42: 7e:1d:03:6f:74:38:87:dd:36:e2:a6:a7:13:27:fb:7e: ce:69:05:1b:98:f7:a6:98:be:ce:4d:71:5d:b3:03:52: 2b:89:60:de:67:c9:a7:d6:44:50:fc:38:36:6b:7c:d4 Fingerprint (SHA-256): 16:33:93:3F:7C:3C:1C:67:02:72:B5:B4:08:88:BB:AA:B1:6E:3E:FB:61:02:61:00:C0:7D:94:55:C7:6C:50:B0 Fingerprint (SHA1): 9F:22:6A:08:C6:05:05:FF:F5:F9:37:19:D7:FF:DE:12:00:B6:74:BA Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US" Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US" Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US" Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US" Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US" Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US" Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US" Returned value is 0, expected result is pass chains.sh: #6976: AnyPolicyWithLevel: Verifying certificate(s) EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #6977: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp -o OID.1.0 -t RootCA.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #6978: explicitPolicy: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025733 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #6979: explicitPolicy: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #6980: explicitPolicy: Exporting Root CA Root.der - PASSED chains.sh: Creating DB nonEVCADB certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd chains.sh: #6981: explicitPolicy: Creating DB nonEVCADB - PASSED chains.sh: Creating Intermediate certifiate request nonEVCAReq.der certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US" -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6982: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der - PASSED chains.sh: Creating certficate nonEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 519025734 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #6983: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6984: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database - PASSED chains.sh: Creating DB EVCADB certutil -N -d EVCADB -f EVCADB/dbpasswd chains.sh: #6985: explicitPolicy: Creating DB EVCADB - PASSED chains.sh: Creating Intermediate certifiate request EVCAReq.der certutil -s "CN=EVCA Intermediate, O=EVCA, C=US" -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6986: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der - PASSED chains.sh: Creating certficate EVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 519025735 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6987: explicitPolicy: Creating certficate EVCARoot.der signed by Root - PASSED chains.sh: Importing certificate EVCARoot.der to EVCADB database certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6988: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database - PASSED chains.sh: Creating DB otherEVCADB certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd chains.sh: #6989: explicitPolicy: Creating DB otherEVCADB - PASSED chains.sh: Creating Intermediate certifiate request otherEVCAReq.der certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US" -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #6990: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der - PASSED chains.sh: Creating certficate otherEVCARoot.der signed by Root certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 519025736 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6991: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root - PASSED chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6992: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database - PASSED chains.sh: Creating DB validEVDB certutil -N -d validEVDB -f validEVDB/dbpasswd chains.sh: #6993: explicitPolicy: Creating DB validEVDB - PASSED chains.sh: Creating EE certifiate request validEVReq.der certutil -s "CN=validEV EE, O=validEV, C=US" -R -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6994: explicitPolicy: Creating EE certifiate request validEVReq.der - PASSED chains.sh: Creating certficate validEVEVCA.der signed by EVCA certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 519025737 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6995: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA - PASSED chains.sh: Importing certificate validEVEVCA.der to validEVDB database certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #6996: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database - PASSED chains.sh: Creating DB invalidEVDB certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd chains.sh: #6997: explicitPolicy: Creating DB invalidEVDB - PASSED chains.sh: Creating EE certifiate request invalidEVReq.der certutil -s "CN=invalidEV EE, O=invalidEV, C=US" -R -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #6998: explicitPolicy: Creating EE certifiate request invalidEVReq.der - PASSED chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 519025738 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #6999: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA - PASSED chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7000: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database - PASSED chains.sh: Creating DB wrongEVOIDDB certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd chains.sh: #7001: explicitPolicy: Creating DB wrongEVOIDDB - PASSED chains.sh: Creating EE certifiate request wrongEVOIDReq.der certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US" -R -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7002: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der - PASSED chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 519025739 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7003: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA - PASSED chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7004: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7005: explicitPolicy: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025733 (0x1eefb445) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:14:41 2015 Not After : Tue May 19 07:14:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:47:29:ff:e8:70:07:62:cd:2a:e4:02:f4:2c:4c:2f: 1a:78:5c:7a:88:fd:a9:bd:e8:2f:3e:c5:37:59:3e:43: ac:71:ff:c2:7b:af:07:a4:f0:e3:1c:82:17:01:8d:de: 26:e4:d9:17:e5:3b:f1:f3:12:b1:27:d5:a0:ad:26:66: 98:7f:6a:8c:de:7d:f7:8d:02:38:77:60:db:32:07:81: 9a:13:2a:5d:8d:5b:7a:d3:e3:58:d6:0f:4a:3c:ed:c4: 16:5f:e8:86:96:3b:87:6e:4e:8d:c2:52:f1:dc:51:87: 8b:6e:6a:12:d5:13:24:01:cd:9a:29:cd:c4:22:25:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:ba:5d:dd:b5:2f:d4:3c:48:41:db:25:ef:4c:b3:e1: 62:25:2f:18:a0:1a:92:d7:13:85:a2:60:ed:c7:54:8f: 0b:86:68:54:3a:f9:2f:95:98:db:4f:6e:67:68:23:b7: 16:c1:b7:2a:16:9f:ed:a5:2a:80:a5:32:20:df:ac:40: e0:6a:08:80:b8:d9:6f:ba:0c:f3:82:86:b9:d8:6a:e1: 15:5f:00:88:5c:a4:f7:f7:b6:48:b3:9e:0a:03:f1:38: 73:18:b6:ea:e0:28:46:a2:f1:51:50:cb:f0:5c:07:19: 55:1d:7a:9a:74:3a:fa:7a:2b:c6:2d:4a:e8:f0:7a:78 Fingerprint (SHA-256): F1:4A:28:CA:66:16:D4:79:B7:5A:58:68:97:C6:1A:BD:E0:D7:F0:A2:FB:27:F9:1B:07:AB:5A:4C:F9:D1:C3:C3 Fingerprint (SHA1): 2B:9C:6D:C0:F3:DF:8E:DD:6C:40:41:95:75:68:A2:5D:C0:6A:C2:2A Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #7006: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7007: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7008: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp -o OID.1.0 -t Root.der - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7009: explicitPolicy: Importing certificate Root.der to AllDB database - PASSED chains.sh: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 validEVEVCA.der EVCARoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025733 (0x1eefb445) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:14:41 2015 Not After : Tue May 19 07:14:41 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:47:29:ff:e8:70:07:62:cd:2a:e4:02:f4:2c:4c:2f: 1a:78:5c:7a:88:fd:a9:bd:e8:2f:3e:c5:37:59:3e:43: ac:71:ff:c2:7b:af:07:a4:f0:e3:1c:82:17:01:8d:de: 26:e4:d9:17:e5:3b:f1:f3:12:b1:27:d5:a0:ad:26:66: 98:7f:6a:8c:de:7d:f7:8d:02:38:77:60:db:32:07:81: 9a:13:2a:5d:8d:5b:7a:d3:e3:58:d6:0f:4a:3c:ed:c4: 16:5f:e8:86:96:3b:87:6e:4e:8d:c2:52:f1:dc:51:87: 8b:6e:6a:12:d5:13:24:01:cd:9a:29:cd:c4:22:25:9b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 21:ba:5d:dd:b5:2f:d4:3c:48:41:db:25:ef:4c:b3:e1: 62:25:2f:18:a0:1a:92:d7:13:85:a2:60:ed:c7:54:8f: 0b:86:68:54:3a:f9:2f:95:98:db:4f:6e:67:68:23:b7: 16:c1:b7:2a:16:9f:ed:a5:2a:80:a5:32:20:df:ac:40: e0:6a:08:80:b8:d9:6f:ba:0c:f3:82:86:b9:d8:6a:e1: 15:5f:00:88:5c:a4:f7:f7:b6:48:b3:9e:0a:03:f1:38: 73:18:b6:ea:e0:28:46:a2:f1:51:50:cb:f0:5c:07:19: 55:1d:7a:9a:74:3a:fa:7a:2b:c6:2d:4a:e8:f0:7a:78 Fingerprint (SHA-256): F1:4A:28:CA:66:16:D4:79:B7:5A:58:68:97:C6:1A:BD:E0:D7:F0:A2:FB:27:F9:1B:07:AB:5A:4C:F9:D1:C3:C3 Fingerprint (SHA1): 2B:9C:6D:C0:F3:DF:8E:DD:6C:40:41:95:75:68:A2:5D:C0:6A:C2:2A Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US" Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US" Returned value is 0, expected result is pass chains.sh: #7010: explicitPolicy: Verifying certificate(s) validEVEVCA.der EVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 invalidEVnonEVCA.der nonEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7011: explicitPolicy: Verifying certificate(s) invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 vfychain -d AllDB -pp -vv -o OID.1.0 wrongEVOIDotherEVCA.der otherEVCARoot.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7012: explicitPolicy: Verifying certificate(s) wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp -o OID.1.0 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7013: Mapping: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025740 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7014: Mapping: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7015: Mapping: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7016: Mapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7017: Mapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025741 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7018: Mapping: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7019: Mapping: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7020: Mapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7021: Mapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025742 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7022: Mapping: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7023: Mapping: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7024: Mapping: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7025: Mapping: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025743 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7026: Mapping: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7027: Mapping: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7028: Mapping: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7029: Mapping: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #7030: Mapping: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #7031: Mapping: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025740 (0x1eefb44c) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:15:16 2015 Not After : Tue May 19 07:15:16 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:10:ab:d9:0c:2f:55:65:38:24:7c:4a:31:9a:65:f8: 64:3c:42:6f:fb:a2:30:2c:15:c6:40:e7:7e:5d:0a:68: 0c:3c:46:b1:a9:c2:75:3c:ab:2c:9d:38:c2:3f:26:71: 0d:9e:9f:76:fd:30:a2:6a:17:4f:a4:2c:ca:56:47:15: 45:36:23:84:22:5b:db:11:82:3e:2d:31:84:89:f0:bf: c3:6d:76:be:6d:75:49:ef:f7:f3:1d:ba:6b:c6:05:13: 53:f0:c0:ac:4a:11:e0:00:0e:49:38:1e:58:5e:81:a9: 2e:59:02:60:68:f3:a6:5a:11:92:30:cb:d5:98:c4:5b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 09:74:6f:7d:91:34:e2:39:cb:03:60:0a:66:ec:16:d3: e5:fd:c3:a2:f6:5f:38:af:0c:a2:d1:b1:e7:83:f3:ae: ab:80:4d:eb:c0:91:63:b0:e6:81:b0:b5:09:90:99:9b: 2a:e1:f2:3a:08:28:82:b1:48:4b:1b:45:29:90:c6:1d: 75:37:36:08:90:c2:89:25:6b:1a:88:93:32:1a:d2:32: f8:78:3a:46:28:86:d6:ef:24:4a:58:ee:92:91:4d:0c: 29:b6:81:69:0b:cc:a5:9a:75:4b:9f:88:eb:0c:00:a8: 7c:7a:41:ea:b8:8c:63:a9:6c:18:9b:83:a5:93:08:4a Fingerprint (SHA-256): 65:F4:2B:BA:05:B4:C4:8F:28:52:DB:0A:85:3A:B8:92:B7:F0:5E:F8:30:EA:1B:1C:81:DB:0E:37:02:17:2F:3C Fingerprint (SHA1): B0:78:10:DE:69:FA:53:3E:20:1E:A8:6F:B2:29:97:16:E1:39:4E:99 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7032: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7033: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7034: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025741 (0x1eefb44d) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:15:19 2015 Not After : Tue May 19 07:15:19 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:da:59:d9:56:da:27:f8:15:31:85:c4:ed:af:0d:76: d0:8d:84:fe:3e:a2:51:af:00:15:40:a3:71:13:86:25: 06:c5:7e:c4:43:c4:db:48:16:ee:c9:ee:db:ba:20:63: de:9a:82:e0:f6:32:3b:96:8b:e0:89:47:9a:93:8a:2e: 7c:5e:ae:79:df:ca:50:0f:5a:25:d8:0c:ba:58:7c:d7: 96:57:31:72:23:ee:78:b8:ea:5a:de:9d:af:b6:50:15: 5e:d8:9b:9e:6f:d0:d6:65:5a:76:f0:26:10:8d:19:04: 49:4f:ab:d7:86:28:60:e6:7b:c7:95:b8:e6:f2:fb:b9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 31:e1:ac:c9:ec:87:5a:b9:f0:c2:4d:28:5d:39:95:c9: 44:bc:15:aa:7c:ff:46:63:b9:16:e7:9e:ad:d4:8d:eb: 7a:30:1d:42:f4:6d:f2:d5:ee:7a:df:75:77:ae:1d:4a: 07:1a:da:e3:d9:4a:5f:10:03:8d:05:e7:17:c5:85:4b: 5e:24:d6:d4:ce:b3:5f:12:32:11:54:58:89:16:70:e4: 8a:73:55:bd:76:81:f1:62:81:99:a9:83:3b:45:a0:30: 65:47:51:f4:8c:6a:11:11:7c:fb:7b:3f:a1:ed:20:06: 59:32:06:6e:cd:d3:69:4a:3e:8c:93:b2:28:63:64:a5 Fingerprint (SHA-256): 4A:28:32:F2:11:97:F9:1C:98:35:0B:2E:54:3A:0F:39:B6:0A:03:DF:4F:9C:80:DF:93:B9:5A:9B:19:CF:86:93 Fingerprint (SHA1): 9D:EF:45:18:1E:29:CC:9D:BA:C1:4A:A6:6D:20:7D:B2:63:3F:71:6F Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7035: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA2.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7036: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA2.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025742 (0x1eefb44e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:15:23 2015 Not After : Tue May 19 07:15:23 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bb:a5:ac:e9:92:cb:50:83:26:3a:24:ad:f0:f6:e0:b0: ce:87:2d:4a:82:1a:ce:65:e7:30:7c:be:24:cf:7c:04: 08:cf:98:ba:ee:9f:60:2c:2f:6b:65:41:0c:37:99:15: 15:61:58:37:9b:76:60:1d:7b:76:2b:8c:42:e5:a3:1b: 3c:0c:50:02:69:e2:3f:fd:46:c9:18:10:6c:25:00:5b: e0:82:30:e8:61:16:1b:41:9a:d7:fe:e6:46:ef:0d:ac: 63:9a:3e:a2:a3:c7:ce:2a:01:fd:06:a5:10:2f:0b:69: af:8a:16:53:65:fa:8b:c7:90:4f:dd:ec:d5:0b:95:bd Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ae:28:44:c8:a1:84:44:d2:d7:21:30:f7:19:17:f5:cc: 58:92:f0:0b:71:99:d7:9c:79:ed:61:88:4c:88:1f:b2: 72:88:05:95:c7:6c:5b:20:60:52:f4:f2:44:51:80:08: 5e:fb:75:3c:d7:2e:1b:d6:76:51:75:9c:c3:73:1b:c1: 15:6a:4a:e0:41:ec:5a:17:e3:54:be:86:b7:1d:6d:76: 8d:9c:44:fd:78:fc:5a:a8:bc:0f:ad:4f:fe:b3:e5:6b: a1:92:54:3e:83:6b:42:11:ef:f4:9f:ab:14:04:0e:41: e4:dc:16:aa:95:26:49:94:e3:c5:de:ce:22:e0:1f:96 Fingerprint (SHA-256): 52:F5:41:90:1C:97:6D:AF:6B:5F:AE:3C:91:B2:29:43:BF:A1:52:C7:02:8E:39:7F:8E:8E:9A:36:C1:A8:07:A6 Fingerprint (SHA1): 7C:55:5F:97:75:82:E8:CF:2B:CF:A3:86:6B:FA:67:61:29:81:4A:23 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Returned value is 0, expected result is pass chains.sh: #7037: Mapping: Verifying certificate(s) UserCA2.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7038: Mapping2: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025744 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7039: Mapping2: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7040: Mapping2: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7041: Mapping2: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7042: Mapping2: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025745 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7043: Mapping2: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7044: Mapping2: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7045: Mapping2: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7046: Mapping2: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025746 --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n n n OID.1.0 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7047: Mapping2: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7048: Mapping2: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #7049: Mapping2: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7050: Mapping2: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 519025747 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7051: Mapping2: Creating certficate CA3CA2.der signed by CA2 - PASSED chains.sh: Importing certificate CA3CA2.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7052: Mapping2: Importing certificate CA3CA2.der to CA3DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7053: Mapping2: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7054: Mapping2: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 519025748 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7055: Mapping2: Creating certficate UserCA3.der signed by CA3 - PASSED chains.sh: Importing certificate UserCA3.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7056: Mapping2: Importing certificate UserCA3.der to UserDB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7057: Mapping2: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "" -d AllDB -f AllDB/dbpasswd -i Root.der chains.sh: #7058: Mapping2: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing certificate CA1Root.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der chains.sh: #7059: Mapping2: Importing certificate CA1Root.der to AllDB database - PASSED chains.sh: Importing certificate CA2CA1.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der chains.sh: #7060: Mapping2: Importing certificate CA2CA1.der to AllDB database - PASSED chains.sh: Importing certificate CA3CA2.der to AllDB database certutil -A -n CA3 -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der chains.sh: #7061: Mapping2: Importing certificate CA3CA2.der to AllDB database - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t Root Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025744 (0x1eefb450) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:15:38 2015 Not After : Tue May 19 07:15:38 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: db:8f:7a:64:ab:b6:51:a5:45:a3:09:d2:14:a4:77:c1: eb:9b:e2:89:d7:ce:b4:fb:0e:a1:3e:5c:24:85:9d:76: c6:10:90:d1:92:e8:88:16:9b:ab:65:9b:ad:fe:71:03: 67:10:72:38:d4:fd:3c:e1:2b:42:98:67:da:2b:a4:68: e8:8b:dd:92:6b:5b:2e:ca:4e:8d:69:73:e9:41:77:ed: 7d:72:ff:68:2f:ad:9b:eb:ed:2d:58:52:9c:0b:cc:ad: 61:67:db:9a:34:e6:5e:ec:77:4a:65:b7:8e:06:2f:84: 8c:9a:75:2e:6d:d7:44:06:2d:9f:13:5a:77:9b:33:21 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 28:7f:d8:14:79:9e:82:78:fc:26:da:4b:7f:c6:65:e6: b7:5c:a7:02:e8:5f:a7:bf:c4:97:6f:c2:83:c6:b3:cc: 98:76:be:5f:1b:82:b1:16:63:34:05:f3:00:6f:25:c3: 38:5f:20:79:a8:6f:4d:d5:f2:df:46:c2:ad:d0:89:eb: 85:9c:fc:30:cb:25:e3:e2:bf:c8:ff:20:7f:48:f3:22: e2:bd:99:a6:cc:81:5a:e2:bd:b5:d8:3f:a2:16:99:15: 0e:ac:91:48:d9:af:35:c7:2c:30:55:a6:8b:7f:e7:d4: 27:f3:54:86:49:45:ee:8d:4a:59:f3:5e:15:1d:c8:b1 Fingerprint (SHA-256): C6:FE:4F:FA:81:79:EC:9A:84:A8:7F:36:3E:48:A6:03:32:0F:30:3E:E4:39:B1:6F:C6:3C:F0:87:6C:C8:5B:A5 Fingerprint (SHA1): 78:B9:41:6B:07:17:7B:91:99:6A:E0:8F:0F:27:34:E6:BC:04:92:68 Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7062: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t Root Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. Root [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7063: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t Root - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA1 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025745 (0x1eefb451) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:15:43 2015 Not After : Tue May 19 07:15:43 2020 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ba:55:e2:b2:b7:83:28:ba:3f:3e:ad:fb:43:30:c5:1e: da:5e:64:1b:d3:e5:ca:ea:af:f2:78:53:20:4c:16:9d: de:70:4a:b5:ab:a5:15:1b:53:ec:7e:1b:a2:f7:f1:50: cc:b3:53:49:bf:c4:ce:b7:64:bc:68:e7:fb:2f:8f:f1: 93:98:90:9f:eb:a2:14:20:36:d5:8b:31:12:e7:29:f3: d8:0c:63:db:b8:7d:36:a2:14:e6:56:75:67:5c:7e:f6: 82:08:d3:cf:0a:8e:ce:27:ed:04:74:6e:3f:cf:bd:95: 61:fb:09:bd:9c:bf:31:38:b5:ea:46:26:0d:10:c7:77 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policies Data: Policy Name: User Defined Policy OID Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 38:ab:43:42:ea:db:05:e9:14:7f:bd:ba:ab:98:0b:18: ab:db:29:cf:0e:44:c7:83:8e:64:51:63:fc:3d:90:88: 48:a3:6f:57:d8:af:9e:ec:66:3e:f8:4d:db:78:cb:fd: 89:8a:e7:9a:6f:78:c6:86:50:87:ab:bd:11:a0:7a:25: e1:c6:84:9d:83:98:67:4b:21:a2:4c:f8:13:03:62:0d: ea:0b:9a:e7:df:2b:0a:a3:af:97:65:aa:f0:e1:bd:75: b3:2e:07:32:c3:4d:f7:b7:ce:cb:3a:ed:5e:a2:2a:00: 21:73:e4:ca:55:a0:80:c1:a2:cb:b0:1b:4d:92:85:a1 Fingerprint (SHA-256): C8:46:BF:16:51:E1:5D:07:61:C2:6B:8C:12:23:A5:EB:60:B4:F2:E7:8C:E4:73:52:C8:4B:41:51:06:8E:30:23 Fingerprint (SHA1): B7:D7:12:25:F5:E1:2C:21:44:E2:30:5C:61:96:08:3B:DF:29:6C:3C Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7064: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA1 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. CA1 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7065: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA1 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.0 UserCA3.der -t CA2 Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA2 [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7066: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.0 -t CA2 - PASSED chains.sh: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 vfychain -d AllDB -pp -vv -o OID.1.1 UserCA3.der -t CA2 Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025746 (0x1eefb452) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:15:46 2015 Not After : Tue May 19 07:15:46 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:14:fa:a9:c9:e7:96:f1:1a:c5:92:3c:33:06:ab:86: 52:bf:dc:30:f9:b2:2c:5b:55:97:8b:b4:64:ba:fd:8b: 1a:fe:07:43:6c:ce:9c:8e:1b:e3:5e:55:d0:9d:49:04: d0:a7:44:1b:2b:24:02:85:97:50:41:aa:65:34:80:93: d5:3c:8b:a6:70:59:9f:f5:3c:41:db:b8:d4:df:08:54: 78:29:a5:d5:38:d4:c6:b6:e3:71:1b:37:59:d9:cf:cb: e8:57:34:3c:4c:88:12:e6:08:b9:2e:ca:a8:44:57:fd: c5:98:20:8c:bd:7a:64:f9:84:81:86:df:a1:f9:d7:19 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Name: Certificate Policy Mappings Data: Sequence { Sequence { OID.1.0 User Defined Policy OID } } Name: Certificate Policies Data: Policy Name: OID.1.0 Policy Qualifier Name: PKIX CPS Pointer Qualifier Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 44:07:cf:9a:05:0b:2d:f6:77:27:4a:a3:15:9f:8e:80: a0:8d:b2:96:90:89:60:b0:98:a9:40:19:90:a8:99:3e: ec:22:9d:b9:90:37:0a:b5:9f:0a:99:ac:6f:5f:92:b8: 41:53:f4:49:07:3a:46:4c:43:e5:bf:17:b2:bf:da:80: 97:d5:f0:7f:7e:63:74:78:31:de:8c:83:fd:72:4f:31: 0d:1f:8d:fc:e0:55:c7:d3:c7:f6:a8:ca:1a:84:af:53: f2:4b:df:ad:7e:fc:b7:dd:2c:34:40:93:bf:92:5d:e1: 5c:37:72:0d:32:5a:67:b0:7e:e4:5f:31:f4:6a:40:4b Fingerprint (SHA-256): B7:EB:D9:5A:BF:D8:F7:08:3A:A3:C7:A1:F1:7E:4F:7D:E5:94:FE:8A:D9:3A:33:61:46:D0:CC:06:59:70:EE:9B Fingerprint (SHA1): E1:A2:2C:90:29:34:B9:CB:50:A9:A0:F2:20:8D:15:60:30:34:EE:ED Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #7067: Mapping2: Verifying certificate(s) UserCA3.der with flags -d AllDB -pp -o OID.1.1 -t CA2 - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7068: AIA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025749 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7069: AIA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7070: AIA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7071: AIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7072: AIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025750 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7073: AIA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7074: AIA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7075: AIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7076: AIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025751 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA1Root-519025528.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7077: AIA: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7078: AIA: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB UserDB certutil -N -d UserDB -f UserDB/dbpasswd chains.sh: #7079: AIA: Creating DB UserDB - PASSED chains.sh: Creating EE certifiate request UserReq.der certutil -s "CN=User EE, O=User, C=US" -R -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7080: AIA: Creating EE certifiate request UserReq.der - PASSED chains.sh: Creating certficate UserCA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 519025752 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7081: AIA: Creating certficate UserCA2.der signed by CA2 - PASSED chains.sh: Importing certificate UserCA2.der to UserDB database certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7082: AIA: Importing certificate UserCA2.der to UserDB database - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der vfychain -d UserDB -pp -vv UserCA2.der CA2CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA1 Intermediate,O=CA1,C=US Returned value is 1, expected result is fail chains.sh: #7083: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der vfychain -d UserDB -pp -vv -f UserCA2.der CA2CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025749 (0x1eefb455) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:16:05 2015 Not After : Tue May 19 07:16:05 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 99:9c:d5:e0:19:3b:30:b7:1d:b2:12:e0:69:69:25:29: 91:91:c0:d9:e4:f8:61:be:0f:7a:e2:2c:12:27:1a:67: ab:3a:39:88:0a:2c:a9:52:8b:a2:45:8f:b4:7c:9c:f4: 35:73:9b:0a:5f:26:aa:e7:5d:ae:ea:dd:0f:b0:f8:0f: 5d:6c:e1:86:11:5d:94:89:1e:f1:2d:a8:af:ba:a2:af: 9d:14:c9:75:54:db:14:ae:a0:53:33:b7:65:41:18:05: 8c:fb:5c:a0:83:e0:66:c2:85:e9:bd:83:60:63:41:7c: 3f:af:d4:6d:e8:3f:64:2a:a1:29:0b:f3:58:b8:68:51 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 36:6a:3c:95:0a:ce:b7:30:a3:83:bc:2d:b0:56:ae:85: 55:c8:25:cd:67:f4:43:2a:b6:a2:3f:cb:56:a6:60:85: 7f:3b:2c:4e:77:ad:6f:21:73:55:4e:bc:95:5a:13:8e: 0a:d2:f3:47:4a:33:da:e8:fc:f1:f2:45:a2:c2:ea:5b: 08:28:6b:33:c1:de:e7:d7:08:cd:b4:20:9e:a5:47:bf: d3:92:a9:c0:c9:40:39:b2:de:28:57:d8:74:5b:44:0e: 07:18:2e:24:f4:9b:67:44:23:13:97:c6:35:9c:59:b2: 30:99:c8:f5:54:d2:64:17:e7:e5:4a:51:8b:4a:5d:4b Fingerprint (SHA-256): 6E:19:4A:4D:5D:66:DC:EA:90:A9:22:CB:C8:4F:55:0E:8C:A0:A9:08:5A:7A:23:56:D6:9F:CA:8E:BE:04:41:FF Fingerprint (SHA1): 98:40:2F:FD:D5:C9:89:34:B7:D7:D4:D9:AD:4B:F7:AE:90:01:E2:73 Certificate 1 Subject: "CN=User EE,O=User,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7084: AIA: Verifying certificate(s) UserCA2.der CA2CA1.der with flags -d UserDB -pp -f -t Root.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7085: BridgeWithAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025753 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7086: BridgeWithAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7087: BridgeWithAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7088: BridgeWithAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025754 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7089: BridgeWithAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7090: BridgeWithAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7091: BridgeWithAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7092: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025755 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7093: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7094: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025756 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7095: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7096: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #7097: BridgeWithAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7098: BridgeWithAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7099: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025757 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519025529.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7100: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7101: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7102: BridgeWithAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7103: BridgeWithAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025758 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7104: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7105: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #7106: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025753 (0x1eefb459) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:16:22 2015 Not After : Tue May 19 07:16:22 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bf:33:6f:a3:94:23:66:fc:a8:8d:5d:28:30:a3:98:c6: 39:1c:2b:27:02:17:a1:50:aa:a0:22:4b:f8:9e:c6:3d: 14:07:da:e8:4a:f6:6b:73:21:b7:26:5e:9c:75:cb:11: b7:80:2d:45:8d:00:cb:5d:8f:5b:2a:d5:b2:93:c9:4b: 82:7f:9b:b0:55:0a:74:68:28:3c:b1:35:da:f1:45:9b: 20:db:90:92:06:07:cd:6b:fb:0f:93:ab:57:9f:c9:73: 2a:1a:8a:2a:d0:9a:a3:20:e7:3c:c7:43:25:aa:ed:5c: 4d:a4:f2:06:9a:d6:97:70:c4:b2:46:a6:e9:b9:0a:41 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 2e:f3:32:1c:4b:87:f4:ac:1d:78:03:49:1c:77:58:28: 9c:e3:7f:37:9a:bc:a3:85:a0:cb:1b:5d:71:27:47:e4: fe:57:04:49:bc:58:bc:3d:58:97:77:3b:8c:9e:01:27: c6:43:76:de:9b:1d:72:10:ff:ba:a5:b9:72:53:dd:ca: 73:74:3c:0e:57:81:dc:96:b7:9b:17:be:02:05:16:6a: a3:3a:5e:48:72:61:01:9d:ab:4d:f1:d2:0f:ee:54:96: 31:7f:0d:eb:23:5e:66:ec:4a:15:2c:78:16:5f:67:f6: cc:7c:26:69:c6:09:77:0d:ff:f7:2e:8c:b9:62:07:8a Fingerprint (SHA-256): 38:79:7E:8D:92:10:8B:F0:4D:AF:59:D0:B3:25:D6:5D:76:F6:04:08:89:22:61:15:CC:50:42:64:F9:70:A4:DE Fingerprint (SHA1): FA:B0:85:33:D9:C7:3D:AA:D3:57:7C:3D:AF:9E:66:0F:04:34:D2:00 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7107: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025754 (0x1eefb45a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:25 2015 Not After : Tue May 19 07:16:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:a5:68:6e:71:61:ef:0b:43:fb:3e:ad:d4:fa:1a:a5: c0:47:d4:55:33:a2:7c:36:11:8d:fd:09:35:bf:a2:57: 0f:bb:ed:c5:b3:c2:5a:6a:e8:eb:39:c3:1d:d3:2a:f5: 08:dc:6d:d5:ab:d1:0e:79:0f:24:c8:51:9b:f3:48:bd: 7b:6b:33:b0:9e:f2:74:0e:a9:b3:26:f5:62:c4:96:fb: 93:cd:d1:e6:06:52:e2:7d:43:86:19:f1:80:11:b2:64: c6:77:6e:9d:1f:59:3a:e4:70:09:1d:33:a8:6a:e7:5b: 9e:7b:70:8d:6d:b3:18:6d:1c:a8:3a:42:b2:50:d4:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 32:7a:02:ac:dd:75:69:b3:d1:0f:bc:72:6d:92:26:3d: fa:96:ec:36:37:8c:25:dc:23:5a:cc:50:75:7b:0e:81: 65:79:fc:0e:34:81:16:d1:98:9f:3d:f5:01:43:8c:94: c7:ae:26:b7:1c:14:35:2e:ad:fc:10:0d:20:b2:22:40: f5:e8:fb:e2:c3:72:8d:77:e7:4a:87:7e:4e:79:82:4c: 50:0e:74:98:fa:10:e4:18:e6:c1:69:ce:73:89:7e:b0: 5a:1e:5e:e9:fc:29:1e:d3:3d:df:16:89:69:c7:0c:23: 78:3a:1b:c9:e9:7c:2f:61:c9:a1:29:d8:eb:53:a3:f2 Fingerprint (SHA-256): 2F:C7:4B:1D:FD:AE:AF:59:76:2D:70:FF:99:A4:B0:EB:56:B7:F3:7F:C7:73:0F:A5:27:BB:2E:88:E9:20:C6:94 Fingerprint (SHA1): BC:23:9D:55:02:C6:9D:4A:65:41:CF:13:6D:AB:F3:70:30:25:B2:AB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7108: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025754 (0x1eefb45a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:25 2015 Not After : Tue May 19 07:16:25 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d4:a5:68:6e:71:61:ef:0b:43:fb:3e:ad:d4:fa:1a:a5: c0:47:d4:55:33:a2:7c:36:11:8d:fd:09:35:bf:a2:57: 0f:bb:ed:c5:b3:c2:5a:6a:e8:eb:39:c3:1d:d3:2a:f5: 08:dc:6d:d5:ab:d1:0e:79:0f:24:c8:51:9b:f3:48:bd: 7b:6b:33:b0:9e:f2:74:0e:a9:b3:26:f5:62:c4:96:fb: 93:cd:d1:e6:06:52:e2:7d:43:86:19:f1:80:11:b2:64: c6:77:6e:9d:1f:59:3a:e4:70:09:1d:33:a8:6a:e7:5b: 9e:7b:70:8d:6d:b3:18:6d:1c:a8:3a:42:b2:50:d4:29 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 32:7a:02:ac:dd:75:69:b3:d1:0f:bc:72:6d:92:26:3d: fa:96:ec:36:37:8c:25:dc:23:5a:cc:50:75:7b:0e:81: 65:79:fc:0e:34:81:16:d1:98:9f:3d:f5:01:43:8c:94: c7:ae:26:b7:1c:14:35:2e:ad:fc:10:0d:20:b2:22:40: f5:e8:fb:e2:c3:72:8d:77:e7:4a:87:7e:4e:79:82:4c: 50:0e:74:98:fa:10:e4:18:e6:c1:69:ce:73:89:7e:b0: 5a:1e:5e:e9:fc:29:1e:d3:3d:df:16:89:69:c7:0c:23: 78:3a:1b:c9:e9:7c:2f:61:c9:a1:29:d8:eb:53:a3:f2 Fingerprint (SHA-256): 2F:C7:4B:1D:FD:AE:AF:59:76:2D:70:FF:99:A4:B0:EB:56:B7:F3:7F:C7:73:0F:A5:27:BB:2E:88:E9:20:C6:94 Fingerprint (SHA1): BC:23:9D:55:02:C6:9D:4A:65:41:CF:13:6D:AB:F3:70:30:25:B2:AB Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7109: BridgeWithAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7110: BridgeWithHalfAIA: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025759 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7111: BridgeWithHalfAIA: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7112: BridgeWithHalfAIA: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7113: BridgeWithHalfAIA: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025760 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7114: BridgeWithHalfAIA: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7115: BridgeWithHalfAIA: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7116: BridgeWithHalfAIA: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7117: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 519025761 -7 Bridge@Army < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7118: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army - PASSED chains.sh: Importing certificate BridgeArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7119: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 519025762 -7 Bridge@Navy < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7120: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy - PASSED chains.sh: Importing certificate BridgeNavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7121: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7 chains.sh: #7122: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7123: BridgeWithHalfAIA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7124: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025763 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-Bridge-519025530.p7 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7125: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7126: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7127: BridgeWithHalfAIA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7128: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025764 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7129: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7130: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7131: BridgeWithHalfAIA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7132: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519025765 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-BridgeNavy-519025531.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7133: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7134: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7135: BridgeWithHalfAIA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7136: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025766 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7137: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7138: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der vfychain -d EE1DB -pp -vv EE1CA1.der CA1Bridge.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]: ERROR -8179: Peer's Certificate issuer is not recognized. CN=Bridge Bridge,O=Bridge,C=US Returned value is 1, expected result is fail chains.sh: #7139: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025759 (0x1eefb45f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:16:44 2015 Not After : Tue May 19 07:16:44 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:46:8f:cb:0b:14:05:7b:62:a4:7a:d7:f8:02:2e:76: ab:12:2f:11:54:ea:81:56:00:b3:cf:f9:a5:84:64:77: 0a:5e:74:50:13:78:4d:76:06:6b:7a:75:c7:12:e4:b8: 75:e8:ce:ae:08:f9:72:dd:d8:cd:80:12:b2:be:63:46: 02:b4:32:a3:08:ec:8b:62:33:90:ec:88:1c:37:69:e6: ab:64:c7:3f:57:8d:1e:31:fe:65:c2:21:c7:44:24:bc: c4:c1:35:ce:dd:17:01:68:77:93:db:9f:1e:6b:d0:ef: 4d:38:88:ca:74:05:99:49:8d:0f:6e:39:87:59:a0:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:43:4b:43:fa:d8:d2:1d:15:85:8f:65:90:f6:75:37: cd:73:03:f5:b5:b1:a3:d7:fc:8b:d6:37:36:a3:0f:78: 7f:6a:ef:61:d1:d5:75:5c:89:bc:4e:71:c1:01:1d:4f: cd:f2:6e:e9:bd:cd:05:e9:73:2e:99:09:31:1a:ed:64: d9:aa:fc:7e:c9:08:97:3b:00:76:48:4f:41:eb:04:0f: 73:91:47:06:49:45:d7:26:3d:53:55:ad:6b:06:01:3d: 09:9c:96:6e:26:77:91:fe:b2:b6:43:76:1e:0a:cd:01: 3f:65:31:47:4a:47:d0:ab:80:85:4f:d0:54:6e:8b:6b Fingerprint (SHA-256): 2C:B3:83:7F:4A:C5:E4:9C:17:DA:45:FF:95:92:86:A3:24:15:7C:90:A0:50:AC:24:76:C9:12:84:79:01:08:98 Fingerprint (SHA1): 93:3B:E8:17:09:AB:8A:96:28:5B:7E:93:E3:5B:73:FD:17:B9:15:62 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7140: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025760 (0x1eefb460) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:47 2015 Not After : Tue May 19 07:16:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:9e:d0:1c:05:5a:b3:de:f3:ab:35:0e:40:33:e5:6f: dd:ed:62:87:16:e5:cd:2b:80:d2:ca:cc:54:5b:10:d8: c0:8d:a1:fd:d5:ad:10:06:2d:bd:f7:3e:69:bd:74:2d: 20:a5:21:ad:b8:81:2b:76:4b:3f:b6:f4:f3:5c:a1:e3: 8a:2d:8b:25:fc:2d:6d:68:b6:f6:dd:cb:b9:5b:b6:8b: af:cd:57:79:ba:7e:ac:45:0d:d4:79:2b:4c:70:f4:63: 07:14:5c:8c:d9:91:57:04:ed:a4:7d:d7:09:58:36:19: c1:c0:1b:c0:e5:49:43:6a:3f:2e:ab:ad:76:04:5c:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:8d:f1:d9:3f:5a:34:24:45:7d:28:7e:b8:c8:78:cc: b1:24:f2:3f:48:98:c1:26:f2:83:09:bf:c0:ec:c8:87: 3f:62:d3:26:66:2f:85:05:b5:ed:70:ec:3d:12:e5:9d: 51:13:f2:38:72:8c:68:d5:e4:7b:d7:8c:cf:01:ba:c2: fe:c4:8c:2c:64:9e:14:12:ac:94:c8:b9:90:83:d3:4c: 90:a5:5b:0e:3f:fc:ff:7c:c7:1f:db:1f:f4:ce:08:f0: 6a:c8:8d:62:f2:96:0c:6d:d0:9c:40:dc:88:ce:94:6e: 69:ca:f5:b8:b9:1b:54:9b:15:9f:24:31:91:a4:22:5b Fingerprint (SHA-256): 8A:35:D3:CB:89:19:A3:FF:66:64:E8:01:14:CA:9A:2B:DE:23:99:DC:98:81:0D:54:E3:5E:9C:AE:44:CF:52:34 Fingerprint (SHA1): B2:C2:CD:9E:81:5A:0B:9B:F1:0D:13:BB:8E:0B:72:D9:9A:2B:FC:35 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7141: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE1CA1.der CA1Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025760 (0x1eefb460) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:47 2015 Not After : Tue May 19 07:16:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:9e:d0:1c:05:5a:b3:de:f3:ab:35:0e:40:33:e5:6f: dd:ed:62:87:16:e5:cd:2b:80:d2:ca:cc:54:5b:10:d8: c0:8d:a1:fd:d5:ad:10:06:2d:bd:f7:3e:69:bd:74:2d: 20:a5:21:ad:b8:81:2b:76:4b:3f:b6:f4:f3:5c:a1:e3: 8a:2d:8b:25:fc:2d:6d:68:b6:f6:dd:cb:b9:5b:b6:8b: af:cd:57:79:ba:7e:ac:45:0d:d4:79:2b:4c:70:f4:63: 07:14:5c:8c:d9:91:57:04:ed:a4:7d:d7:09:58:36:19: c1:c0:1b:c0:e5:49:43:6a:3f:2e:ab:ad:76:04:5c:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:8d:f1:d9:3f:5a:34:24:45:7d:28:7e:b8:c8:78:cc: b1:24:f2:3f:48:98:c1:26:f2:83:09:bf:c0:ec:c8:87: 3f:62:d3:26:66:2f:85:05:b5:ed:70:ec:3d:12:e5:9d: 51:13:f2:38:72:8c:68:d5:e4:7b:d7:8c:cf:01:ba:c2: fe:c4:8c:2c:64:9e:14:12:ac:94:c8:b9:90:83:d3:4c: 90:a5:5b:0e:3f:fc:ff:7c:c7:1f:db:1f:f4:ce:08:f0: 6a:c8:8d:62:f2:96:0c:6d:d0:9c:40:dc:88:ce:94:6e: 69:ca:f5:b8:b9:1b:54:9b:15:9f:24:31:91:a4:22:5b Fingerprint (SHA-256): 8A:35:D3:CB:89:19:A3:FF:66:64:E8:01:14:CA:9A:2B:DE:23:99:DC:98:81:0D:54:E3:5E:9C:AE:44:CF:52:34 Fingerprint (SHA1): B2:C2:CD:9E:81:5A:0B:9B:F1:0D:13:BB:8E:0B:72:D9:9A:2B:FC:35 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7142: BridgeWithHalfAIA: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der BridgeArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. CN=EE2 EE,O=EE2,C=US : ERROR -8179: Peer's Certificate issuer is not recognized. CN=CA2 Intermediate,O=CA2,C=US Returned value is 1, expected result is fail chains.sh: #7143: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025759 (0x1eefb45f) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:16:44 2015 Not After : Tue May 19 07:16:44 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: aa:46:8f:cb:0b:14:05:7b:62:a4:7a:d7:f8:02:2e:76: ab:12:2f:11:54:ea:81:56:00:b3:cf:f9:a5:84:64:77: 0a:5e:74:50:13:78:4d:76:06:6b:7a:75:c7:12:e4:b8: 75:e8:ce:ae:08:f9:72:dd:d8:cd:80:12:b2:be:63:46: 02:b4:32:a3:08:ec:8b:62:33:90:ec:88:1c:37:69:e6: ab:64:c7:3f:57:8d:1e:31:fe:65:c2:21:c7:44:24:bc: c4:c1:35:ce:dd:17:01:68:77:93:db:9f:1e:6b:d0:ef: 4d:38:88:ca:74:05:99:49:8d:0f:6e:39:87:59:a0:0d Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 88:43:4b:43:fa:d8:d2:1d:15:85:8f:65:90:f6:75:37: cd:73:03:f5:b5:b1:a3:d7:fc:8b:d6:37:36:a3:0f:78: 7f:6a:ef:61:d1:d5:75:5c:89:bc:4e:71:c1:01:1d:4f: cd:f2:6e:e9:bd:cd:05:e9:73:2e:99:09:31:1a:ed:64: d9:aa:fc:7e:c9:08:97:3b:00:76:48:4f:41:eb:04:0f: 73:91:47:06:49:45:d7:26:3d:53:55:ad:6b:06:01:3d: 09:9c:96:6e:26:77:91:fe:b2:b6:43:76:1e:0a:cd:01: 3f:65:31:47:4a:47:d0:ab:80:85:4f:d0:54:6e:8b:6b Fingerprint (SHA-256): 2C:B3:83:7F:4A:C5:E4:9C:17:DA:45:FF:95:92:86:A3:24:15:7C:90:A0:50:AC:24:76:C9:12:84:79:01:08:98 Fingerprint (SHA1): 93:3B:E8:17:09:AB:8A:96:28:5B:7E:93:E3:5B:73:FD:17:B9:15:62 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7144: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025760 (0x1eefb460) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:47 2015 Not After : Tue May 19 07:16:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:9e:d0:1c:05:5a:b3:de:f3:ab:35:0e:40:33:e5:6f: dd:ed:62:87:16:e5:cd:2b:80:d2:ca:cc:54:5b:10:d8: c0:8d:a1:fd:d5:ad:10:06:2d:bd:f7:3e:69:bd:74:2d: 20:a5:21:ad:b8:81:2b:76:4b:3f:b6:f4:f3:5c:a1:e3: 8a:2d:8b:25:fc:2d:6d:68:b6:f6:dd:cb:b9:5b:b6:8b: af:cd:57:79:ba:7e:ac:45:0d:d4:79:2b:4c:70:f4:63: 07:14:5c:8c:d9:91:57:04:ed:a4:7d:d7:09:58:36:19: c1:c0:1b:c0:e5:49:43:6a:3f:2e:ab:ad:76:04:5c:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:8d:f1:d9:3f:5a:34:24:45:7d:28:7e:b8:c8:78:cc: b1:24:f2:3f:48:98:c1:26:f2:83:09:bf:c0:ec:c8:87: 3f:62:d3:26:66:2f:85:05:b5:ed:70:ec:3d:12:e5:9d: 51:13:f2:38:72:8c:68:d5:e4:7b:d7:8c:cf:01:ba:c2: fe:c4:8c:2c:64:9e:14:12:ac:94:c8:b9:90:83:d3:4c: 90:a5:5b:0e:3f:fc:ff:7c:c7:1f:db:1f:f4:ce:08:f0: 6a:c8:8d:62:f2:96:0c:6d:d0:9c:40:dc:88:ce:94:6e: 69:ca:f5:b8:b9:1b:54:9b:15:9f:24:31:91:a4:22:5b Fingerprint (SHA-256): 8A:35:D3:CB:89:19:A3:FF:66:64:E8:01:14:CA:9A:2B:DE:23:99:DC:98:81:0D:54:E3:5E:9C:AE:44:CF:52:34 Fingerprint (SHA1): B2:C2:CD:9E:81:5A:0B:9B:F1:0D:13:BB:8E:0B:72:D9:9A:2B:FC:35 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7145: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der vfychain -d EE1DB -pp -vv -f EE2CA2.der CA2Bridge.der BridgeArmy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025760 (0x1eefb460) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:16:47 2015 Not After : Tue May 19 07:16:47 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: a5:9e:d0:1c:05:5a:b3:de:f3:ab:35:0e:40:33:e5:6f: dd:ed:62:87:16:e5:cd:2b:80:d2:ca:cc:54:5b:10:d8: c0:8d:a1:fd:d5:ad:10:06:2d:bd:f7:3e:69:bd:74:2d: 20:a5:21:ad:b8:81:2b:76:4b:3f:b6:f4:f3:5c:a1:e3: 8a:2d:8b:25:fc:2d:6d:68:b6:f6:dd:cb:b9:5b:b6:8b: af:cd:57:79:ba:7e:ac:45:0d:d4:79:2b:4c:70:f4:63: 07:14:5c:8c:d9:91:57:04:ed:a4:7d:d7:09:58:36:19: c1:c0:1b:c0:e5:49:43:6a:3f:2e:ab:ad:76:04:5c:7b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 50:8d:f1:d9:3f:5a:34:24:45:7d:28:7e:b8:c8:78:cc: b1:24:f2:3f:48:98:c1:26:f2:83:09:bf:c0:ec:c8:87: 3f:62:d3:26:66:2f:85:05:b5:ed:70:ec:3d:12:e5:9d: 51:13:f2:38:72:8c:68:d5:e4:7b:d7:8c:cf:01:ba:c2: fe:c4:8c:2c:64:9e:14:12:ac:94:c8:b9:90:83:d3:4c: 90:a5:5b:0e:3f:fc:ff:7c:c7:1f:db:1f:f4:ce:08:f0: 6a:c8:8d:62:f2:96:0c:6d:d0:9c:40:dc:88:ce:94:6e: 69:ca:f5:b8:b9:1b:54:9b:15:9f:24:31:91:a4:22:5b Fingerprint (SHA-256): 8A:35:D3:CB:89:19:A3:FF:66:64:E8:01:14:CA:9A:2B:DE:23:99:DC:98:81:0D:54:E3:5E:9C:AE:44:CF:52:34 Fingerprint (SHA1): B2:C2:CD:9E:81:5A:0B:9B:F1:0D:13:BB:8E:0B:72:D9:9A:2B:FC:35 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Returned value is 0, expected result is pass chains.sh: #7146: BridgeWithHalfAIA: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp -f -t Navy.der - PASSED chains.sh: Creating DB ArmyDB certutil -N -d ArmyDB -f ArmyDB/dbpasswd chains.sh: #7147: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB - PASSED chains.sh: Creating Root CA Army certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025767 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7148: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army - PASSED chains.sh: Exporting Root CA Army.der certutil -L -d ArmyDB -r -n Army -o Army.der chains.sh: #7149: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der - PASSED chains.sh: Creating DB NavyDB certutil -N -d NavyDB -f NavyDB/dbpasswd chains.sh: #7150: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB - PASSED chains.sh: Creating Root CA Navy certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025768 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7151: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy - PASSED chains.sh: Exporting Root CA Navy.der certutil -L -d NavyDB -r -n Navy -o Navy.der chains.sh: #7152: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der - PASSED chains.sh: Creating DB CAArmyDB certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd chains.sh: #7153: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB - PASSED chains.sh: Creating Intermediate certifiate request CAArmyReq.der certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US" -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7154: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der - PASSED chains.sh: Creating certficate CAArmyArmy.der signed by Army certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 519025769 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7155: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army - PASSED chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7156: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database - PASSED chains.sh: Creating DB CANavyDB certutil -N -d CANavyDB -f CANavyDB/dbpasswd chains.sh: #7157: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB - PASSED chains.sh: Creating Intermediate certifiate request CANavyReq.der certutil -s "CN=CANavy Intermediate, O=CANavy, C=US" -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7158: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der - PASSED chains.sh: Creating certficate CANavyNavy.der signed by Navy certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 519025770 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7159: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy - PASSED chains.sh: Importing certificate CANavyNavy.der to CANavyDB database certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7160: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database - PASSED chains.sh: Creating DB BridgeDB certutil -N -d BridgeDB -f BridgeDB/dbpasswd chains.sh: #7161: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB - PASSED chains.sh: Creating Bridge certifiate request BridgeReq.der certutil -s "CN=Bridge Bridge, O=Bridge, C=US" -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7162: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der - PASSED chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 519025771 -7 Bridge@CAArmy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.1.1 1 n n n OID.1.1 OID.2.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7163: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy - PASSED chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7164: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database - PASSED chains.sh: Creating certficate BridgeCANavy.der signed by CANavy certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 519025772 -7 Bridge@CANavy --extCP --extPM < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n y OID.2.1 1 n n n OID.2.1 OID.1.1 n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N] Is this a critical extension [y/N]? chains.sh: #7165: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy - PASSED chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7166: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database - PASSED chains.sh: Generating PKCS7 package from BridgeDB database cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7 chains.sh: #7167: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7168: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7169: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 519025773 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.1 1 n y OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7170: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA1Bridge.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7171: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7172: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7173: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Bridge.der signed by Bridge certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 519025774 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.1.0 1 n y OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7174: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge - PASSED chains.sh: Importing certificate CA2Bridge.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7175: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7176: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7177: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025775 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.1 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7178: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7179: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7180: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7181: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025776 --extCP < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === OID.2.0 1 n n n === Enter a CertPolicy Object Identifier (dotted decimal format) or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0 1 - CPS Pointer qualifier 2 - User notice qualifier Any other number to finish Choice: > Enter CPS pointer URI: > Enter another policy qualifier [y/N] Enter another PolicyInformation field [y/N]? Is this a critical extension [y/N]? chains.sh: #7182: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7183: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7184: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025767 (0x1eefb467) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Army ROOT CA,O=Army,C=US" Validity: Not Before: Tue May 19 07:17:17 2015 Not After : Tue May 19 07:17:17 2065 Subject: "CN=Army ROOT CA,O=Army,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c9:23:d4:51:d0:fb:68:70:04:09:a2:73:8d:a6:39:8d: e3:6c:61:23:04:fc:c0:79:07:bc:90:d9:03:b6:d1:9e: 0e:8a:fa:d1:5a:93:03:0c:5d:d7:13:53:ba:d1:c5:7b: ef:81:a1:98:f6:d7:c3:85:67:92:cf:9e:0d:52:2b:fd: 17:d4:4c:03:e1:b9:dc:9d:b8:54:86:23:ec:d5:c1:df: 8d:7e:a9:e5:95:d6:6e:68:1a:22:28:88:6d:95:cc:88: 24:97:eb:8a:5c:1a:58:d7:bd:c9:e6:75:34:bf:1b:8c: 89:a3:09:1d:a9:3f:a7:8a:c4:ce:a7:f5:24:18:2d:4f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 37:93:6a:40:2b:33:cd:19:5c:b4:d0:b1:99:c6:6b:55: 07:c7:82:8a:41:f6:40:c1:ec:e6:41:a9:b5:b9:bc:6b: 1a:23:22:41:ef:74:6a:ce:39:5b:bf:2c:33:ef:08:4c: 1f:9f:5f:0e:1b:d4:d8:0c:07:be:74:1b:0e:ab:4a:8c: 53:fc:9e:70:50:c9:4e:3d:4a:d4:84:0b:e4:c7:78:72: 7a:f1:cf:5e:80:b1:df:df:5c:59:38:ef:1f:c9:ef:9e: 73:40:62:c7:be:7d:01:76:db:d4:df:8d:84:1f:8f:2b: dc:a0:2c:ae:8d:ba:5c:34:63:0a:b0:e8:82:b2:da:d2 Fingerprint (SHA-256): 66:6E:48:17:83:2A:AE:7E:F5:1F:16:35:25:08:F1:B3:47:20:E2:E8:C0:7A:17:DB:51:36:EE:55:90:4F:51:11 Fingerprint (SHA1): ED:D8:CD:0B:04:BA:B9:DA:E4:72:0A:78:FC:2A:C2:5A:37:5B:5D:65 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US" Returned value is 0, expected result is pass chains.sh: #7185: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7186: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7187: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7188: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7189: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7190: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7191: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7192: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7193: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.1.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025768 (0x1eefb468) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Navy ROOT CA,O=Navy,C=US" Validity: Not Before: Tue May 19 07:17:21 2015 Not After : Tue May 19 07:17:21 2065 Subject: "CN=Navy ROOT CA,O=Navy,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e3:88:66:bd:4a:56:19:a6:34:fc:31:e0:f6:a6:cf:37: 37:7f:4b:ae:d1:9a:dc:6d:36:48:83:12:02:2a:79:69: d2:c7:42:8d:50:a2:ab:fc:5d:46:75:d4:c7:9d:f0:d2: aa:6e:d0:45:b2:9c:41:e9:de:a9:b3:95:ea:cd:9a:0a: b7:53:ed:11:97:1e:02:65:57:06:39:7e:17:7e:9d:44: 4e:7f:d2:26:e6:ac:0e:86:b5:69:6a:8a:51:d4:f6:33: 59:56:58:7c:da:36:21:2c:94:72:5c:6f:b6:f1:bf:28: f3:4f:51:ee:33:8a:8f:18:c9:e3:b0:c4:cc:52:f4:a9 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 8a:53:ca:02:cc:a3:31:ee:a9:99:f7:d9:38:98:ff:16: 74:38:72:56:ff:1e:51:70:6e:b0:42:61:29:54:fa:10: 86:05:f1:53:a1:8b:8e:4e:10:a2:72:7b:c2:4e:3d:71: 82:79:69:1a:fb:7a:ec:19:f7:dc:6f:65:6b:39:f0:49: 8c:0f:46:5f:88:5b:53:c8:3c:af:50:8f:f0:09:20:80: 4b:0c:b8:4e:86:af:44:5a:88:98:06:77:2a:61:47:c4: d3:5c:62:03:df:78:d2:a5:f7:a7:e6:7a:a1:67:91:7c: 66:f9:a9:d4:21:21:0e:57:a9:62:ac:91:91:4b:c7:59 Fingerprint (SHA-256): E5:E2:AA:20:07:D5:A6:69:B5:BC:72:17:A5:8A:A0:4C:65:BC:5E:8F:0B:C5:18:D8:04:87:BA:A1:8C:A2:E0:37 Fingerprint (SHA1): 8F:CF:BA:89:54:D1:97:EF:7A:24:AB:18:31:EB:75:48:63:F0:B6:F6 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US" Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US" Returned value is 0, expected result is pass chains.sh: #7194: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.0 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der -t Navy.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7195: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags -pp -o OID.2.1 -t Navy.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der vfychain -pp -vv -o OID.1.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7196: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der vfychain -pp -vv -o OID.1.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7197: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.1.1 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der vfychain -pp -vv -o OID.2.0 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7198: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.0 -t Army.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der vfychain -pp -vv -o OID.2.1 EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der -t Army.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 1, expected result is fail chains.sh: #7199: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s) EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags -pp -o OID.2.1 -t Army.der - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7200: RealCerts: Creating DB AllDB - PASSED chains.sh: Importing certificate TestCA.ca.cert to AllDB database certutil -A -n TestCA.ca -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestCA.ca.cert chains.sh: #7201: RealCerts: Importing certificate TestCA.ca.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser50.cert to AllDB database certutil -A -n TestUser50 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert chains.sh: #7202: RealCerts: Importing certificate TestUser50.cert to AllDB database - PASSED chains.sh: Importing certificate TestUser51.cert to AllDB database certutil -A -n TestUser51 -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert chains.sh: #7203: RealCerts: Importing certificate TestUser51.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalRootCA.cert to AllDB database certutil -A -n PayPalRootCA -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalRootCA.cert chains.sh: #7204: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalICA.cert to AllDB database certutil -A -n PayPalICA -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalICA.cert chains.sh: #7205: RealCerts: Importing certificate PayPalICA.cert to AllDB database - PASSED chains.sh: Importing certificate PayPalEE.cert to AllDB database certutil -A -n PayPalEE -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert chains.sh: #7206: RealCerts: Importing certificate PayPalEE.cert to AllDB database - PASSED chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database certutil -A -n BrAirWaysBadSig -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert chains.sh: #7207: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database - PASSED chains.sh: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser50.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #7208: RealCerts: Verifying certificate(s) TestUser50.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/TestUser51.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Feb 20 16:25:05 2013 Not After : Tue Feb 20 16:25:05 2063 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a: 02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75: 28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c: 90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be: 92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8: e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2: 7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1: cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59: d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa: b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8: 8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2: b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb: be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9: 4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd: 37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65 Fingerprint (SHA-256): E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65 Fingerprint (SHA1): 1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo untain View,ST=California,C=US" Returned value is 0, expected result is pass chains.sh: #7209: RealCerts: Verifying certificate(s) TestUser51.cert with flags -d AllDB -pp - PASSED chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #7210: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.113733.1.7.23.6 - PASSED chains.sh: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp vfychain -d AllDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 0. BrAirWaysBadSig : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is fail chains.sh: #7211: RealCerts: Verifying certificate(s) BrAirWaysBadSig.cert with flags -d AllDB -pp - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7212: DSA: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025777 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7213: DSA: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7214: DSA: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7215: DSA: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7216: DSA: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 519025778 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7217: DSA: Creating certficate CA1Root.der signed by Root - PASSED chains.sh: Importing certificate CA1Root.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7218: DSA: Importing certificate CA1Root.der to CA1DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7219: DSA: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7220: DSA: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 519025779 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7221: DSA: Creating certficate EE1CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE1CA1.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7222: DSA: Importing certificate EE1CA1.der to EE1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7223: DSA: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7224: DSA: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 519025780 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7225: DSA: Creating certficate CA2Root.der signed by Root - PASSED chains.sh: Importing certificate CA2Root.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7226: DSA: Importing certificate CA2Root.der to CA2DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7227: DSA: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7228: DSA: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 519025781 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7229: DSA: Creating certficate EE2CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE2CA2.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7230: DSA: Importing certificate EE2CA2.der to EE2DB database - PASSED chains.sh: Creating DB CA3DB certutil -N -d CA3DB -f CA3DB/dbpasswd chains.sh: #7231: DSA: Creating DB CA3DB - PASSED chains.sh: Creating Intermediate certifiate request CA3Req.der certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7232: DSA: Creating Intermediate certifiate request CA3Req.der - PASSED chains.sh: Creating certficate CA3Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 519025782 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7233: DSA: Creating certficate CA3Root.der signed by Root - PASSED chains.sh: Importing certificate CA3Root.der to CA3DB database certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7234: DSA: Importing certificate CA3Root.der to CA3DB database - PASSED chains.sh: Creating DB EE3DB certutil -N -d EE3DB -f EE3DB/dbpasswd chains.sh: #7235: DSA: Creating DB EE3DB - PASSED chains.sh: Creating EE certifiate request EE3Req.der certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7236: DSA: Creating EE certifiate request EE3Req.der - PASSED chains.sh: Creating certficate EE3CA3.der signed by CA3 certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 519025783 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7237: DSA: Creating certficate EE3CA3.der signed by CA3 - PASSED chains.sh: Importing certificate EE3CA3.der to EE3DB database certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7238: DSA: Importing certificate EE3CA3.der to EE3DB database - PASSED chains.sh: Creating DB CA4DB certutil -N -d CA4DB -f CA4DB/dbpasswd chains.sh: #7239: DSA: Creating DB CA4DB - PASSED chains.sh: Creating Intermediate certifiate request CA4Req.der certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7240: DSA: Creating Intermediate certifiate request CA4Req.der - PASSED chains.sh: Creating certficate CA4Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 519025784 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7241: DSA: Creating certficate CA4Root.der signed by Root - PASSED chains.sh: Importing certificate CA4Root.der to CA4DB database certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7242: DSA: Importing certificate CA4Root.der to CA4DB database - PASSED chains.sh: Creating DB EE4DB certutil -N -d EE4DB -f EE4DB/dbpasswd chains.sh: #7243: DSA: Creating DB EE4DB - PASSED chains.sh: Creating EE certifiate request EE4Req.der certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7244: DSA: Creating EE certifiate request EE4Req.der - PASSED chains.sh: Creating certficate EE4CA4.der signed by CA4 certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 519025785 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7245: DSA: Creating certficate EE4CA4.der signed by CA4 - PASSED chains.sh: Importing certificate EE4CA4.der to EE4DB database certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7246: DSA: Importing certificate EE4CA4.der to EE4DB database - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7247: DSA: Creating DB AllDB - PASSED chains.sh: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE1CA1.der CA1Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025777 (0x1eefb471) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:11 2015 Not After : Tue May 19 07:18:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 6c:ec:01:9e:fb:56:1c:fd:31:8c:23:c9:c6:b4:25:c0: 1b:c7:d2:11:1d:39:62:3d:46:1f:c0:48:60:ac:df:5c: 99:a3:8f:3e:a0:57:ba:da:fa:3e:0d:3b:ef:76:1d:2b: a4:4a:8f:63:b1:e1:28:dd:84:e6:61:c2:49:83:a6:c2: 61:cf:84:33:63:c6:22:e8:76:1e:f0:d5:7d:5a:93:33: 61:3d:c0:2a:91:35:ff:39:10:5c:0e:e0:a2:13:93:d1: f3:fa:d4:46:bd:28:77:46:86:ef:3d:cc:54:5d:6d:38: 60:8c:80:50:3e:d1:d1:b0:40:96:b6:09:35:b0:e9:f1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:00:d4:6d:c4:b0:5d:d6:3b:5b:7a:64:f8: a4:6a:15:90:20:32:ee:d9:02:15:00:8b:d9:53:3f:f5: 2c:0d:e0:31:0f:d7:e2:29:d6:d2:a9:88:9f:ef:bc Fingerprint (SHA-256): 68:3A:7F:0A:CD:83:ED:12:AE:8A:61:B8:79:B5:96:2E:64:C6:2B:FF:DB:FA:56:B0:6E:A3:AB:6B:0D:34:B2:54 Fingerprint (SHA1): 8A:C0:5F:C6:23:F9:69:5A:A2:1F:66:DD:20:8B:0F:04:01:F3:7C:D1 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7248: DSA: Verifying certificate(s) EE1CA1.der CA1Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE2CA2.der CA2Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025777 (0x1eefb471) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:11 2015 Not After : Tue May 19 07:18:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 6c:ec:01:9e:fb:56:1c:fd:31:8c:23:c9:c6:b4:25:c0: 1b:c7:d2:11:1d:39:62:3d:46:1f:c0:48:60:ac:df:5c: 99:a3:8f:3e:a0:57:ba:da:fa:3e:0d:3b:ef:76:1d:2b: a4:4a:8f:63:b1:e1:28:dd:84:e6:61:c2:49:83:a6:c2: 61:cf:84:33:63:c6:22:e8:76:1e:f0:d5:7d:5a:93:33: 61:3d:c0:2a:91:35:ff:39:10:5c:0e:e0:a2:13:93:d1: f3:fa:d4:46:bd:28:77:46:86:ef:3d:cc:54:5d:6d:38: 60:8c:80:50:3e:d1:d1:b0:40:96:b6:09:35:b0:e9:f1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:00:d4:6d:c4:b0:5d:d6:3b:5b:7a:64:f8: a4:6a:15:90:20:32:ee:d9:02:15:00:8b:d9:53:3f:f5: 2c:0d:e0:31:0f:d7:e2:29:d6:d2:a9:88:9f:ef:bc Fingerprint (SHA-256): 68:3A:7F:0A:CD:83:ED:12:AE:8A:61:B8:79:B5:96:2E:64:C6:2B:FF:DB:FA:56:B0:6E:A3:AB:6B:0D:34:B2:54 Fingerprint (SHA1): 8A:C0:5F:C6:23:F9:69:5A:A2:1F:66:DD:20:8B:0F:04:01:F3:7C:D1 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Returned value is 0, expected result is pass chains.sh: #7249: DSA: Verifying certificate(s) EE2CA2.der CA2Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE3CA3.der CA3Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025777 (0x1eefb471) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:11 2015 Not After : Tue May 19 07:18:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 6c:ec:01:9e:fb:56:1c:fd:31:8c:23:c9:c6:b4:25:c0: 1b:c7:d2:11:1d:39:62:3d:46:1f:c0:48:60:ac:df:5c: 99:a3:8f:3e:a0:57:ba:da:fa:3e:0d:3b:ef:76:1d:2b: a4:4a:8f:63:b1:e1:28:dd:84:e6:61:c2:49:83:a6:c2: 61:cf:84:33:63:c6:22:e8:76:1e:f0:d5:7d:5a:93:33: 61:3d:c0:2a:91:35:ff:39:10:5c:0e:e0:a2:13:93:d1: f3:fa:d4:46:bd:28:77:46:86:ef:3d:cc:54:5d:6d:38: 60:8c:80:50:3e:d1:d1:b0:40:96:b6:09:35:b0:e9:f1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:00:d4:6d:c4:b0:5d:d6:3b:5b:7a:64:f8: a4:6a:15:90:20:32:ee:d9:02:15:00:8b:d9:53:3f:f5: 2c:0d:e0:31:0f:d7:e2:29:d6:d2:a9:88:9f:ef:bc Fingerprint (SHA-256): 68:3A:7F:0A:CD:83:ED:12:AE:8A:61:B8:79:B5:96:2E:64:C6:2B:FF:DB:FA:56:B0:6E:A3:AB:6B:0D:34:B2:54 Fingerprint (SHA1): 8A:C0:5F:C6:23:F9:69:5A:A2:1F:66:DD:20:8B:0F:04:01:F3:7C:D1 Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US" Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US" Returned value is 0, expected result is pass chains.sh: #7250: DSA: Verifying certificate(s) EE3CA3.der CA3Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der vfychain -d AllDB -pp -vv EE4CA4.der CA4Root.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025777 (0x1eefb471) Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:11 2015 Not After : Tue May 19 07:18:11 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: ANSI X9.57 DSA Signature Args: 30:82:01:1e:02:81:81:00:98:ef:3a:ae:70:98:9b:44: db:35:86:c1:b6:c2:47:7c:b4:ff:99:e8:ae:44:f2:eb: c3:be:23:0f:65:d0:4c:04:82:90:a7:9d:4a:c8:93:7f: 41:df:f8:80:6b:0b:68:7f:af:e4:a8:b5:b2:99:c3:69: fb:3f:e7:1b:d0:0f:a9:7a:4a:04:bf:50:9e:22:33:b8: 89:53:24:10:f9:68:77:ad:af:10:68:b8:d3:68:5d:a3: c3:eb:72:3b:a0:0b:73:65:c5:d1:fa:8c:c0:7d:aa:52: 29:34:44:01:bf:12:25:fe:18:0a:c8:3f:c1:60:48:db: ad:93:b6:61:67:d7:a8:2d:02:15:00:b5:b0:84:8b:44: 29:f6:33:59:a1:3c:be:d2:7f:35:a1:76:27:03:81:02: 81:80:04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f: 00:04:4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95: f9:9c:f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12: 31:50:82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71: da:9e:57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17: 54:2b:5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8: 83:87:60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10: f4:cb:35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21: a5:10 DSA Public Key: Prime: 98:ef:3a:ae:70:98:9b:44:db:35:86:c1:b6:c2:47:7c: b4:ff:99:e8:ae:44:f2:eb:c3:be:23:0f:65:d0:4c:04: 82:90:a7:9d:4a:c8:93:7f:41:df:f8:80:6b:0b:68:7f: af:e4:a8:b5:b2:99:c3:69:fb:3f:e7:1b:d0:0f:a9:7a: 4a:04:bf:50:9e:22:33:b8:89:53:24:10:f9:68:77:ad: af:10:68:b8:d3:68:5d:a3:c3:eb:72:3b:a0:0b:73:65: c5:d1:fa:8c:c0:7d:aa:52:29:34:44:01:bf:12:25:fe: 18:0a:c8:3f:c1:60:48:db:ad:93:b6:61:67:d7:a8:2d Subprime: b5:b0:84:8b:44:29:f6:33:59:a1:3c:be:d2:7f:35:a1: 76:27:03:81 Base: 04:0e:83:69:f1:cd:7d:e5:0c:78:93:d6:49:6f:00:04: 4e:0e:6c:37:aa:38:22:47:d2:58:ec:83:12:95:f9:9c: f1:f4:27:ff:d7:99:57:35:c6:64:4c:c0:47:12:31:50: 82:3c:2a:07:03:01:ef:30:09:89:82:41:76:71:da:9e: 57:8b:76:38:37:5f:a5:cd:32:84:45:8d:4c:17:54:2b: 5d:c2:6b:ba:3e:a0:7b:95:d7:00:42:f7:08:b8:83:87: 60:e1:e5:f4:1a:54:c2:20:da:38:3a:d1:b6:10:f4:cb: 35:da:97:92:87:d6:a5:37:62:b4:93:4a:15:21:a5:10 PublicValue: 6c:ec:01:9e:fb:56:1c:fd:31:8c:23:c9:c6:b4:25:c0: 1b:c7:d2:11:1d:39:62:3d:46:1f:c0:48:60:ac:df:5c: 99:a3:8f:3e:a0:57:ba:da:fa:3e:0d:3b:ef:76:1d:2b: a4:4a:8f:63:b1:e1:28:dd:84:e6:61:c2:49:83:a6:c2: 61:cf:84:33:63:c6:22:e8:76:1e:f0:d5:7d:5a:93:33: 61:3d:c0:2a:91:35:ff:39:10:5c:0e:e0:a2:13:93:d1: f3:fa:d4:46:bd:28:77:46:86:ef:3d:cc:54:5d:6d:38: 60:8c:80:50:3e:d1:d1:b0:40:96:b6:09:35:b0:e9:f1 Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest Signature: 30:2d:02:14:00:d4:6d:c4:b0:5d:d6:3b:5b:7a:64:f8: a4:6a:15:90:20:32:ee:d9:02:15:00:8b:d9:53:3f:f5: 2c:0d:e0:31:0f:d7:e2:29:d6:d2:a9:88:9f:ef:bc Fingerprint (SHA-256): 68:3A:7F:0A:CD:83:ED:12:AE:8A:61:B8:79:B5:96:2E:64:C6:2B:FF:DB:FA:56:B0:6E:A3:AB:6B:0D:34:B2:54 Fingerprint (SHA1): 8A:C0:5F:C6:23:F9:69:5A:A2:1F:66:DD:20:8B:0F:04:01:F3:7C:D1 Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US" Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US" Returned value is 0, expected result is pass chains.sh: #7251: DSA: Verifying certificate(s) EE4CA4.der CA4Root.der with flags -d AllDB -pp -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7252: Revocation: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7253: Revocation: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7254: Revocation: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #7255: Revocation: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7256: Revocation: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7257: Revocation: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7258: Revocation: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7259: Revocation: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7260: Revocation: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7261: Revocation: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7262: Revocation: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #7263: Revocation: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7264: Revocation: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7265: Revocation: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7266: Revocation: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB EE12DB certutil -N -d EE12DB -f EE12DB/dbpasswd chains.sh: #7267: Revocation: Creating DB EE12DB - PASSED chains.sh: Creating EE certifiate request EE12Req.der certutil -s "CN=EE12 EE, O=EE12, C=US" -R -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7268: Revocation: Creating EE certifiate request EE12Req.der - PASSED chains.sh: Creating certficate EE12CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7269: Revocation: Creating certficate EE12CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE12CA1.der to EE12DB database certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7270: Revocation: Importing certificate EE12CA1.der to EE12DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7271: Revocation: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7272: Revocation: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7273: Revocation: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7274: Revocation: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #7275: Revocation: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7276: Revocation: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7277: Revocation: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7278: Revocation: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519071909Z nextupdate=20160519071909Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 07:19:09 2015 Next Update: Thu May 19 07:19:09 2016 CRL Extensions: chains.sh: #7279: Revocation: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519071909Z nextupdate=20160519071909Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:19:09 2015 Next Update: Thu May 19 07:19:09 2016 CRL Extensions: chains.sh: #7280: Revocation: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519071910Z nextupdate=20160519071910Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:19:10 2015 Next Update: Thu May 19 07:19:10 2016 CRL Extensions: chains.sh: #7281: Revocation: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519071911Z nextupdate=20160519071911Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 07:19:11 2015 Next Update: Thu May 19 07:19:11 2016 CRL Extensions: chains.sh: #7282: Revocation: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 14 issued by CA1 crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519071912Z addcert 14 20150519071912Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:19:12 2015 Next Update: Thu May 19 07:19:10 2016 Entry 1 (0x1): Serial Number: 14 (0xe) Revocation Date: Tue May 19 07:19:12 2015 CRL Extensions: chains.sh: #7283: Revocation: Revoking certificate with SN 14 issued by CA1 - PASSED chains.sh: Revoking certificate with SN 15 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519071913Z addcert 15 20150519071913Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:19:13 2015 Next Update: Thu May 19 07:19:09 2016 Entry 1 (0x1): Serial Number: 15 (0xf) Revocation Date: Tue May 19 07:19:13 2015 CRL Extensions: chains.sh: #7284: Revocation: Revoking certificate with SN 15 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7285: Revocation: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7286: Revocation: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #7287: Revocation: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Importing certificate CA0Root.der to AllDB database certutil -A -n CA0 -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der chains.sh: #7288: Revocation: Importing certificate CA0Root.der to AllDB database - PASSED chains.sh: Importing CRL CA0.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl chains.sh: #7289: Revocation: Importing CRL CA0.crl to AllDB database - PASSED chains.sh: Importing certificate CA1CA0.der to AllDB database certutil -A -n CA1 -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der chains.sh: #7290: Revocation: Importing certificate CA1CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA1.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl chains.sh: #7291: Revocation: Importing CRL CA1.crl to AllDB database - PASSED chains.sh: Importing certificate CA2CA0.der to AllDB database certutil -A -n CA2 -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der chains.sh: #7292: Revocation: Importing certificate CA2CA0.der to AllDB database - PASSED chains.sh: Importing CRL CA2.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl chains.sh: #7293: Revocation: Importing CRL CA2.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:45 2015 Not After : Tue May 19 07:18:45 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:9b:38:8c:cb:dc:cb:1c:0c:07:8c:b2:cf:b0:46:ae: b3:b5:ed:47:47:7c:84:95:aa:96:7f:55:f8:af:d4:10: 01:2f:4d:fb:1b:ff:9b:7e:a8:d3:1c:4d:df:01:7d:71: 74:ee:78:6c:07:a7:65:03:9c:43:d7:4d:af:8d:a0:9a: 56:57:f6:4f:f7:53:c2:e1:8c:c0:6e:f5:6b:f5:9b:fd: ae:16:3f:89:64:a5:d0:46:3c:61:ed:6f:27:3b:28:d8: b6:c6:fe:87:bb:c2:1b:de:87:55:3b:bc:6c:32:e5:9e: aa:7f:3e:3e:57:68:c7:a0:d7:8c:50:c0:ee:30:cb:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:dd:75:49:ab:9a:2c:19:9e:4f:72:da:73:85:86:9c: ea:d0:6d:a2:01:44:be:a5:25:05:4c:7d:ce:7a:ec:d9: 8c:70:9d:92:ee:be:82:0d:b2:f4:61:ad:6e:29:fb:d1: 60:58:ac:ea:48:d5:00:06:64:f5:f3:0a:68:f8:2c:f1: 2a:f8:b1:0b:bf:81:3f:3a:89:47:ec:f3:85:0b:7c:e4: 51:43:21:db:cd:84:e5:ed:88:67:93:49:77:28:92:4d: 48:f9:fb:66:1e:d7:51:9e:3b:06:de:8f:f3:5a:47:82: 57:e2:91:d5:51:00:69:a2:93:2f:7a:a2:55:ae:82:72 Fingerprint (SHA-256): 1E:D8:7D:BB:FB:0C:4A:05:00:91:78:D1:AE:49:4E:1F:C6:80:D7:F8:86:BE:C8:7C:63:64:5A:28:91:46:24:C5 Fingerprint (SHA1): 86:11:16:7A:A7:65:F1:B5:DC:BF:DA:3F:25:EE:14:C9:66:5F:57:5D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7294: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der vfychain -d AllDB -pp -vv -g leaf -m crl EE12CA1.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7295: Revocation: Verifying certificate(s) EE12CA1.der with flags -d AllDB -pp -g leaf -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE11CA1.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:18:45 2015 Not After : Tue May 19 07:18:45 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d9:9b:38:8c:cb:dc:cb:1c:0c:07:8c:b2:cf:b0:46:ae: b3:b5:ed:47:47:7c:84:95:aa:96:7f:55:f8:af:d4:10: 01:2f:4d:fb:1b:ff:9b:7e:a8:d3:1c:4d:df:01:7d:71: 74:ee:78:6c:07:a7:65:03:9c:43:d7:4d:af:8d:a0:9a: 56:57:f6:4f:f7:53:c2:e1:8c:c0:6e:f5:6b:f5:9b:fd: ae:16:3f:89:64:a5:d0:46:3c:61:ed:6f:27:3b:28:d8: b6:c6:fe:87:bb:c2:1b:de:87:55:3b:bc:6c:32:e5:9e: aa:7f:3e:3e:57:68:c7:a0:d7:8c:50:c0:ee:30:cb:65 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3d:dd:75:49:ab:9a:2c:19:9e:4f:72:da:73:85:86:9c: ea:d0:6d:a2:01:44:be:a5:25:05:4c:7d:ce:7a:ec:d9: 8c:70:9d:92:ee:be:82:0d:b2:f4:61:ad:6e:29:fb:d1: 60:58:ac:ea:48:d5:00:06:64:f5:f3:0a:68:f8:2c:f1: 2a:f8:b1:0b:bf:81:3f:3a:89:47:ec:f3:85:0b:7c:e4: 51:43:21:db:cd:84:e5:ed:88:67:93:49:77:28:92:4d: 48:f9:fb:66:1e:d7:51:9e:3b:06:de:8f:f3:5a:47:82: 57:e2:91:d5:51:00:69:a2:93:2f:7a:a2:55:ae:82:72 Fingerprint (SHA-256): 1E:D8:7D:BB:FB:0C:4A:05:00:91:78:D1:AE:49:4E:1F:C6:80:D7:F8:86:BE:C8:7C:63:64:5A:28:91:46:24:C5 Fingerprint (SHA1): 86:11:16:7A:A7:65:F1:B5:DC:BF:DA:3F:25:EE:14:C9:66:5F:57:5D Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7296: Revocation: Verifying certificate(s) EE11CA1.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der vfychain -d AllDB -pp -vv -g chain -m crl EE21CA2.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7297: Revocation: Verifying certificate(s) EE21CA2.der with flags -d AllDB -pp -g chain -m crl -t Root.der - PASSED chains.sh: Creating DB RootDB certutil -N -d RootDB -f RootDB/dbpasswd chains.sh: #7298: CRLDP: Creating DB RootDB - PASSED chains.sh: Creating Root CA Root certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025786 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7299: CRLDP: Creating Root CA Root - PASSED chains.sh: Exporting Root CA Root.der certutil -L -d RootDB -r -n Root -o Root.der chains.sh: #7300: CRLDP: Exporting Root CA Root.der - PASSED chains.sh: Creating DB CA0DB certutil -N -d CA0DB -f CA0DB/dbpasswd chains.sh: #7301: CRLDP: Creating DB CA0DB - PASSED chains.sh: Creating Intermediate certifiate request CA0Req.der certutil -s "CN=CA0 Intermediate, O=CA0, C=US" -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7302: CRLDP: Creating Intermediate certifiate request CA0Req.der - PASSED chains.sh: Creating certficate CA0Root.der signed by Root certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 519025787 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7303: CRLDP: Creating certficate CA0Root.der signed by Root - PASSED chains.sh: Importing certificate CA0Root.der to CA0DB database certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7304: CRLDP: Importing certificate CA0Root.der to CA0DB database - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7305: CRLDP: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025558.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7306: CRLDP: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025532.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7307: CRLDP: Creating certficate CA1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA1CA0.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7308: CRLDP: Importing certificate CA1CA0.der to CA1DB database - PASSED chains.sh: Creating DB EE11DB certutil -N -d EE11DB -f EE11DB/dbpasswd chains.sh: #7309: CRLDP: Creating DB EE11DB - PASSED chains.sh: Creating EE certifiate request EE11Req.der certutil -s "CN=EE11 EE, O=EE11, C=US" -R -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025558.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7310: CRLDP: Creating EE certifiate request EE11Req.der - PASSED chains.sh: Creating certficate EE11CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 519025788 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7311: CRLDP: Creating certficate EE11CA1.der signed by CA1 - PASSED chains.sh: Importing certificate EE11CA1.der to EE11DB database certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7312: CRLDP: Importing certificate EE11CA1.der to EE11DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7313: CRLDP: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025558.crl -1 -1 -1 n n === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7314: CRLDP: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025533.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7315: CRLDP: Creating certficate CA2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate CA2CA0.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7316: CRLDP: Importing certificate CA2CA0.der to CA2DB database - PASSED chains.sh: Creating DB EE21DB certutil -N -d EE21DB -f EE21DB/dbpasswd chains.sh: #7317: CRLDP: Creating DB EE21DB - PASSED chains.sh: Creating EE certifiate request EE21Req.der certutil -s "CN=EE21 EE, O=EE21, C=US" -R -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7318: CRLDP: Creating EE certifiate request EE21Req.der - PASSED chains.sh: Creating certficate EE21CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 519025789 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7319: CRLDP: Creating certficate EE21CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE21CA2.der to EE21DB database certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7320: CRLDP: Importing certificate EE21CA2.der to EE21DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7321: CRLDP: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025558.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7322: CRLDP: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025534.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7323: CRLDP: Creating certficate EE1CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE1CA0.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7324: CRLDP: Importing certificate EE1CA0.der to EE1DB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7325: CRLDP: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der -4 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0-519025558.crl -1 -1 -1 n n === Generating key. This may take a few moments... Enter the type of the distribution point name: 1 - Full Name 2 - Relative Name Any other number to finish Choice: > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Select one of the following for the reason flags 0 - unused 1 - keyCompromise 2 - caCompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold Any other number to finish Choice: > Enter value for the CRL Issuer name: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter another value for the CRLDistributionPoint extension [y/N]? Is this a critical extension [y/N]? chains.sh: #7326: CRLDP: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2CA0.der signed by CA0 certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40 --extAIA < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 1 7 http://localhost.localdomain:9113/localhost-900-CA0Root-519025535.der 0 n n === Enter access method type for Authority Information Access extension: 1 - CA Issuers 2 - OCSP Anyother number to finish Choice > Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Enter data: Select one of the following general name type: 2 - rfc822Name 3 - dnsName 5 - directoryName 7 - uniformResourceidentifier 8 - ipAddress 9 - registerID Any other number to finish Choice: > Add another location to the Authority Information Access extension [y/N] Is this a critical extension [y/N]? chains.sh: #7327: CRLDP: Creating certficate EE2CA0.der signed by CA0 - PASSED chains.sh: Importing certificate EE2CA0.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7328: CRLDP: Importing certificate EE2CA0.der to EE2DB database - PASSED chains.sh: Create CRL for RootDB crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl === Crlutil input data === update=20150519071952Z nextupdate=20160519071952Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" This Update: Tue May 19 07:19:52 2015 Next Update: Thu May 19 07:19:52 2016 CRL Extensions: chains.sh: #7329: CRLDP: Create CRL for RootDB - PASSED chains.sh: Create CRL for CA0DB crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519071953Z nextupdate=20160519071953Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:19:53 2015 Next Update: Thu May 19 07:19:53 2016 CRL Extensions: chains.sh: #7330: CRLDP: Create CRL for CA0DB - PASSED chains.sh: Create CRL for CA1DB crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl === Crlutil input data === update=20150519071954Z nextupdate=20160519071954Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" This Update: Tue May 19 07:19:54 2015 Next Update: Thu May 19 07:19:54 2016 CRL Extensions: chains.sh: #7331: CRLDP: Create CRL for CA1DB - PASSED chains.sh: Create CRL for CA2DB crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl === Crlutil input data === update=20150519071954Z nextupdate=20160519071954Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA2 Intermediate,O=CA2,C=US" This Update: Tue May 19 07:19:54 2015 Next Update: Thu May 19 07:19:54 2016 CRL Extensions: chains.sh: #7332: CRLDP: Create CRL for CA2DB - PASSED chains.sh: Revoking certificate with SN 20 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519071955Z addcert 20 20150519071955Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:19:55 2015 Next Update: Thu May 19 07:19:53 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 07:19:55 2015 CRL Extensions: chains.sh: #7333: CRLDP: Revoking certificate with SN 20 issued by CA0 - PASSED chains.sh: Revoking certificate with SN 40 issued by CA0 crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl === Crlutil input data === update=20150519071956Z addcert 40 20150519071956Z === CRL Info: : Version: 2 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA0 Intermediate,O=CA0,C=US" This Update: Tue May 19 07:19:56 2015 Next Update: Thu May 19 07:19:53 2016 Entry 1 (0x1): Serial Number: 20 (0x14) Revocation Date: Tue May 19 07:19:55 2015 Entry 2 (0x2): Serial Number: 40 (0x28) Revocation Date: Tue May 19 07:19:56 2015 CRL Extensions: chains.sh: #7334: CRLDP: Revoking certificate with SN 40 issued by CA0 - PASSED chains.sh: Creating DB AllDB certutil -N -d AllDB -f AllDB/dbpasswd chains.sh: #7335: CRLDP: Creating DB AllDB - PASSED chains.sh: Importing certificate Root.der to AllDB database certutil -A -n Root -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7336: CRLDP: Importing certificate Root.der to AllDB database - PASSED chains.sh: Importing CRL Root.crl to AllDB database crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl chains.sh: #7337: CRLDP: Importing CRL Root.crl to AllDB database - PASSED chains.sh: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE11CA1.der CA1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025786 (0x1eefb47a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:19:26 2015 Not After : Tue May 19 07:19:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:91:89:25:c8:ef:6e:6c:3c:48:ca:3c:2a:8c:ea:73: c5:47:2b:9c:98:50:9c:fa:d0:84:c6:a5:f8:d9:d4:4e: 8e:2c:4d:9e:73:84:0d:1c:44:bf:0e:56:b2:45:52:94: ec:be:aa:a8:a4:a5:a7:b6:6d:14:03:41:28:92:a2:3b: ff:a2:e6:9f:22:60:63:29:84:19:a1:e9:cf:8f:28:58: c8:10:b3:b4:49:94:31:b3:8a:9f:69:ba:f3:79:a7:fc: 7b:56:1e:74:a6:e3:43:01:e4:f0:07:fc:bf:7b:47:1c: da:4f:47:a7:a5:23:56:fb:f3:f4:db:52:77:bd:0f:03 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c2:2f:c1:49:fe:3d:d7:a8:d9:77:9b:ca:58:10:7c:25: 1d:dc:24:d5:c3:24:1e:1e:16:b7:05:eb:28:f4:38:52: a6:5f:cd:16:09:ff:6b:be:3f:c0:75:57:4b:24:17:79: 9a:5b:d6:91:70:cb:71:6b:1b:f7:24:47:13:d7:43:ae: d8:ef:73:4d:d2:2b:a2:09:1e:7f:1e:8c:6e:ac:73:19: 32:de:87:19:92:be:91:f3:94:b5:23:4f:a8:e9:29:31: 86:1f:43:92:e4:1a:81:fa:c2:21:d3:14:d8:9d:f7:b1: 02:e9:86:85:fb:32:89:c2:3d:ca:81:a4:b6:58:31:a1 Fingerprint (SHA-256): FA:7B:60:2C:1C:92:04:1F:FB:94:32:92:28:72:E6:7D:BF:B9:CF:ED:AF:1B:76:E7:DE:59:DA:1F:E5:59:97:76 Fingerprint (SHA1): 7F:4E:82:89:C3:36:C2:03:32:55:45:54:38:F5:9A:82:9C:91:C8:B7 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US" Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7338: CRLDP: Verifying certificate(s) EE11CA1.der CA1CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g chain -h requireFreshInfo -m crl -f EE21CA2.der CA2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7339: CRLDP: Verifying certificate(s) EE21CA2.der CA2CA0.der with flags -d AllDB -pp -g chain -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE1CA0.der -t Root.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025786 (0x1eefb47a) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Root ROOT CA,O=Root,C=US" Validity: Not Before: Tue May 19 07:19:26 2015 Not After : Tue May 19 07:19:26 2065 Subject: "CN=Root ROOT CA,O=Root,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d1:91:89:25:c8:ef:6e:6c:3c:48:ca:3c:2a:8c:ea:73: c5:47:2b:9c:98:50:9c:fa:d0:84:c6:a5:f8:d9:d4:4e: 8e:2c:4d:9e:73:84:0d:1c:44:bf:0e:56:b2:45:52:94: ec:be:aa:a8:a4:a5:a7:b6:6d:14:03:41:28:92:a2:3b: ff:a2:e6:9f:22:60:63:29:84:19:a1:e9:cf:8f:28:58: c8:10:b3:b4:49:94:31:b3:8a:9f:69:ba:f3:79:a7:fc: 7b:56:1e:74:a6:e3:43:01:e4:f0:07:fc:bf:7b:47:1c: da:4f:47:a7:a5:23:56:fb:f3:f4:db:52:77:bd:0f:03 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: c2:2f:c1:49:fe:3d:d7:a8:d9:77:9b:ca:58:10:7c:25: 1d:dc:24:d5:c3:24:1e:1e:16:b7:05:eb:28:f4:38:52: a6:5f:cd:16:09:ff:6b:be:3f:c0:75:57:4b:24:17:79: 9a:5b:d6:91:70:cb:71:6b:1b:f7:24:47:13:d7:43:ae: d8:ef:73:4d:d2:2b:a2:09:1e:7f:1e:8c:6e:ac:73:19: 32:de:87:19:92:be:91:f3:94:b5:23:4f:a8:e9:29:31: 86:1f:43:92:e4:1a:81:fa:c2:21:d3:14:d8:9d:f7:b1: 02:e9:86:85:fb:32:89:c2:3d:ca:81:a4:b6:58:31:a1 Fingerprint (SHA-256): FA:7B:60:2C:1C:92:04:1F:FB:94:32:92:28:72:E6:7D:BF:B9:CF:ED:AF:1B:76:E7:DE:59:DA:1F:E5:59:97:76 Fingerprint (SHA1): 7F:4E:82:89:C3:36:C2:03:32:55:45:54:38:F5:9A:82:9C:91:C8:B7 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US" Returned value is 0, expected result is pass chains.sh: #7340: CRLDP: Verifying certificate(s) EE1CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der vfychain -d AllDB -pp -vv -g leaf -h requireFreshInfo -m crl -f EE2CA0.der -t Root.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. Root [Certificate Authority]: ERROR -8180: Peer's Certificate has been revoked. ERROR -8180: Peer's Certificate has been revoked. Returned value is 1, expected result is fail chains.sh: #7341: CRLDP: Verifying certificate(s) EE2CA0.der with flags -d AllDB -pp -g leaf -h requireFreshInfo -m crl -f -t Root.der - PASSED chains.sh: Creating DB RootCADB certutil -N -d RootCADB -f RootCADB/dbpasswd chains.sh: #7342: TrustAnchors: Creating DB RootCADB - PASSED chains.sh: Creating Root CA RootCA certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025790 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7343: TrustAnchors: Creating Root CA RootCA - PASSED chains.sh: Exporting Root CA RootCA.der certutil -L -d RootCADB -r -n RootCA -o RootCA.der chains.sh: #7344: TrustAnchors: Exporting Root CA RootCA.der - PASSED chains.sh: Creating DB CA1DB certutil -N -d CA1DB -f CA1DB/dbpasswd chains.sh: #7345: TrustAnchors: Creating DB CA1DB - PASSED chains.sh: Creating Intermediate certifiate request CA1Req.der certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7346: TrustAnchors: Creating Intermediate certifiate request CA1Req.der - PASSED chains.sh: Creating certficate CA1RootCA.der signed by RootCA certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 519025791 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7347: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA - PASSED chains.sh: Importing certificate CA1RootCA.der to CA1DB database certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7348: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database - PASSED chains.sh: Creating DB CA2DB certutil -N -d CA2DB -f CA2DB/dbpasswd chains.sh: #7349: TrustAnchors: Creating DB CA2DB - PASSED chains.sh: Creating Intermediate certifiate request CA2Req.der certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7350: TrustAnchors: Creating Intermediate certifiate request CA2Req.der - PASSED chains.sh: Creating certficate CA2CA1.der signed by CA1 certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 519025792 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7351: TrustAnchors: Creating certficate CA2CA1.der signed by CA1 - PASSED chains.sh: Importing certificate CA2CA1.der to CA2DB database certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7352: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database - PASSED chains.sh: Creating DB EE1DB certutil -N -d EE1DB -f EE1DB/dbpasswd chains.sh: #7353: TrustAnchors: Creating DB EE1DB - PASSED chains.sh: Creating EE certifiate request EE1Req.der certutil -s "CN=EE1 EE, O=EE1, C=US" -R -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7354: TrustAnchors: Creating EE certifiate request EE1Req.der - PASSED chains.sh: Creating certficate EE1CA2.der signed by CA2 certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 519025793 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7355: TrustAnchors: Creating certficate EE1CA2.der signed by CA2 - PASSED chains.sh: Importing certificate EE1CA2.der to EE1DB database certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7356: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database - PASSED chains.sh: Creating DB OtherRootDB certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd chains.sh: #7357: TrustAnchors: Creating DB OtherRootDB - PASSED chains.sh: Creating Root CA OtherRoot certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -m 519025794 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === 5 6 9 n y -1 n 5 6 7 9 n === Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish > Is this a critical extension [y/N]? Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish > Notice: Trust flag u is set automatically if the private key is present. Is this a critical extension [y/N]? chains.sh: #7358: TrustAnchors: Creating Root CA OtherRoot - PASSED chains.sh: Exporting Root CA OtherRoot.der certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der chains.sh: #7359: TrustAnchors: Exporting Root CA OtherRoot.der - PASSED chains.sh: Creating DB OtherIntermediateDB certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd chains.sh: #7360: TrustAnchors: Creating DB OtherIntermediateDB - PASSED chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US" -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === y -1 y === Generating key. This may take a few moments... Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? chains.sh: #7361: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der - PASSED chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 519025795 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7362: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot - PASSED chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7363: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database - PASSED chains.sh: Creating DB EE2DB certutil -N -d EE2DB -f EE2DB/dbpasswd chains.sh: #7364: TrustAnchors: Creating DB EE2DB - PASSED chains.sh: Creating EE certifiate request EE2Req.der certutil -s "CN=EE2 EE, O=EE2, C=US" -R -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === Generating key. This may take a few moments... chains.sh: #7365: TrustAnchors: Creating EE certifiate request EE2Req.der - PASSED chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 519025796 < /builddir/build/BUILD/nss-3.16.2.3/tests_results/security/localhost.1/sharedb/cu_data === Certutil input data === === chains.sh: #7366: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate - PASSED chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der Notice: Trust flag u is set automatically if the private key is present. chains.sh: #7367: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database - PASSED chains.sh: Creating DB DBOnlyDB certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd chains.sh: #7368: TrustAnchors: Creating DB DBOnlyDB - PASSED chains.sh: Importing certificate RootCA.der to DBOnlyDB database certutil -A -n RootCA -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der chains.sh: #7369: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database certutil -A -n CA1 -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der chains.sh: #7370: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025790 (0x1eefb47e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:20:05 2015 Not After : Tue May 19 07:20:05 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:2f:8c:3b:a2:9a:cb:1d:7a:84:4b:56:da:92:01:04: 92:5d:93:79:a2:76:2d:c2:d3:86:54:43:8b:3f:c9:4f: b9:49:ab:6f:48:ab:7b:f8:c5:46:97:2e:81:c4:cd:a6: 54:b0:21:c2:f6:c5:81:b0:49:52:2a:a5:1c:f9:f7:cb: c2:e3:92:2e:5b:24:5b:52:53:2b:a6:ba:b4:0f:93:6e: ae:f6:9e:98:ba:1f:7f:37:2e:73:c8:14:66:85:28:dd: 53:d9:6a:87:1a:40:a9:ca:ab:a0:44:58:b9:81:0b:49: ec:19:fa:f2:f1:91:20:44:87:86:76:d1:f4:ea:ab:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:fc:5f:ad:01:a9:ea:00:28:c9:01:a8:77:29:17:df: 86:7d:68:1c:f1:d1:15:6e:52:ef:be:ef:5f:2c:ea:8c: a5:16:5c:fd:28:80:3d:31:60:06:b1:48:7c:4d:ab:c0: 41:54:d8:39:a9:31:eb:78:25:db:5d:16:88:95:62:96: bf:8a:9c:02:f2:ab:c7:33:bb:07:48:ca:33:e6:56:6e: 56:c2:9f:1e:44:86:9d:cf:d5:c7:d5:04:a8:46:b5:0d: ed:98:0a:34:00:6a:d4:31:16:8d:89:96:0e:c6:20:ca: 04:bd:fd:ec:6a:83:bb:5e:e1:45:09:4a:8e:cf:19:5c Fingerprint (SHA-256): D7:99:07:FA:60:42:8B:FF:47:26:2E:72:48:1D:6F:71:27:07:5B:E9:CE:3B:74:2A:1D:1C:04:0F:FF:C1:6E:7B Fingerprint (SHA1): F5:B0:D1:0E:91:5B:54:1D:46:C6:C9:6F:E6:A1:B2:AC:3E:0F:16:68 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7371: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der vfychain -d DBOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025792 (0x1eefb480) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:20:14 2015 Not After : Tue May 19 07:20:14 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 93:03:6f:32:f2:40:d9:7f:4a:a7:2a:89:40:ec:bb:da: ec:9a:55:cf:b0:7a:a3:e0:74:25:8a:5e:1a:73:7e:22: a8:42:25:f3:39:6b:53:79:da:3d:08:ac:68:5e:40:2a: a5:6d:46:f1:71:7e:a8:cc:48:f5:86:6f:f6:07:c6:d2: 6e:e7:7e:0d:da:e2:b7:2b:c2:89:e1:35:8a:cd:09:2e: 7c:76:a7:4b:ac:e1:ca:6c:42:46:98:cf:c0:10:87:e7: 02:3b:7e:24:c8:8c:03:b3:a9:ef:a0:a0:4d:6b:13:92: f3:f4:59:a0:da:21:54:14:3a:b5:75:0d:b6:75:66:af Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:18:1c:e2:69:7f:91:d8:1f:05:e9:b6:54:7d:dc:69: 3e:1d:96:42:66:a2:d7:fe:f6:10:24:2b:49:15:41:86: 6c:8b:e0:43:2d:d9:ad:61:8d:41:78:a2:ed:a5:e0:2f: f0:87:6a:01:02:af:55:7a:72:4e:1b:88:0d:44:20:07: 3e:82:7d:46:3c:49:90:16:34:0c:52:08:f1:b8:a6:8e: b2:3a:09:9f:9f:0b:37:b0:2b:17:fe:eb:f5:d7:84:d7: 1c:66:41:a0:a1:41:ce:36:c0:e1:28:06:e9:33:f5:cf: 22:57:ee:1f:a7:27:24:6c:78:a7:96:47:a7:00:80:52 Fingerprint (SHA-256): 95:BE:C9:C5:C5:F1:D4:DA:61:F7:0C:23:5B:56:2B:FE:5D:29:F3:B9:3F:E5:F2:78:5F:A7:68:0D:E3:38:0A:86 Fingerprint (SHA1): 9F:7E:F7:80:0F:70:A2:F5:DA:70:CB:97:74:3E:02:51:B3:B0:D8:6B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #7372: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d DBOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA vfychain -d DBOnlyDB -pp -vv EE1CA2.der CA2CA1.der -t RootCA Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025790 (0x1eefb47e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:20:05 2015 Not After : Tue May 19 07:20:05 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:2f:8c:3b:a2:9a:cb:1d:7a:84:4b:56:da:92:01:04: 92:5d:93:79:a2:76:2d:c2:d3:86:54:43:8b:3f:c9:4f: b9:49:ab:6f:48:ab:7b:f8:c5:46:97:2e:81:c4:cd:a6: 54:b0:21:c2:f6:c5:81:b0:49:52:2a:a5:1c:f9:f7:cb: c2:e3:92:2e:5b:24:5b:52:53:2b:a6:ba:b4:0f:93:6e: ae:f6:9e:98:ba:1f:7f:37:2e:73:c8:14:66:85:28:dd: 53:d9:6a:87:1a:40:a9:ca:ab:a0:44:58:b9:81:0b:49: ec:19:fa:f2:f1:91:20:44:87:86:76:d1:f4:ea:ab:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:fc:5f:ad:01:a9:ea:00:28:c9:01:a8:77:29:17:df: 86:7d:68:1c:f1:d1:15:6e:52:ef:be:ef:5f:2c:ea:8c: a5:16:5c:fd:28:80:3d:31:60:06:b1:48:7c:4d:ab:c0: 41:54:d8:39:a9:31:eb:78:25:db:5d:16:88:95:62:96: bf:8a:9c:02:f2:ab:c7:33:bb:07:48:ca:33:e6:56:6e: 56:c2:9f:1e:44:86:9d:cf:d5:c7:d5:04:a8:46:b5:0d: ed:98:0a:34:00:6a:d4:31:16:8d:89:96:0e:c6:20:ca: 04:bd:fd:ec:6a:83:bb:5e:e1:45:09:4a:8e:cf:19:5c Fingerprint (SHA-256): D7:99:07:FA:60:42:8B:FF:47:26:2E:72:48:1D:6F:71:27:07:5B:E9:CE:3B:74:2A:1D:1C:04:0F:FF:C1:6E:7B Fingerprint (SHA1): F5:B0:D1:0E:91:5B:54:1D:46:C6:C9:6F:E6:A1:B2:AC:3E:0F:16:68 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7373: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp -t RootCA - PASSED chains.sh: Creating DB TrustOnlyDB certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd chains.sh: #7374: TrustAnchors: Creating DB TrustOnlyDB - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der CA2CA1.der CA1RootCA.der -t RootCA.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025790 (0x1eefb47e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:20:05 2015 Not After : Tue May 19 07:20:05 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:2f:8c:3b:a2:9a:cb:1d:7a:84:4b:56:da:92:01:04: 92:5d:93:79:a2:76:2d:c2:d3:86:54:43:8b:3f:c9:4f: b9:49:ab:6f:48:ab:7b:f8:c5:46:97:2e:81:c4:cd:a6: 54:b0:21:c2:f6:c5:81:b0:49:52:2a:a5:1c:f9:f7:cb: c2:e3:92:2e:5b:24:5b:52:53:2b:a6:ba:b4:0f:93:6e: ae:f6:9e:98:ba:1f:7f:37:2e:73:c8:14:66:85:28:dd: 53:d9:6a:87:1a:40:a9:ca:ab:a0:44:58:b9:81:0b:49: ec:19:fa:f2:f1:91:20:44:87:86:76:d1:f4:ea:ab:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:fc:5f:ad:01:a9:ea:00:28:c9:01:a8:77:29:17:df: 86:7d:68:1c:f1:d1:15:6e:52:ef:be:ef:5f:2c:ea:8c: a5:16:5c:fd:28:80:3d:31:60:06:b1:48:7c:4d:ab:c0: 41:54:d8:39:a9:31:eb:78:25:db:5d:16:88:95:62:96: bf:8a:9c:02:f2:ab:c7:33:bb:07:48:ca:33:e6:56:6e: 56:c2:9f:1e:44:86:9d:cf:d5:c7:d5:04:a8:46:b5:0d: ed:98:0a:34:00:6a:d4:31:16:8d:89:96:0e:c6:20:ca: 04:bd:fd:ec:6a:83:bb:5e:e1:45:09:4a:8e:cf:19:5c Fingerprint (SHA-256): D7:99:07:FA:60:42:8B:FF:47:26:2E:72:48:1D:6F:71:27:07:5B:E9:CE:3B:74:2A:1D:1C:04:0F:FF:C1:6E:7B Fingerprint (SHA1): F5:B0:D1:0E:91:5B:54:1D:46:C6:C9:6F:E6:A1:B2:AC:3E:0F:16:68 Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7375: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp -t RootCA.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der vfychain -d TrustOnlyDB -pp -vv EE1CA2.der -t CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025792 (0x1eefb480) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CA1 Intermediate,O=CA1,C=US" Validity: Not Before: Tue May 19 07:20:14 2015 Not After : Tue May 19 07:20:14 2020 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 93:03:6f:32:f2:40:d9:7f:4a:a7:2a:89:40:ec:bb:da: ec:9a:55:cf:b0:7a:a3:e0:74:25:8a:5e:1a:73:7e:22: a8:42:25:f3:39:6b:53:79:da:3d:08:ac:68:5e:40:2a: a5:6d:46:f1:71:7e:a8:cc:48:f5:86:6f:f6:07:c6:d2: 6e:e7:7e:0d:da:e2:b7:2b:c2:89:e1:35:8a:cd:09:2e: 7c:76:a7:4b:ac:e1:ca:6c:42:46:98:cf:c0:10:87:e7: 02:3b:7e:24:c8:8c:03:b3:a9:ef:a0:a0:4d:6b:13:92: f3:f4:59:a0:da:21:54:14:3a:b5:75:0d:b6:75:66:af Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 81:18:1c:e2:69:7f:91:d8:1f:05:e9:b6:54:7d:dc:69: 3e:1d:96:42:66:a2:d7:fe:f6:10:24:2b:49:15:41:86: 6c:8b:e0:43:2d:d9:ad:61:8d:41:78:a2:ed:a5:e0:2f: f0:87:6a:01:02:af:55:7a:72:4e:1b:88:0d:44:20:07: 3e:82:7d:46:3c:49:90:16:34:0c:52:08:f1:b8:a6:8e: b2:3a:09:9f:9f:0b:37:b0:2b:17:fe:eb:f5:d7:84:d7: 1c:66:41:a0:a1:41:ce:36:c0:e1:28:06:e9:33:f5:cf: 22:57:ee:1f:a7:27:24:6c:78:a7:96:47:a7:00:80:52 Fingerprint (SHA-256): 95:BE:C9:C5:C5:F1:D4:DA:61:F7:0C:23:5B:56:2B:FE:5D:29:F3:B9:3F:E5:F2:78:5F:A7:68:0D:E3:38:0A:86 Fingerprint (SHA1): 9F:7E:F7:80:0F:70:A2:F5:DA:70:CB:97:74:3E:02:51:B3:B0:D8:6B Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Returned value is 0, expected result is pass chains.sh: #7376: TrustAnchors: Verifying certificate(s) EE1CA2.der with flags -d TrustOnlyDB -pp -t CA2CA1.der - PASSED chains.sh: Creating DB TrustAndDBDB certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd chains.sh: #7377: TrustAnchors: Creating DB TrustAndDBDB - PASSED chains.sh: Importing certificate RootCA.der to TrustAndDBDB database certutil -A -n RootCA -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der chains.sh: #7378: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database certutil -A -n CA1 -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der chains.sh: #7379: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp vfychain -d TrustAndDBDB -pp -vv EE1CA2.der CA2CA1.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025790 (0x1eefb47e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:20:05 2015 Not After : Tue May 19 07:20:05 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:2f:8c:3b:a2:9a:cb:1d:7a:84:4b:56:da:92:01:04: 92:5d:93:79:a2:76:2d:c2:d3:86:54:43:8b:3f:c9:4f: b9:49:ab:6f:48:ab:7b:f8:c5:46:97:2e:81:c4:cd:a6: 54:b0:21:c2:f6:c5:81:b0:49:52:2a:a5:1c:f9:f7:cb: c2:e3:92:2e:5b:24:5b:52:53:2b:a6:ba:b4:0f:93:6e: ae:f6:9e:98:ba:1f:7f:37:2e:73:c8:14:66:85:28:dd: 53:d9:6a:87:1a:40:a9:ca:ab:a0:44:58:b9:81:0b:49: ec:19:fa:f2:f1:91:20:44:87:86:76:d1:f4:ea:ab:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:fc:5f:ad:01:a9:ea:00:28:c9:01:a8:77:29:17:df: 86:7d:68:1c:f1:d1:15:6e:52:ef:be:ef:5f:2c:ea:8c: a5:16:5c:fd:28:80:3d:31:60:06:b1:48:7c:4d:ab:c0: 41:54:d8:39:a9:31:eb:78:25:db:5d:16:88:95:62:96: bf:8a:9c:02:f2:ab:c7:33:bb:07:48:ca:33:e6:56:6e: 56:c2:9f:1e:44:86:9d:cf:d5:c7:d5:04:a8:46:b5:0d: ed:98:0a:34:00:6a:d4:31:16:8d:89:96:0e:c6:20:ca: 04:bd:fd:ec:6a:83:bb:5e:e1:45:09:4a:8e:cf:19:5c Fingerprint (SHA-256): D7:99:07:FA:60:42:8B:FF:47:26:2E:72:48:1D:6F:71:27:07:5B:E9:CE:3B:74:2A:1D:1C:04:0F:FF:C1:6E:7B Fingerprint (SHA1): F5:B0:D1:0E:91:5B:54:1D:46:C6:C9:6F:E6:A1:B2:AC:3E:0F:16:68 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7380: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv EE2OtherIntermediate.der OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025794 (0x1eefb482) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 07:20:22 2015 Not After : Tue May 19 07:20:22 2065 Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e5:5b:cb:c1:63:90:45:c3:f6:c6:c3:7f:57:76:a9:5c: d9:f4:28:a6:59:75:f1:ac:8b:74:f1:b9:61:ef:7c:e9: 2c:25:ef:a0:6c:9b:3c:ed:df:a1:a8:5b:ad:9e:4f:f7: 70:e5:1b:32:23:9b:dd:7c:33:b0:11:55:7b:4a:9a:a9: 05:55:e3:48:ac:a9:65:41:4f:58:57:52:b9:27:ee:46: 63:0d:82:8f:8a:1c:24:1c:d0:4f:d0:b9:59:c3:db:c0: 18:04:57:3a:f9:e2:a6:54:9f:5c:7f:1b:81:3e:d4:60: 92:25:f9:43:30:37:4d:dc:e7:5b:af:2d:ee:ca:3c:3f Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b0:ef:e4:12:46:81:3f:0b:e9:12:7d:bc:4d:26:cc:86: 10:c9:bb:13:1c:0f:1d:7d:70:89:15:55:4c:59:75:14: 96:ab:ae:c6:de:9f:66:e4:6f:86:d7:f2:ef:ec:84:a1: 64:97:a0:c2:01:ca:7c:b6:9a:1d:96:09:af:dd:a1:dc: 4a:d2:34:2b:b4:aa:a8:6b:0c:58:2a:b5:68:9f:45:63: 39:7b:c0:fb:f0:f3:c9:2b:bf:4a:1e:6b:58:55:1c:68: 35:56:87:a0:7b:16:ba:4e:9c:04:dc:3d:5e:cf:e8:23: 97:7f:3a:da:e9:06:57:c8:f4:a7:9d:21:60:f2:62:b7 Fingerprint (SHA-256): 48:0E:B7:39:6A:D0:33:7C:11:4C:4D:FB:E9:FF:A9:F7:C2:E2:7C:E0:20:13:FF:57:8D:54:3F:24:4C:4F:22:3F Fingerprint (SHA1): AA:B1:9C:93:E3:5F:7D:6B:6C:32:E8:8B:E1:61:F9:A9:29:48:05:62 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate ,C=US" Returned value is 0, expected result is pass chains.sh: #7381: TrustAnchors: Verifying certificate(s) EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp -t OtherRoot.der - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der vfychain -d TrustAndDBDB -pp -vv -T EE1CA2.der CA2CA1.der -t OtherIntermediateOtherRoot.der -t OtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025790 (0x1eefb47e) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US" Validity: Not Before: Tue May 19 07:20:05 2015 Not After : Tue May 19 07:20:05 2065 Subject: "CN=RootCA ROOT CA,O=RootCA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e4:2f:8c:3b:a2:9a:cb:1d:7a:84:4b:56:da:92:01:04: 92:5d:93:79:a2:76:2d:c2:d3:86:54:43:8b:3f:c9:4f: b9:49:ab:6f:48:ab:7b:f8:c5:46:97:2e:81:c4:cd:a6: 54:b0:21:c2:f6:c5:81:b0:49:52:2a:a5:1c:f9:f7:cb: c2:e3:92:2e:5b:24:5b:52:53:2b:a6:ba:b4:0f:93:6e: ae:f6:9e:98:ba:1f:7f:37:2e:73:c8:14:66:85:28:dd: 53:d9:6a:87:1a:40:a9:ca:ab:a0:44:58:b9:81:0b:49: ec:19:fa:f2:f1:91:20:44:87:86:76:d1:f4:ea:ab:83 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:fc:5f:ad:01:a9:ea:00:28:c9:01:a8:77:29:17:df: 86:7d:68:1c:f1:d1:15:6e:52:ef:be:ef:5f:2c:ea:8c: a5:16:5c:fd:28:80:3d:31:60:06:b1:48:7c:4d:ab:c0: 41:54:d8:39:a9:31:eb:78:25:db:5d:16:88:95:62:96: bf:8a:9c:02:f2:ab:c7:33:bb:07:48:ca:33:e6:56:6e: 56:c2:9f:1e:44:86:9d:cf:d5:c7:d5:04:a8:46:b5:0d: ed:98:0a:34:00:6a:d4:31:16:8d:89:96:0e:c6:20:ca: 04:bd:fd:ec:6a:83:bb:5e:e1:45:09:4a:8e:cf:19:5c Fingerprint (SHA-256): D7:99:07:FA:60:42:8B:FF:47:26:2E:72:48:1D:6F:71:27:07:5B:E9:CE:3B:74:2A:1D:1C:04:0F:FF:C1:6E:7B Fingerprint (SHA1): F5:B0:D1:0E:91:5B:54:1D:46:C6:C9:6F:E6:A1:B2:AC:3E:0F:16:68 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US" Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US" Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US" Returned value is 0, expected result is pass chains.sh: #7382: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED chains.sh: Creating DB ExplicitDistrustDB certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd chains.sh: #7383: TrustAnchors: Creating DB ExplicitDistrustDB - PASSED chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database certutil -A -n RootCA -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der chains.sh: #7384: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database certutil -A -n CA1 -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der chains.sh: #7385: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database - PASSED chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database certutil -A -n OtherRoot -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der chains.sh: #7386: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database - PASSED chains.sh: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der vfychain -d ExplicitDistrustDB -pp -vv EE1CA2.der CA2CA1.der -t CA1RootCA.der Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CA1 [Certificate Authority]: ERROR -8171: Peer's certificate has been marked as not trusted by the user. Returned value is 1, expected result is fail chains.sh: #7387: TrustAnchors: Verifying certificate(s) EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp -t CA1RootCA.der - PASSED chains.sh: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der vfychain -d ExplicitDistrustDB -pp -vv EE2OtherIntermediate.der -t OtherIntermediateOtherRoot.der Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 519025795 (0x1eefb483) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US" Validity: Not Before: Tue May 19 07:20:26 2015 Not After : Tue May 19 07:20:26 2020 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: b9:8b:a8:4c:38:aa:4f:2e:73:b9:4a:2f:f3:db:84:6b: 11:98:76:3a:9f:13:41:46:e0:6d:bc:f4:e7:aa:6e:be: 62:82:6a:5e:de:46:93:54:32:ba:29:0a:c7:87:07:24: 3f:7e:78:55:8f:6c:d7:98:f6:00:d5:1c:83:cc:86:2e: c5:8d:83:34:ca:7c:f1:b4:1d:26:c5:0a:54:ed:d4:8f: c4:49:d4:b4:be:66:c1:55:92:66:fd:ec:a5:e6:73:4f: e5:9a:48:e0:2e:70:ac:7d:e9:c2:00:42:d9:f7:b6:96: 39:fa:51:27:32:b6:6d:55:68:8c:a6:e9:26:c5:29:6b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with no maximum path length. Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 53:96:5d:75:af:01:85:5d:72:d1:96:cd:4c:0c:1e:74: 02:1d:20:cf:14:4c:e2:90:d4:83:66:4b:2e:1f:2d:54: c5:ca:43:17:fc:c6:4f:a2:3b:1e:34:52:b3:6d:2a:3f: d1:c9:60:28:c9:19:02:07:95:5a:47:62:57:92:80:61: 8c:d1:51:33:38:8d:15:0d:ca:bc:dc:b5:46:32:d6:b1: 38:13:9b:d7:7c:67:74:0d:4d:35:20:a5:76:fe:26:a8: c6:d0:f2:4d:c7:4c:f4:9e:72:32:7e:d5:8d:ea:2d:00: d2:47:58:4a:a6:6b:3c:00:85:82:98:c5:da:12:40:f0 Fingerprint (SHA-256): 52:DA:3D:BF:82:F2:2C:76:C5:11:21:B6:59:90:7E:36:F3:4E:EB:CC:B7:2D:C9:5E:22:C2:CA:38:20:77:D0:BF Fingerprint (SHA1): 62:14:09:8B:B1:79:B4:C9:CA:99:13:23:FB:3C:38:8E:3D:E3:E1:72 Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US" Returned value is 0, expected result is pass chains.sh: #7388: Verifying certificate(s) EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp -t OtherIntermediateOtherRoot.der - PASSED chains.sh: Creating DB trustanchorsDB certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd chains.sh: #7389: TrustAnchors: Creating DB trustanchorsDB - PASSED chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database certutil -A -n NameConstraints.ca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ca.cert chains.sh: #7390: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database certutil -A -n NameConstraints.ncca -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.ncca.cert chains.sh: #7391: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database - PASSED chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database certutil -A -n NameConstraints.dcisscopy -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert chains.sh: #7392: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database - PASSED chains.sh: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7393: TrustAnchors: Verifying certificate(s) NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7394: TrustAnchors: Verifying certificate(s) NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo rnia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #7395: TrustAnchors: Verifying certificate(s) NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7396: TrustAnchors: Verifying certificate(s) NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7397: TrustAnchors: Verifying certificate(s) NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View, ST=California,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST =California,C=US" Returned value is 0, expected result is pass chains.sh: #7398: TrustAnchors: Verifying certificate(s) NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7399: TrustAnchors: Verifying certificate(s) NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7400: TrustAnchors: Verifying certificate(s) NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7401: TrustAnchors: Verifying certificate(s) NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7402: TrustAnchors: Verifying certificate(s) NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U S" Validity: Not Before: Wed Dec 04 01:22:58 2013 Not After : Mon Dec 04 01:22:58 2023 Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C= US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49: 0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03: 7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c: c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4: 0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1: 75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26: 7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f: be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21: a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03: 2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99: b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8: 30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24: fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6: 5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca: f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95 Fingerprint (SHA-256): A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1 Fingerprint (SHA1): 56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S T=California,C=US" Returned value is 0, expected result is pass chains.sh: #7403: TrustAnchors: Verifying certificate(s) NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7404: TrustAnchors: Verifying certificate(s) NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7405: TrustAnchors: Verifying certificate(s) NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 3. NameConstraints.ca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7406: TrustAnchors: Verifying certificate(s) NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8157: Certificate extension not found. Returned value is 1, expected result is fail chains.sh: #7407: TrustAnchors: Verifying certificate(s) NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 2. NameConstraints.ncca [Certificate Authority]: ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7408: TrustAnchors: Verifying certificate(s) NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View, ST=CA,C=US" Validity: Not Before: Sat Jan 04 01:22:59 2014 Not After : Sat Nov 04 01:22:59 2023 Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View ,ST=CA,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28: c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4: 71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04: 4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba: ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9: f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85: 49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34: a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Name Constraints Permitted Subtree: DNS name: ".example" Minimum: 0 (0x0) Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91: 33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89: 3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a: 9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df: 46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b: c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e: 5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd: df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34 Fingerprint (SHA-256): 63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29 Fingerprint (SHA1): 56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif ornia,C=US" Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #7409: TrustAnchors: Verifying certificate(s) NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert Chain is bad! PROBLEM WITH THE CERT CHAIN: CERT 1. NameConstraints.dcisscopy [Certificate Authority]: Email Address(es): igca@sgdn.pm.gouv.fr ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. Returned value is 1, expected result is fail chains.sh: #7410: TrustAnchors: Verifying certificate(s) NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp - PASSED chains.sh: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp vfychain -d trustanchorsDB -pp -vv /builddir/build/BUILD/nss-3.16.2.3/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 998899 (0xf3df3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S T=France,C=FR" Validity: Not Before: Sun Feb 02 17:21:27 2014 Not After : Fri Feb 02 17:21:27 2024 Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris, ST=France,C=FR" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7: bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed: 19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f: 1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54: ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9: b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a: a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66: de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce: 5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf: b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01: 5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10: 10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73: 29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0: e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26: 82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c: 65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9: c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a: b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f: f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43: 2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d: f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3: a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4: 9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04: 82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c: 5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e: bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2: 18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1: f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d: b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db: 9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65: 2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b Fingerprint (SHA-256): C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C Fingerprint (SHA1): 48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55 Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US" Returned value is 0, expected result is pass chains.sh: #7411: TrustAnchors: Verifying certificate(s) NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp - PASSED trying to kill httpserv with PID 13051 at Tue May 19 03:21:03 EDT 2015 kill -USR1 13051 httpserv: normal termination httpserv -b -p 9113 2>/dev/null; httpserv with PID 13051 killed at Tue May 19 03:21:03 EDT 2015 TIMESTAMP chains END: Tue May 19 03:21:04 EDT 2015 SUMMARY: ======== NSS variables: -------------- HOST=localhost DOMSUF=localdomain BUILD_OPT=1 USE_X32= USE_64= NSS_CYCLES="" NSS_TESTS="" NSS_SSL_TESTS="crl bypass_normal normal_bypass fips_normal normal_fips iopr" NSS_SSL_RUN="cov auth stapling stress" NSS_AIA_PATH= NSS_AIA_HTTP= NSS_AIA_OCSP= IOPR_HOSTADDR_LIST= PKITS_DATA= Tests summary: -------------- Passed: 7393 Failed: 18 Failed with core: 0 Unknown status: 0 ~/build/BUILD/nss-3.16.2.3 + popd + killall selfserv_9103 selfserv_9103: no process found + : ++ grep -c FAILED ./tests_results/security/localhost.1/output.log + TEST_FAILURES=18 + '[' 0 -eq 1 ']' + sleep 1 test suite completed + echo 'test suite completed' + exit 0 Processing files: nss-3.16.2.3-5.el7.0.1.armv7hl Provides: config(nss) = 3.16.2.3-5.el7.0.1 libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.10.2) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.1) libnss3.so(NSS_3.11.2) libnss3.so(NSS_3.11.7) libnss3.so(NSS_3.11.9) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.1) libnss3.so(NSS_3.12.10) libnss3.so(NSS_3.12.3) libnss3.so(NSS_3.12.4) libnss3.so(NSS_3.12.5) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.12.7) libnss3.so(NSS_3.12.9) libnss3.so(NSS_3.13) libnss3.so(NSS_3.13.2) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.1) libnss3.so(NSS_3.14.3) libnss3.so(NSS_3.15) libnss3.so(NSS_3.15.4) libnss3.so(NSS_3.16.1) libnss3.so(NSS_3.16.2) libnss3.so(NSS_3.2) libnss3.so(NSS_3.2.1) libnss3.so(NSS_3.3) libnss3.so(NSS_3.3.1) libnss3.so(NSS_3.4) libnss3.so(NSS_3.5) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.7.1) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnss3.so(NSS_3.9.2) libnss3.so(NSS_3.9.3) libnssckbi.so libnssckbi.so(NSS_3.1) libnsspem.so libnsspem.so(NSS_3.1) libsmime3.so libsmime3.so(NSS_3.10) libsmime3.so(NSS_3.12.10) libsmime3.so(NSS_3.12.2) libsmime3.so(NSS_3.13) libsmime3.so(NSS_3.15) libsmime3.so(NSS_3.16) libsmime3.so(NSS_3.2) libsmime3.so(NSS_3.2.1) libsmime3.so(NSS_3.3) libsmime3.so(NSS_3.4) libsmime3.so(NSS_3.4.1) libsmime3.so(NSS_3.6) libsmime3.so(NSS_3.7) libsmime3.so(NSS_3.7.2) libsmime3.so(NSS_3.8) libsmime3.so(NSS_3.9) libsmime3.so(NSS_3.9.3) libssl3.so libssl3.so(NSS_3.11.4) libssl3.so(NSS_3.11.8) libssl3.so(NSS_3.12.10) libssl3.so(NSS_3.12.6) libssl3.so(NSS_3.13) libssl3.so(NSS_3.13.2) libssl3.so(NSS_3.14) libssl3.so(NSS_3.15) libssl3.so(NSS_3.15.4) libssl3.so(NSS_3.2) libssl3.so(NSS_3.2.1) libssl3.so(NSS_3.4) libssl3.so(NSS_3.7.4) nss = 3.16.2.3-5.el7.0.1 nss(armv7hl-32) = 3.16.2.3-5.el7.0.1 Requires(interp): /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): /bin/sh /usr/sbin/update-alternatives Requires(postun): /bin/sh /usr/sbin/update-alternatives Requires(posttrans): /bin/sh Requires: ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libfreebl3.so libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.1) libnss3.so(NSS_3.11.2) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.3) libnss3.so(NSS_3.15) libnss3.so(NSS_3.2) libnss3.so(NSS_3.3) libnss3.so(NSS_3.3.1) libnss3.so(NSS_3.4) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnssdbm3.so libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.12.3) libnssutil3.so(NSSUTIL_3.12.5) libnssutil3.so(NSSUTIL_3.13) libnssutil3.so(NSSUTIL_3.14) libnssutil3.so(NSSUTIL_3.15) libnssutil3.so(NSSUTIL_3.17.1) libplc4.so libplds4.so libpthread.so.0 libpthread.so.0(GLIBC_2.4) libsoftokn3.so libz.so.1 rtld(GNU_HASH) Processing files: nss-tools-3.16.2.3-5.el7.0.1.armv7hl Provides: nss-tools = 3.16.2.3-5.el7.0.1 nss-tools(armv7hl-32) = 3.16.2.3-5.el7.0.1 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.7) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.1) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.12.9) libnss3.so(NSS_3.13) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.1) libnss3.so(NSS_3.15) libnss3.so(NSS_3.16.1) libnss3.so(NSS_3.16.2) libnss3.so(NSS_3.2) libnss3.so(NSS_3.3) libnss3.so(NSS_3.4) libnss3.so(NSS_3.5) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnss3.so(NSS_3.9.2) libnss3.so(NSS_3.9.3) libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.12.7) libnssutil3.so(NSSUTIL_3.15) libplc4.so libplds4.so libpthread.so.0 libpthread.so.0(GLIBC_2.4) libsmime3.so libsmime3.so(NSS_3.10) libsmime3.so(NSS_3.2) libsmime3.so(NSS_3.3) libsmime3.so(NSS_3.4) libsmime3.so(NSS_3.6) libsmime3.so(NSS_3.9.3) libsoftokn3.so libssl3.so libssl3.so(NSS_3.11.8) libssl3.so(NSS_3.12.6) libssl3.so(NSS_3.13.2) libssl3.so(NSS_3.14) libssl3.so(NSS_3.15) libssl3.so(NSS_3.2) libssl3.so(NSS_3.4) libssl3.so(NSS_3.7.4) libz.so.1 rtld(GNU_HASH) Processing files: nss-sysinit-3.16.2.3-5.el7.0.1.armv7hl Provides: libnsssysinit.so nss-sysinit = 3.16.2.3-5.el7.0.1 nss-sysinit(armv7hl-32) = 3.16.2.3-5.el7.0.1 nss-system-init Requires(interp): /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): coreutils sed Requires: /bin/sh ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.14) libplc4.so libplds4.so libpthread.so.0 rtld(GNU_HASH) Processing files: nss-devel-3.16.2.3-5.el7.0.1.armv7hl Provides: nss-devel = 3.16.2.3-5.el7.0.1 nss-devel(armv7hl-32) = 3.16.2.3-5.el7.0.1 nss-static = 3.16.2.3-5.el7.0.1 pkgconfig(nss) = 3.16.2.3 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: /bin/sh /usr/bin/pkg-config pkgconfig(nspr) >= 4.10.6 pkgconfig(nss-util) >= 3.16.2.3 Processing files: nss-pkcs11-devel-3.16.2.3-5.el7.0.1.armv7hl Provides: nss-pkcs11-devel = 3.16.2.3-5.el7.0.1 nss-pkcs11-devel(armv7hl-32) = 3.16.2.3-5.el7.0.1 nss-pkcs11-devel-static = 3.16.2.3-5.el7.0.1 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Processing files: nss-debuginfo-3.16.2.3-5.el7.0.1.armv7hl Provides: nss-debuginfo = 3.16.2.3-5.el7.0.1 nss-debuginfo(armv7hl-32) = 3.16.2.3-5.el7.0.1 Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1 Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm Wrote: /builddir/build/RPMS/nss-3.16.2.3-5.el7.0.1.armv7hl.rpm Wrote: /builddir/build/RPMS/nss-tools-3.16.2.3-5.el7.0.1.armv7hl.rpm Wrote: /builddir/build/RPMS/nss-sysinit-3.16.2.3-5.el7.0.1.armv7hl.rpm Wrote: /builddir/build/RPMS/nss-devel-3.16.2.3-5.el7.0.1.armv7hl.rpm Wrote: /builddir/build/RPMS/nss-pkcs11-devel-3.16.2.3-5.el7.0.1.armv7hl.rpm Wrote: /builddir/build/RPMS/nss-debuginfo-3.16.2.3-5.el7.0.1.armv7hl.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.NODjtV + umask 022 + cd /builddir/build/BUILD + cd nss-3.16.2.3 + /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.16.2.3-5.el7.0.1.arm + exit 0 Child return code was: 0 LEAVE do -->